NM posted to quickly, secrets were wrong, fiddling around with Unsupported protocol 'IPv6 Control Protovol' (0x8057) received
after that it should work, will definitively post it up in a howto. Regards On Wed, May 23, 2012 at 3:31 PM, Ali Jawad <ali.ja...@splendor.net> wrote: > Hi again > I did do some more reading and finally got radius to authenticate mschap, > I am using the users file to add users for the time being and no SQL. A > user can authenticate properly > > See > > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 3 ID 100 with timestamp +136 > Ready to process requests. > rad_recv: Access-Request packet from host 127.0.0.1 port 57868, id=101, > length=132 > Service-Type = Framed-User > Framed-Protocol = PPP > User-Name = "test" > MS-CHAP-Challenge = 0x65c4689b30c27f604fcca7ba1370fdba > MS-CHAP2-Response = > 0x31004bfca25ae57e8617e1e2d3cebde289040000000000000000c4cd490b424b34bfa53ad8b65fb786d994c6f647dbdd001a > NAS-IP-Address = 127.0.0.1 > NAS-Port = 0 > # Executing section authorize from file /etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' > ++[mschap] returns ok > ++[digest] returns noop > [suffix] No '@' in User-Name = "test", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > [files] users: Matched entry test at line 76 > ++[files] returns ok > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING: Auth-Type already set. Not setting to PAP > ++[pap] returns noop > Found Auth-Type = MSCHAP > # Executing group from file /etc/raddb/sites-enabled/default > +- entering group MS-CHAP {...} > [mschap] Creating challenge hash with username: test > [mschap] Told to do MS-CHAPv2 for test with NT-Password > [mschap] adding MS-CHAPv2 MPPE keys > ++[mschap] returns ok > # Executing section post-auth from file /etc/raddb/sites-enabled/default > +- entering group post-auth {...} > ++[exec] returns noop > Sending Access-Accept of id 101 to 127.0.0.1 port 57868 > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-IP-Address = 172.16.3.33 > Framed-IP-Netmask = 255.255.255.0 > Framed-Routing = Broadcast-Listen > Framed-Filter-Id = "std.ppp" > Framed-MTU = 1500 > Framed-Compression = Van-Jacobson-TCP-IP > MS-CHAP2-Success = > 0x31533d43303035333346323444353031324334354144323433334634334344343931374636363944453733 > MS-MPPE-Recv-Key = 0x494fa970f9bb475a70b1b37179089b1d > MS-MPPE-Send-Key = 0x546cdc52da0bf3818284fe5e6c48332d > MS-MPPE-Encryption-Policy = 0x00000002 > MS-MPPE-Encryption-Types = 0x00000004 > Finished request 4. > > but I get the following error on the pptpd side > > > May 23 13:30:01 pptp-test-100-13 pppd[7512]: rc_check_reply: received > invalid reply digest from RADIUS server > > Any input please ? > > Regards > > On Wed, May 23, 2012 at 3:17 PM, Matthew Newton <m...@leicester.ac.uk>wrote: > >> On Wed, May 23, 2012 at 02:02:02PM +0200, Alan DeKok wrote: >> > Matthew Newton wrote: >> > > I'm not sure who looks after them now, or if they are maintained. >> > > I've just found radiusclient-ng, which looks more recent, but have >> > > no experience of it. >> > > >> > > But this is all mildly off-topic for FreeRADIUS... >> > >> > radiusclient-ng is no longer developed. >> > >> > It has become freeradius-client. :) See http://freeradius.org >> >> Ah - thanks. I had it on my list to hack at the radiusclient code >> to try and update it. 30 minutes ago, that list entry changed to >> radiusclient-ng. >> >> Looks like I'll be looking at the freeradius-client code instead >> now... if I ever get time! >> >> Cheers, >> >> Matthew >> >> >> -- >> Matthew Newton, Ph.D. <m...@le.ac.uk> >> >> Systems Architect (UNIX and Networks), Network Services, >> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom >> >> For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > *Ali Jawad > * > *Information Systems Manager* > *Splendor Telecom (www.splendor.net) > Beirut, Lebanon > Phone: +9611373725/ext 116 > FAX: +9611375554* > > -- *Ali Jawad * *Information Systems Manager* *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554*
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html