Hi, everybody
have been trying to solve the problem, but in vain. It is FR 2.0.2
FreeBSD 6.2-RELEASE-p1
When using radtest (or dial up access) there is no Attribute
"CHAP-Password" and the user
is not authenticated, however the same user is authenticated when
connecting via VPN.
What needs to be changed for dial-up to work?
Would be grateful for any comments
Thanks
Slava Shkarupin
Kiev, UA
++++++++++++++++++++++++++++++++++++++++++++++++++
This is -X radtest output for user Olga1 (dial-up attempt gives a
similar result - user is rejected)
rad_recv: Access-Request packet from host 127.0.0.1 port 59528, id=206,
length=56
User-Name = "Olga1"
User-Password = "akrd24bf"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
+- entering group authorize
++[preprocess] returns ok
expand: %A/%{Client-IP-Address}/detail ->
/opt/freeradius/2.0.2/var/log/radius/radacct/127.0.0.1/detail
rlm_detail: %A/%{Client-IP-Address}/detail expands to
/opt/freeradius/2.0.2/var/log/radius/radacct/127.0.0.1/detail
expand: %t -> Sun Jul 6 13:07:03 2008
++[auth_log] returns ok
rlm_pam: pam_auth call.
username: Olga1
username name: User-Name
rlm_pam: received attribute:1.
rlm_pam: received attribute:2.
rlm_pam: received attribute:4.
rlm_pam: received attribute:5.
rlm_pam: cisco_voip_detection enabled
data->chap_password=1,data->special_username=(null),user_name_buff=Olga1
rlm_pam: pam_pass: name = Olga1, passwd = (null)
pam_pass: function pam_authenticate SUCCESS for <Olga1>.
pam_pass: function pam_acct_mgmt SUCCESS for <Olga1>.
pam_pass: received framed_ip_address <192.168.0.65/32>
pam_pass: received nas_command <>
pam_pass: received password for chap <akrd24bf>
pam_pass: authentication result for <Olga1> is 0
rlm_pam: pam_pass return 0 (success).
rlm_pam: received password for chap:akrd24bf
rlm_pam: received password for chap in vp:akrd24bf
++[pam] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "Olga1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
@@@@eap+aouthorize begin
rlm_eap: No EAP-Message, not doing EAP
@@@@eap+aouthorize returns NOOP
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 158
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Chap
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
rlm_chap: Attribute "CHAP-Password" is required for authentication.
++[chap] returns invalid
auth: Failed to validate the user.
Login incorrect: [Olga1/akrd24bf] (from client localhost port 1)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> Olga1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 10 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 10
Sending Access-Reject of id 206 to 127.0.0.1 port 59528
Waking up in 4.9 seconds.
Cleaning up request 10 ID 206 with timestamp +1508
Ready to process requests.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is the real process of connecting through VPN with Radius in -X
mode for the same user - user is authenticated
rad_recv: Access-Request packet from host 127.0.0.1 port 52114, id=58,
length=171
NAS-Identifier = "test-server-1.net.ua"
Acct-Session-Id = "5338180-L-10"
NAS-Port = 10
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "10.1.0.250"
NAS-Port-Id = "vlan310"
User-Name = "Olga1"
CHAP-Challenge =
0xbb1e68637b631b2b9ab0f56a0da47704dd3d76f1babbdcabcdec77f9b1fd0559e1b9bc5c
CHAP-Password = 0x019220c41b166ec97be36327f0e0253d02
+- entering group authorize
++[preprocess] returns ok
expand: %A/%{Client-IP-Address}/detail ->
/opt/freeradius/2.0.2/var/log/radius/radacct/127.0.0.1/detail
rlm_detail: %A/%{Client-IP-Address}/detail expands to
/opt/freeradius/2.0.2/var/log/radius/radacct/127.0.0.1/detail
expand: %t -> Sun Jul 6 12:56:20 2008
++[auth_log] returns ok
rlm_pam: pam_auth call.
username: Olga1
username name: User-Name
rlm_pam: received attribute:32.
rlm_pam: received attribute:44.
rlm_pam: received attribute:5.
rlm_pam: received attribute:61.
rlm_pam: received attribute:6.
rlm_pam: received attribute:7.
rlm_pam: received attribute:31.
rlm_pam: received attribute:87.
rlm_pam: received attribute:1.
rlm_pam: received attribute:60.
rlm_pam: received attribute:3.
rlm_pam: received attribute:4.
rlm_pam: cisco_voip_detection enabled
data->chap_password=1,data->special_username=(null),user_name_buff=Olga1
rlm_pam: pam_pass: name = Olga1, passwd = (null)
pam_pass: function pam_authenticate SUCCESS for <Olga1>.
pam_pass: function pam_acct_mgmt SUCCESS for <Olga1>.
pam_pass: received framed_ip_address <192.168.0.30/32>
pam_pass: received nas_command <>
pam_pass: received password for chap <akrd24bf>
pam_pass: authentication result for <Olga1> is 0
rlm_pam: pam_pass return 0 (success).
rlm_pam: received password for chap:akrd24bf
rlm_pam: received password for chap in vp:akrd24bf
++[pam] returns ok
rlm_chap: Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "Olga1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
@@@@eap+aouthorize begin
rlm_eap: No EAP-Message, not doing EAP
@@@@eap+aouthorize returns NOOP
++[eap] returns noop
++[unix] returns notfound
users: Matched entry DEFAULT at line 158
users: Matched entry DEFAULT at line 179
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Chap
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
rlm_chap: login attempt by "Olga1" with CHAP password
rlm_chap: Using clear text password "akrd24bf" for user Olga1
authentication.
rlm_chap: chap user Olga1 authenticated succesfully
++[chap] returns ok
Login OK: [Olga1/<CHAP-Password>] (from client localhost port 10 cli
10.1.0.250)
+- entering group post-auth
expand:
/opt/freeradius/2.0.2/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
-> /opt/freeradius/2.0.2/var/log/radius/radacct/127.0.0.1/
reply-detail-20080706
rlm_detail:
/opt/freeradius/2.0.2/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to
/opt/freeradius/2.0.2/var/log/radius/radacct/127.0.0.1/reply-detail-20080706
expand: %t -> Sun Jul 6 12:56:20 2008
++[reply_log] returns ok
Sending Access-Accept of id 58 to 127.0.0.1 port 52114
Framed-IP-Address = 192.168.0.30
Framed-IP-Netmask = 255.255.255.255
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 2.
Going to the next request
Waking up in 0.9 seconds.
Waking up in 4.0 seconds.
Cleaning up request 2 ID 58 with timestamp +865
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
