Re: FreeRadius IRC...

Sat, 13 Jan 2007 14:38:27 -0800 

----- Message de [EMAIL PROTECTED] ---------
    Date : Sat, 13 Jan 2007 16:55:50 -0500
     De : Evan Vittitow <[EMAIL PROTECTED]>
Répondre à : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> 
 Objet : Re: FreeRadius IRC...
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> 






I posted an idea and you decided not to reply to my questions !

I suspect that your VPN server doesn't know Microsoft Radius
attributes and refuses to send them to the radius server. I've tested
a bad setup (lack of Microsoft radius dictionary), and I get the same
radiusd -X debug log: no MS-CHAP Challenge in the request...

I've ensured thet /etc/radiusclient/ and /etc/raddb have the same
dictionary. (dictionary and dictionary.microsoft,.)


I asked "have you checked possible error messages in /var/log/messages
 " on the vpn server ?
To be more specific, look for the following lines in you log file:
" rc_avpair_new: unknown attribute"


No such error messages appear on my Radius Server.



This error is to be seen on the PPPd server, not on the Freeradius  
server. It is an error from the PPPd radius plugin (in fact the  
radiusclient library).



I had them once when
I tried to change the dictionary to the one in /usr/share/freeradius,
but I imported the official dictionary.microsoft one and they went away.



Curiuous, I never had to change the microsoft dictionary from the  
official Freeradius distribution !!!



If you see such lines it might be that your radiusclient library (used
by the PPPd plugin on your VPN server) doesn't understand the
Microsoft attributes (for instance the MS-CHAP Challenge). Thus, the
PPPd radius plugin doesn't send these attributes that are required for
Freeradius to do MS-CHAP authentication.

Could you really check that your dictionnary file on the VPN server
side contains a line like:
INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft

and check the content of this file...

HTH,
Thibault


I found A possible culprit.

Jan 13 16:54:41 kurama pppd[11364]: rc_avpair_new: unknown attribute 11
Jan 13 16:54:41 kurama pppd[11364]: rc_avpair_new: unknown attribute 25




This is not a possible culprit: This IS THE CULPRIT, and it confirms  
my diagnostic.


On your PPPd server, you have to update you:

* add a dictionary/microsoft file on the radiusclient dictionary  
directory (/etc/radiusclient or /usr/share/radiusclient-ng depending  
on your distro).
* modify the dictionary file in this directory to INCLUDE this file  
(see below).


Then your authentication should work fine.

Let me know...

Thibault



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





















					Reply via email to