thanks Fajar I've tried : # radtest -t mschap usertest passtest localhost:1812 0 testing123 Sending Access-Request of id 13 to 127.0.0.1 port 1812 User-Name = "usertest" NAS-IP-Address = 10.1.1.28 NAS-Port = 0 MS-CHAP-Challenge = 0x7effa6d1eaf313a9 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000d21d03024f55ebcf8c36dc84 d85ab07e2b6c828184d3f151 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=108 Framed-Compression = Van-Jacobson-TCP-IP Framed-Protocol = PPP Service-Type = Framed-User Framed-MTU = 1500 MS-CHAP-MPPE-Keys = 0x1e3efc59fb2a7c971c0de9b6d1dfe2f56b3d7d1338e5c7ee0000000000000000 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006
then I change my radcheck table : mysql> select * from radcheck; +----+----------+--------------------+----+----------+ | id | username | attribute | op | value | +----+----------+--------------------+----+----------+ | 1 | usertest | Cleartext-Password | := | passtest | +----+----------+--------------------+----+----------+ and tried : # radtest -t mschap usertest passtest localhost:1812 0 testing123 Sending Access-Request of id 149 to 127.0.0.1 port 1812 User-Name = "usertest" NAS-IP-Address = 10.1.1.28 NAS-Port = 0 MS-CHAP-Challenge = 0xf13ba049100393c3 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000733c2565a50ac6d4c28569b9 59eca8a14ef7951536c66172 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=149, length=108 Framed-Compression = Van-Jacobson-TCP-IP Framed-Protocol = PPP Service-Type = Framed-User Framed-MTU = 1500 MS-CHAP-MPPE-Keys = 0x1e3efc59fb2a7c971c0de9b6d1dfe2f56b3d7d1338e5c7ee0000000000000000 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 should I change it to "Cleartext-Password" and op=":=" when it still work with "password" and op="==" ? and why the default value is set to "==" when it suppose to be ":=" ? so sorry, this is the first time I used FreeRADIUS (all this time I use OpenLDAP for authentication) On Mon, 28 Nov 2011 09:08:26 +0700, Fajar A. Nugraha wrote > On Mon, Nov 28, 2011 at 8:29 AM, Bogi Aditya <b...@imtelkom.ac.id> wrote: > > thanks Alan > > > > I found the problem was in the "attribute" field > > where I put "Cleartext-Password" based on the wiki : > > http://wiki.freeradius.org/SQL-HOWTO > > The example should be correct. From > http://wiki.freeradius.org/SQL-HOWTO#Populating+SQL > > mysql> select * from radcheck; > +----+----------------+--------------------+----------------- > -+------+ | id | UserName | Attribute | Value > | Op | +----+----------------+--------------------+--- > ---------------+------+ | 1 | fredf | Cleartext- > Password | wilma | := | | 2 | barney | > Cleartext-Password | betty | := | | 2 | > dialrouter | Cleartext-Password | dialup | := | > +----+----------------+--------------------+------------------+------ > + 3 rows in set (0.01 sec) > > Note how it uses ":=" as op? > > > > > after I changed the value to just "password" > > it works fine now. > > It has different meaning, actually. > > If you use Password (or User-Password) with op "==", you're basically > comparing the attribute User-Password in user request to the one in > the database. It SHOULD work if the request is using PAP, but it > won't work if the request is using MS-CHAPv2 (or some other authentication > protocol that does not send user password as plain text in > User-Password attribute). You can test it with "radtest -t mschap" > (available in newer versions of FR) > > I highly suggest you change it to Cleartext-Password and ":=" > > -- > Fajar ------------------------------- Bogi Aditya Sisfo - IMTelkom Telkom Institute of Management http://bogi.blog.imtelkom.ac.id - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html