Try to define pap {         auto_header = yes } Quoting James Devine : I'm trying to setup a freeradius server on freebsd7 to authenticate against the local passwd file and seem to be running into some problems. in sites-available/default I setup authorize/authenticate such as: authorize { preprocess chap mschap suffix unix files expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix } and /etc/pam.d/radiusd setup such as: # auth auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so account required pam_login_access.so account required pam_unix.so # session session required pam_permit.so # password password required pam_unix.so no_warn try_first_pass And I get this output: rad_recv: Access-Request packet from host 10.10.10.231 port 57714, id=94, length=96 User-Name = "testuser" Service-Type = Login-User NAS-IP-Address = 10.10.10.140 NAS-Port = 4 Calling-Station-Id = "10.10.10.140" NAS-Port-Type = Virtual User-Password = "testpass" NAS-Port-Id = "tty4" +- entering group authorize {...} [preprocess] hints: Matched DEFAULT at 23 [preprocess] expand: %{Packet-Src-IP-Address} -> 10.10.10.231 [preprocess] expand: %{Packet-Type} -> Access-Request [preprocess] expand: %{Packet-Src-IP-Address} -> 10.10.10.231 [preprocess] expand: %{Packet-Src-IP-Address} -> 10.10.10.231 [preprocess] hints: Matched DEFAULT at 87 [preprocess] hints: Matched DEFAULT at 76 [preprocess] expand: %{Packet-Src-IP-Address} -> 10.10.10.231 [preprocess] expand: %{Packet-Src-IP-Address} -> 10.10.10.231 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[unix] returns updated [files] users: Matched entry DEFAULT at line 2 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "testpass" [pap] Using CRYPT encryption. [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Login incorrect (rlm_pap: CRYPT password check failed): [testuser/testpass] (from client boss1_internal port 4 cli 10.10.10.140) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 94 to 10.10.10.231 port 57714 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 94 with timestamp +10 Ready to process requests. The password is correct, I'm not sure if the CRYPT encryption method is correct because I believe the passwords are stored as md5 hashes in the passwd file, any idea where I may be going wrong? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Links: ------ [1] mailto:fxmul...@gmail.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html