Re: Fw: Help needed with MS-CHAP
Alan: Thank you very much for your reply. Please do not get mad at me. I have understood that Radius itself can not authenticate MS-CHAP passwords; my question then is what can I do with those passwords. I have seen examples of authenticating these passwords against a Windows server. Is there any other ways to authenticate these passwords? Thank you, Charles - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Saturday, February 25, 2006 11:55 AM Subject: Re: Fw: Help needed with MS-CHAP "Charles Blake" <[EMAIL PROTECTED]> wrote: I just want to know what happens when Radius receives a request with a MS-CHAP password, how it authenticates the user? It doesn't. How many times do I have to say it's impossible before you will believe me? It's impossible. Stop trying to make it work, and stop asking questions about it. It's impossible. Honestly, it's impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fw: Help needed with MS-CHAP
I am sorry. I just want to know what happens when Radius receives a request with a MS-CHAP password, how it authenticates the user? Thank you, Charles - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Friday, February 24, 2006 10:52 AM Subject: Re: Help needed with MS-CHAP "Charles Blake" <[EMAIL PROTECTED]> wrote: I just want to authenticate MS-CHAPv2 passwords. My question is: Where do I have those passwords in my Linux server? I've been trying to say you don't. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS-CHAP
I am not trying to do that. I just want to authenticate MS-CHAPv2 passwords. My question is: Where do I have those passwords in my Linux server? Thank you, Charles - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Thursday, February 23, 2006 6:34 PM Subject: Re: Help needed with MS-CHAP "Charles Blake" <[EMAIL PROTECTED]> wrote: I need now to authenticate MS-CHAPv2 passwords. I have been looking everywhere, FAQ, googled and I have not found where to against to authenticate. User file? MySQL? Anywhere that will give you the clear-text passwords. And no, you can't convert shadow file entries into clear-text passwords. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS-CHAP
Alan: Thank you very much for your reply. I have been using Radius for many years, but always authenticating against shadow passwords. I need now to authenticate MS-CHAPv2 passwords. I have been looking everywhere, FAQ, googled and I have not found where to against to authenticate. User file? MySQL? Where do I have to create de user/password pairs so radius can authenticate these users with MS-CHAPv2 passwords? Thenk you very much for your help. Charles - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Thursday, February 23, 2006 4:40 PM Subject: Re: Help needed with MS-CHAP "Charles Blake" <[EMAIL PROTECTED]> wrote: I am trying to set up a freeradius-1.1.0 server for authenticating users using MS-CHAP passwords. I pretend to authenticate users against shadow. It's impossible to use /etc/shadow and MS-CHAP. See the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed with MS-CHAP
Dear friends: I am trying to set up a freeradius-1.1.0 server for authenticating users using MS-CHAP passwords. I pretend to authenticate users against shadow. I am using the default radius.conf and users files. I have included the microsoft dictionary in radiusclient.conf file. radtest shows ok: # radtest mts mypassword localhost 0 testing123 Sending Access-Request of id 160 to 127.0.0.1 port 1812 User-Name = "mts" User-Password = "mypassword" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=160, length=20 But when I try to authenticate an user using MS-CHAP, I am getting this output: rad_recv: Access-Request packet from host 127.0.0.1:1027, id=5, length=146 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "mts" MS-CHAP-Challenge = 0x6b61b1ed954a289c0fa3aebedc329ac6 MS-CHAP2-Response = 0x8f0001684e1d34295e1232edb0682bd04e6e2caaa9579823e00501812d3e2dce9225b7dd251c02e1fd89 Calling-Station-Id = "172.16.255.11" NAS-IP-Address = 192.168.181.254 NAS-Port = 0 Wed Feb 22 20:47:07 2006 : Debug: Processing the authorize section of radiusd.conf Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group authorize for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "mschap" returns ok for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_realm: No '@' in User-Name = "mts", looking up realm NULL Wed Feb 22 20:47:07 2006 : Debug: rlm_realm: No such realm "NULL" Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_eap: No EAP-Message, not doing EAP Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line 152 Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line 171 Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line 183 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "files" returns ok for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall: leaving group authorize (returns ok) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rad_check_password: Found Auth-Type MS-CHAP Wed Feb 22 20:47:07 2006 : Debug: auth: type "MS-CHAP" Wed Feb 22 20:47:07 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group MS-CHAP for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authenticate]: calling mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create LM-Password. Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create NT-Password. Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: Told to do MS-CHAPv2 for mts with NT-Password Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Wed Feb 22 20:47:07 2006 : Debug: modsingle[authenticate]: returned from mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authenticate]: module "mschap" returns reject for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall: leaving group MS-CHAP
Help needed with MS-CHAP
Dear friends: I am trying to set up a freeradius-1.1.0 server for authenticating users using MS-CHAP passwords. I pretend to authenticate users against shadow. I am using the default radius.conf and users files. I have included the microsoft dictionary in radiusclient.conf file. radtest shows ok: # radtest mts mypassowrd localhost 0 testing123 Sending Access-Request of id 160 to 127.0.0.1 port 1812 User-Name = "mts" User-Password = "rfhs1229" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=160, length=20 But when I try to authenticate an user using MS-CHAP, I am getting this output: rad_recv: Access-Request packet from host 127.0.0.1:1027, id=5, length=146 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "mts" MS-CHAP-Challenge = 0x6b61b1ed954a289c0fa3aebedc329ac6 MS-CHAP2-Response = 0x8f0001684e1d34295e1232edb0682bd04e6e2caaa9579823e00501812d3e2dce9225b7dd251c02e1fd89 Calling-Station-Id = "172.16.255.11" NAS-IP-Address = 192.168.181.254 NAS-Port = 0 Wed Feb 22 20:47:07 2006 : Debug: Processing the authorize section of radiusd.conf Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group authorize for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "mschap" returns ok for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_realm: No '@' in User-Name = "mts", looking up realm NULL Wed Feb 22 20:47:07 2006 : Debug: rlm_realm: No such realm "NULL" Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_eap: No EAP-Message, not doing EAP Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "eap" returns noop for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line 152 Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line 171 Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line 183 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "files" returns ok for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall: leaving group authorize (returns ok) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rad_check_password: Found Auth-Type MS-CHAP Wed Feb 22 20:47:07 2006 : Debug: auth: type "MS-CHAP" Wed Feb 22 20:47:07 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group MS-CHAP for request 0 Wed Feb 22 20:47:07 2006 : Debug: modsingle[authenticate]: calling mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create LM-Password. Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create NT-Password. Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: Told to do MS-CHAPv2 for mts with NT-Password Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Wed Feb 22 20:47:07 2006 : Debug: modsingle[authenticate]: returned from mschap (rlm_mschap) for request 0 Wed Feb 22 20:47:07 2006 : Debug: modcall[authenticate]: module "mschap" returns reject for request 0 Wed Feb 22 20:47:07