pap "Cleartext-Password", sql etc...

Wed, 30 Jan 2008 12:37:39 -0800 

When I have (radcheck) attribute `User-Password', authentication
succeeds but we see the following:

rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
  rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
  rlm_chap: Using clear text password "aromaescape" for user
elmaroma_cn3000 authentication.
  rlm_chap: chap user elmaroma_cn3000 authenticated succesfully
++[chap] returns ok

If I change the attribute to `Cleartext-Password', authentication
fails and I see:

rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
+- entering group CHAP
  rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
  rlm_chap: Cleartext-Password is required for authentication
++[chap] returns invalid
auth: Failed to validate the user.
Login incorrect (rlm_chap: Clear text password not available):
[elmaroma_cn3000/<CHAP-Password>] (from client cn3000_aroma port 0 cli
00-02-6F-xx-xx-92)

The "users" file
----------------------
DEFAULT Fall-Through = 1
DEFAULT Service-Type == Framed-User
        Framed-IP-Address = 255.255.255.254,
        Framed-MTU = 576,
        Service-Type = Framed-User,
        Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP
---------------------
authorize {
        preprocess
        chap
        mschap
        suffix
        unix
        files
        sql
        expiration
        logintime
        noresetcounter
        dailycounter
        monthlycounter
        daypasscounter
        pap}
authenticate {
        pap
        chap
        mschap}

Thanks muchly,

Andrew Long
EWS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to