Hello all, I have a small (about 400 users) network based on pppoe with freeradius authentication. For the last few days I am trying to switch to CHAP authentication. I've made proper changes to radiusd.conf and pppoe-server to demand CHAP auth from users and here's what I get.
Here's what we've got in the database : RADCHECK : TEST Cleartext-password := TEST987 TEST Auth-Type := CHAP TEST Password == TEST987 READREPLY: TEST Service-Type = Framed TEST Framed-Compression = Van-Jacobson-TCP-IP TEST Framed-MTU = 1492 TEST Framed-IP-Netmask = 255.255.255.0 TEST Framed-IP-Address = 10.100.2.156 TEST Framed-Protocol = ppp TEST Auth-Type := CHAP TEST Password == TEST987 And the error is : a) here's the fragment from the syslog : Sep 26 01:34:37 beta pppd[5311]: Connect: ppp44 <--> eth2 Sep 26 01:34:37 beta pppd[5311]: rc_avpair_new: unknown attribute 60 Sep 26 01:34:47 beta pppd[5311]: Peer TEST failed CHAP authentication b) And fragment from the radius debug mode : rad_recv: Access-Request packet from host 127.0.0.1:3458, id=144, length=88 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "TEST" CHAP-Password = 0xdf6fe5d7a573bff814452731ef01f044df Calling-Station-Id = "00:E0:91:14:52:C3" NAS-IP-Address = 127.0.0.1 NAS-Port = 8 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "attr_filter" returns noop for request 3 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 3 radius_xlat: 'TEST' rlm_sql (sql): sql_set_user escaped user --> 'TEST' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'TEST' and access=1 ? ORDER BY id ' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: '' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'TEST' ORDER BY id ' radius_xlat: '' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 3 rlm_chap: login attempt by "TEST" with CHAP password rlm_chap: Using clear text password "TEST987" for user TEST authentication. rlm_chap: Password check failed modcall[authenticate]: module "chap" returns reject for request 3 modcall: leaving group CHAP (returns reject) for request 3 auth: Failed to validate the user. Login incorrect (rlm_chap: Wrong user password): [TEST/<CHAP-Password>] (from client localhost port 8 cli 00:E0:91:14:52:C3) Delaying request 3 for 1 seconds Finished request 3 Going to the next request -------------- Any ideas ? Thanks a lot for your time and HELP! regards WZ -- Pozdrawiam, Wojciech Ziniewicz Administrator Cebit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html