>> Hello, I am using a perl script to authenticate my users for hotspots >> with >> freeradius. >> I got no problem regarding to it. >> Now i planned to move my existing vpn server to freeradius also.. >> Read some howtos about it (with poptop mostly) > > Perhaps reading freeradius documentation if you are to use freeradius > would be better? If you read the main README file you could avoid most of > your problems.
The documents i mentioned above was about pptp installation not freeradius itself. Sure i read docs about freeradius also. Even your main README file.!! > >> Here is how my perl script works.. When it gets a username/pass it >> checks >> it via an xml page and if it is correct it adds the username to mysql >> table with auth-type == local parameter. > > Which is wrong. Don't add Auth-Type, add the Cleartext-Password. > It was for my perl module. Which seems unnecessary for mschaps as i see. So i already removed it. >> When second time this user tries >> to login it just checks the password. > > How? You don't have password stored in radcheck table. > To make it clear.. My users passwords are stored in another system. So practically i got no chance to have them on mysql of freeradius. Thats why in my previous system (which still works for hotspot authentications) I was using a perl module to connect to an xml service and check if the username/password is correct (I was just sending usrname/password couple and the answer is returning as ok or not.), and if it is ok, add the username/ name/email address and other informational knowledges of the user to a mysql table which is not relative to our subject now. And everytime user logs on, that perl script checks for the password again via xml page. So i got no passwords in mysql at all. >> So I got Auth-Type parameter for >> users in mysql. > > Remove it. > >> freeradius: >> rad_recv: Access-Request packet from host 127.0.0.1 port 33646, id=29, >> length=138 >> Service-Type = Framed-User >> Framed-Protocol = PPP >> User-Name = "7798" >> MS-CHAP-Challenge = 0xf42766132ee2e3d828c770c460e8588e >> MS-CHAP2-Response = >> 0x44006948a59f2dbc8c838083bdea3e846fc300000000000000003f4aeadca9c80f730fd668686d8eac96570d941da2b4c2fd >> Calling-Station-Id = ".931" >> NAS-IP-Address = 192.168.10.213 >> NAS-Port = 0 >> auth: No authenticate method (Auth-Type) configuration found for the >> request: Rejecting the user >> auth: Failed to validate the user. >> Login incorrect: [7798/<no User-Password attribute>] (from client >> localhost port 0 cli .931) >> Found Post-Auth-Type Reject >> WARNING: Unknown value specified for Post-Auth-Type. Cannot perform >> requested action. >> >> freeradius config >> server vpn { >> authorize { >> preprocess >> files >> mschap >> update control { >> Auth-Type := perl >> } >> perl >> } >> >> authenticate { >> >> >> Auth-Type MS-CHAP { >> mschap >> } >> Auth-Type Perl { >> perl >> } >> } > > Freeradius processes default virtual server by default (it looks like you > have removed that one - why?). You haven't told it to use vpn default > server. > There were some other virtual servers running on that freeradius server, Just removed them for my test purposes. So nothing special about removing default server. > Your plan won't work. You have to know the password in advance to > authenticate users with mschap. You can't extract the password from the > request when user first time logs in. You can with pap but not with mschap > - that's the whole point of that protocol. > So as i understand, the only way that mschap works is to keep username/passwords on mysql (or file) right? I can not use perl module to return a "user is ok" msg and make it work. > Ivan Kalik > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html