Re: EAP-MSCHAP v2 + LDAP: Identity does not match User-Name, setting from EAP Identity.
I'm not using ldap(and i've never used before) so try to find some where the variable User-Password and replace it with ClearText-Password. 2010/6/2 Andras Dosztal : > I'm using LDAP with an eDirectory backend. > > On Wed, 02 Jun 2010 16:26:19 +0200, Maciej Drobniuch > wrote: > >> If you are using users file, you have it located there. >> exp: >> "testuser" Cleartext-Password := "test123" >> 2010/6/2 Andras Dosztal : >>> >>> Sorry for the dumb question, but where can I configure that? > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MSCHAP v2 + LDAP: Identity does not match User-Name, setting from EAP Identity.
If you are using users file, you have it located there. exp: "testuser" Cleartext-Password := "test123" 2010/6/2 Andras Dosztal : > Sorry for the dumb question, but where can I configure that? > > > On Wed, 02 Jun 2010 13:34:29 +0200, Maciej Drobniuch > wrote: > >> In freeradius 2.x use ClearText-Password instead of User-Password! >> >> 2010/6/2 Andras Dosztal : >>> >>> I've upgraded to 2.1.8, but now I can't even authenticate with the pop-up >>> box. >>> Debug output: http://pastebin.ca/1875922 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MSCHAP v2 + LDAP: Identity does not match User-Name, setting from EAP Identity.
In freeradius 2.x use ClearText-Password instead of User-Password! 2010/6/2 Andras Dosztal : > I've upgraded to 2.1.8, but now I can't even authenticate with the pop-up > box. > Debug output: http://pastebin.ca/1875922 > > Regards, > Andras > > > On Wed, 02 Jun 2010 12:35:11 +0200, Maciej Drobniuch > wrote: > >> Switch to the newsiest freeradius version. Maybe it will help. >> >> 2010/6/2 Andras Dosztal : >>> >>> Hi, >>> >>> I've configured FreeRADIUS (version 1.1.7, supplied with SLES10) to >>> authenticate from Novell eDirectory with LDAP. The problem is that I >>> can't >>> connect to the network when I check the "Automatically use my Windows >>> logon >>> name and password" on a WinXP client's PEAP properties. This is the >>> output >>> of radiusd -A -X: >>> >>> [...] >>> The with_ntdomain_hack directive is set to "yes" in the preprocess and >>> mschap modules of radiusd.conf. When I set it to "no" and uncheck the >>> "Automatically use my Windows..." and enter the user's credentials in a >>> pop-up box, it's working fine. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MSCHAP v2 + LDAP: Identity does not match User-Name, setting from EAP Identity.
Switch to the newsiest freeradius version. Maybe it will help. 2010/6/2 Andras Dosztal : > Hi, > > I've configured FreeRADIUS (version 1.1.7, supplied with SLES10) to > authenticate from Novell eDirectory with LDAP. The problem is that I can't > connect to the network when I check the "Automatically use my Windows logon > name and password" on a WinXP client's PEAP properties. This is the output > of radiusd -A -X: > > rad_recv: Access-Request packet from host 10.128.128.3:1812, id=15, > length=194 > User-Name = "E00\\user1" > Service-Type = Framed-User > Framed-MTU = 1500 > Called-Station-Id = "00-26-CA-8D-A7-85" > Calling-Station-Id = "00-0B-CD-04-75-8C" > Attr-102 = 0x > NAS-Port-Type = Ethernet > NAS-Port = 50005 > NAS-Port-Id = "FastEthernet0/5" > NAS-IP-Address = 10.128.128.1 > EAP-Message = 0x0201000e014530305c7573657231 > Proxy-State = > 0x280646014009a74212c6bb2daec4f3110aa90d1af235 > Message-Authenticator = 0x928d46624aad188e71d3c6bbd88af6f1 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "user1", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: EAP packet type response id 1 length 14 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 0 > users: Matched entry user1 at line 88 > modcall[authorize]: module "files" returns ok for request 0 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for user1 > radius_xlat: '(uid=user1)' > radius_xlat: 'o=snac' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 10.128.128.5:636, authentication 0 > rlm_ldap: setting TLS mode to 1 > rlm_ldap: setting TLS CACert File to /etc/raddb/certs/ip_cert.b64 > rlm_ldap: bind as cn=admin,o=snac/xxx to 10.128.128.5:636 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in o=snac, with filter (uid=user1) > rlm_ldap: checking if remote access for user1 is allowed by dialupAccess > rlm_ldap: Added the eDirectory password in check items > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user user1 authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > rlm_pap: Found existing Auth-Type, not changing it. > modcall[authorize]: module "pap" returns noop for request 0 > modcall: leaving group authorize (returns updated) for request 0 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 0 > rlm_eap: Identity does not match User-Name, setting from EAP Identity. > rlm_eap: Failed in handler > modcall[authenticate]: module "eap" returns invalid for request 0 > modcall: leaving group authenticate (returns invalid) for request 0 > auth: Failed to validate the user. > Login incorrect: [user1/] (from client lan port > 50005 cli 00-0B-CD-04-75-8C) > Found Post-Auth-Type > Processing the post-auth section of radiusd.conf > modcall: entering group REJECT for request 0 > modcall[post-auth]: module "ldap" returns noop for request 0 > modcall: leaving group REJECT (returns noop) for request 0 > Delaying request 0 for 1 seconds > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 15 to 10.128.128.3 port 1812 > Proxy-State = > 0x280646014009a74212c6bb2daec4f3110aa90d1af235 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 15 with timestamp 4c06337d > Nothing to do. Sleeping until we see a request. > > > > The with_ntdomain_hack directive is set to "yes" in the preprocess and > mschap modules of radiusd.conf. When I set it to "no" and uncheck the > "Automatically use my Windows..." and enter the user's credentials in a > pop-up box, it's working fine. > Could you guys help me with this problem? Thanks in advance. > > Regards, > Andras > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2x authorize_check_query
Hi All!
It's a situation in which i have two authorize_check_query.
I'm using pppoe+sql and I also want to implement dhcp.
But the thing is that when dhcp nas asks freeradius it uses mac
address as username.
So i want sth like two sql { } sections with two different
authorize_check_query for two different auth types.
Sorry for my lame eng.
Big thanks!
--
Pozdrawiam!
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.x EAP-MSCHAPv2 + MySQL
Thanks Alan, I did not knew about the inner-tunnel.
Now everything works fine.
BIG THANKS TO ALL!!
2010/5/19 Alan DeKok :
> Maciej Drobniuch wrote:
>> Maybe you did not understand me, but when the mario user is in files
>> all works fine but when not the freeradius isn't asking the sql.
>
> Because you didn't configure it to ask SQL.
>
>> I'm using EAP PEAP MSCHAPv2
>
> Did you edit raddb/sites-available/inner-tunnel?
>
>> The sql is enabled
>
> Where?
>
>> Here is the whole debug: http://testowy.langw.net/text.txt
>
> Can you read it?
>
>> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
>> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
>
> This is pretty obvious. Now read *backwards* from that. You'll see
> that there's no mention of SQL, but there is some text:
>
>> Sending tunneled request
>> EAP-Message = ...
>> FreeRADIUS-Proxied-To = 127.0.0.1
>> User-Name = "mario"
>> State = 0x66cdb16066c5abec558fec6768936d41
>> server inner-tunnel {
>
> It's telling you that it's running the "inner-tunnel" virtual server.
>
> Did you edit it? It looks like you didn't.
>
> Should you edit it? Absolutely.
>
> Alan DeKok.
>
>
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Pozdrawiam!
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.x EAP-MSCHAPv2 + MySQL
Maybe you did not understand me, but when the mario user is in files all works fine but when not the freeradius isn't asking the sql. I'm using EAP PEAP MSCHAPv2 The sql is enabled and it works fine with pap,chap,mschap, mschapv2 on pppoe concentrators, but while using EAP it isn't working. Here is the whole debug: http://testowy.langw.net/text.txt 2010/5/19 Alan DeKok : > Maciej Drobniuch wrote: >> The freeradius server while authenticating is not searching in the sql >> database. Why that? > > You didn't configure it. > > What does the debug log say? > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.x EAP-MSCHAPv2 + MySQL
335
EAP-Message =
0x0109002b19001703010020c31f20717df3dcaca42b6dc386f094200e0847944b4f87f37901e4ecc76b45e5
Message-Authenticator = 0x
State = 0xbd4bf931ba42e07726e24ebbe3a70713
Finished request 25.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 93.175.129.30 port 34473,
id=48, length=186
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "mario"
State = 0xbd4bf931ba42e07726e24ebbe3a70713
NAS-Port-Id = "wlan1"
Calling-Station-Id = "00-24-23-05-18-62"
Called-Station-Id = "00-0E-8E-12-5C-0B:PROV"
EAP-Message =
0x0209002b190017030100206a58c78b2bc64359b7abccfc8811c5f762ad6a538bdc50e41414c76c5e1253be
Message-Authenticator = 0x7a4f0112fc90130c87304c87def0ef94
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.1.141
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "mario", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> mario
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 26 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 93.175.129.30 port 34473,
id=48, length=186
Waiting to send Access-Reject to client PROV -EST port 34473 - ID: 48
Waking up in 0.6 seconds.
2010/5/19 Maciej Drobniuch :
> My NAS-es are located in the clients file and they are working fine
> with pppoe auth.
>
> 2010/5/19 dorra aa :
>> hi,
>> in sql.conf did you modify that line :readclients = no to
>>
>> readclients = yes ?
>>
>>> Date: Wed, 19 ! May 2010 13:52:59 +0200
>>> Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL
>>> From: mac...@drobniuch.pl
>>> To: freeradius-users@lists.freeradius.org
>>>
>>> Hi ALL!!
>>> I'm trying to get authenticated with mikrotik wireless AP. All works
>>> but only when I add the user into the users file.
>>> The thing is that i want to get the users from mysql.
>>> In this moment the authentication requests are coming from PPPoE
>>> concentrator, and the users are in MySQL database - it works fine.
>>> The freeradius server while authenticating is not searching in the sql
>>> database. Why that?
>>> Please help and sorry for my lame eng.
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>
>> Hotmail: Trusted email with powerful SPAM protection. Sign up now.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
> Pozdrawiam!
> Maciej Drobniuch
>
--
Pozdrawiam!
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restricting access to NAS via http login authentication list
i think that only the NAS has the power to decide it. RADIUS sends only the accounts 2010/5/19 Peter Carlstedt : > Hello, > Didnt really know what kind of title I should have given this one but I will > try to explain what it is I am aiming for. > The switches I use supports both http and https login towards the switch to > administrate it. > The switch has support for using an athentication towards a radius server to > check if the user wanting to login to the switch is a existing user in the > radius server. > The problem I have is that every user in the user file in Freeradius can > access the switch when im using an authentication list which checks against > the radius server. Is there anyway to restrict so that only one specific > user in the users file can get access to the NAS? > > > Best regards/ Peter Carlstedt > > > Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up > now. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.x EAP-MSCHAPv2 + MySQL
My NAS-es are located in the clients file and they are working fine with pppoe auth. 2010/5/19 dorra aa : > hi, > in sql.conf did you modify that line :readclients = no to > > readclients = yes ? > >> Date: Wed, 19 ! May 2010 13:52:59 +0200 >> Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL >> From: mac...@drobniuch.pl >> To: freeradius-users@lists.freeradius.org >> >> Hi ALL!! >> I'm trying to get authenticated with mikrotik wireless AP. All works >> but only when I add the user into the users file. >> The thing is that i want to get the users from mysql. >> In this moment the authentication requests are coming from PPPoE >> concentrator, and the users are in MySQL database - it works fine. >> The freeradius server while authenticating is not searching in the sql >> database. Why that? >> Please help and sorry for my lame eng. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > Hotmail: Trusted email with powerful SPAM protection. Sign up now. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.x EAP-MSCHAPv2 + MySQL
Hi ALL!! I'm trying to get authenticated with mikrotik wireless AP. All works but only when I add the user into the users file. The thing is that i want to get the users from mysql. In this moment the authentication requests are coming from PPPoE concentrator, and the users are in MySQL database - it works fine. The freeradius server while authenticating is not searching in the sql database. Why that? Please help and sorry for my lame eng. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mikrotik as NAS with PPPoE - checkval
It works now properly! BIG THANKS! On Wed, 20 Aug 2008 14:40:12 +0200, "Marinko Tarlac" <[EMAIL PROTECTED]> wrote: > id - username - attribute - op > 1139 gojko Calling-Station-Id 00:50:70:AE:04:54 == > > Mikrotik wants uppercase MAC address and OP must be == > > It works for me and you need to insert this in radcheck table > > On Wed, Aug 20, 2008 at 2:34 PM, Maciej Drobniuch > <[EMAIL PROTECTED]>wrote: > >> >> Thank you for the reply but you did miss the point of Calling-Station-ID >> Greetz! >> >> On Wed, 20 Aug 2008 12:05:58 +, Santiago Balaguer García >> <[EMAIL PROTECTED]> wrote: >> > Yes, you needn't. What you need is to create a normal user account and >> add >> > these attributes in radreply: >> > Framed-Protocol = PPP, Framed-IP-Address = 10.0.0.x, >> > Framed-IP-Netmask = 255.255.255.0, >> > >> > Be carefull because you have to modify the ppp profiles in the > Mikrotik >> > client in the option /ppp profiles. You have to set the remote address >> with >> > the PPP gateway. See the next explample where my PPP gateway is >> 10.200.0.10 >> > >> > /ppp profile set default change-tcp-mss=yes comment="" name="default" >> > only-one=default \remote-address=10.200.0.10 > use-compression=default >> > use-encryption=default \use-vj-compression=default >> > >> > you set the pptp/l2tp client with this profile when you insert the >> > username/password. You needn't to add Dafault route. >> > >> > >> > If you need mor help, ask for and I will send you my manual in > Spanish. >> > Sanitago >> > >> > >> > >> >> To: freeradius-users@lists.freeradius.org> Subject: Re: Mikrotik as > NAS >> > with PPPoE - checkval> Date: Wed, 20 Aug 2008 11:26:05 +0100> From: >> > [EMAIL PROTECTED]> > >I want to bind a login with Calling-Station-Id but >> i've >> > got problems...> >*I've had added the Calling-Station-Id to mysql >> radcheck >> > table.> >*I've had turned on the rlm_checkval by adding it into > authorize >> > section> >*I've had set the notfound-reject variable to yes> >> >I get >> the >> > following errors in debug:> >rlm_checkval: Item Name: > Calling-Station-Id, >> > Value: 00:11:22:33:44:55> >rlm_checkval: Could not find attribute > named >> > Calling-Station-Id in check> >pairs> >++[checkval] returns notfound> >>> >> >>What is the problem?> > Why do you need checkval? User will be > rejected >> if >> > there is no> Calling-Station-Id in the request anyway since you have > that >> > attribute> in radcheck.> > Ivan Kalik> Kalik Informatika ISP> > -> > List >> > info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > _ >> > Nuevo Canal Messenger >> > http://www.vivelive.com/ilovemessenger/ >> -- >> >> Maciej Drobniuch >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> -- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Mikrotik as NAS with PPPoE - checkval
Thank you for the reply but you did miss the point of Calling-Station-ID Greetz! On Wed, 20 Aug 2008 12:05:58 +, Santiago Balaguer García <[EMAIL PROTECTED]> wrote: > Yes, you needn't. What you need is to create a normal user account and add > these attributes in radreply: > Framed-Protocol = PPP, Framed-IP-Address = 10.0.0.x, > Framed-IP-Netmask = 255.255.255.0, > > Be carefull because you have to modify the ppp profiles in the Mikrotik > client in the option /ppp profiles. You have to set the remote address with > the PPP gateway. See the next explample where my PPP gateway is 10.200.0.10 > > /ppp profile set default change-tcp-mss=yes comment="" name="default" > only-one=default \remote-address=10.200.0.10 use-compression=default > use-encryption=default \use-vj-compression=default > > you set the pptp/l2tp client with this profile when you insert the > username/password. You needn't to add Dafault route. > > > If you need mor help, ask for and I will send you my manual in Spanish. > Sanitago > > > >> To: freeradius-users@lists.freeradius.org> Subject: Re: Mikrotik as NAS > with PPPoE - checkval> Date: Wed, 20 Aug 2008 11:26:05 +0100> From: > [EMAIL PROTECTED]> > >I want to bind a login with Calling-Station-Id but i've > got problems...> >*I've had added the Calling-Station-Id to mysql radcheck > table.> >*I've had turned on the rlm_checkval by adding it into authorize > section> >*I've had set the notfound-reject variable to yes> >> >I get the > following errors in debug:> >rlm_checkval: Item Name: Calling-Station-Id, > Value: 00:11:22:33:44:55> >rlm_checkval: Could not find attribute named > Calling-Station-Id in check> >pairs> >++[checkval] returns notfound> >> >>What is the problem?> > Why do you need checkval? User will be rejected if > there is no> Calling-Station-Id in the request anyway since you have that > attribute> in radcheck.> > Ivan Kalik> Kalik Informatika ISP> > -> List > info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > _ > Nuevo Canal Messenger > http://www.vivelive.com/ilovemessenger/ -- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mikrotik as NAS with PPPoE - checkval
I want to check by the pppd 3 attributes that must match: -Login -Password -MAC Address So if someone on another machine who uses the login and the password will be rejected. The mikrotik NAS doc shows that there is a Calling-Station-ID http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_radius.php I want EVERYONE to be checked for the calling station id. Thank you for the reply. On Wed, 20 Aug 2008 11:26:05 +0100, "Ivan Kalik" <[EMAIL PROTECTED]> wrote: >>I want to bind a login with Calling-Station-Id but i've got problems... >>*I've had added the Calling-Station-Id to mysql radcheck table. >>*I've had turned on the rlm_checkval by adding it into authorize section >>*I've had set the notfound-reject variable to yes >> >>I get the following errors in debug: >>rlm_checkval: Item Name: Calling-Station-Id, Value: 00:11:22:33:44:55 >>rlm_checkval: Could not find attribute named Calling-Station-Id in check >>pairs >>++[checkval] returns notfound >> >>What is the problem? > > Why do you need checkval? User will be rejected if there is no > Calling-Station-Id in the request anyway since you have that attribute > in radcheck. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mikrotik as NAS with PPPoE - checkval
Hi! I want to bind a login with Calling-Station-Id but i've got problems... *I've had added the Calling-Station-Id to mysql radcheck table. *I've had turned on the rlm_checkval by adding it into authorize section *I've had set the notfound-reject variable to yes I get the following errors in debug: rlm_checkval: Item Name: Calling-Station-Id, Value: 00:11:22:33:44:55 rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs ++[checkval] returns notfound What is the problem? Please help! Thanks for all!!! -- -------- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to assign default gatway?
It's possible when you are using PPPoE, but it's rather not posible to do that with freeradius(or any radius) On Thu, 7 Aug 2008 13:25:05 -0400, "Xiaochen Jing" <[EMAIL PROTECTED]> wrote: > Hello all, > > > > Is that possible to assign users a default gateway while allocating > dynamic > IP addresses from IP pool? > > > > Thank you -- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Token Authorization
On Wed, 23 Jul 2008 21:31:02 +0200, krzychk2 <[EMAIL PROTECTED]> wrote: > Dnia 2008-07-23, śro o godzinie 21:06 +0200, Alan DeKok pisze: >> krzychk2 wrote: >> > I'd like to do a solution like token authentication. >> >> Token authentication is usually done as part of an existing >> authentication protocol. >> >> Which authentication protocol do you plan on using? >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > Well I'm in that happy situation that I'm at the beginning of the > project and I can choose auth protocol. The only > condition is that this has to be done by RADIUS server. So more > protocols than better for me. > > So far I have done simple Active Directory User authorization threw > kerberos (radius connects to AD threw kerberos and authorize users), now > only tokens. AD LDAP also has no secrets for me so I can get the > necessary informations for building tokens. > > -- I don't really catch what do you exactly mean to use auth and tokens? 1. What for? IMHO there is no need to do such a thing. 2. Generating a password and activating by a token(web UI) would not be a bad idea? Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_chap: Password check failed
Hi! I have a problem with chap authorization. PAP works fine but chap gives out this output: http://paste-it.net/public/id5f751/ Thanks! -- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling client PAM files on Mac OS
1. Are all dependencies and includes satisfied? If yes, try moving them from a *nix system and put them into your build dir(edit properly pam_rad source code). [a guess] 2. If you are not a coder then you are located in a blackhole. 3. IMHO it's better to use slackintosh(http://workaround.ch/) than MacOSX. 4. Try to search over the net once more. On Tue, 15 Jul 2008 10:02:22 +0200, Nicolas Goutte <[EMAIL PROTECTED]> wrote: > > Am 14.07.2008 um 17:09 schrieb Paul Goodman: > >> Sorry, but this doesn't really help me very much. Are you saying >> that because Mac OS is neither BSD nor GNU, the client files cannot >> be compiled? If there is a way to get them compiled, what is it? > > Sorry, I cannot help more, as neither I am the developer who worte > the code nor I have time to look at the problem. > > I have only tried to give hints to where the problem could be. > > I am sorry if that is too "short" for you. > > Have a nice day! > >> >> Nicolas Goutte wrote: >>> Am 10.07.2008 um 18:28 schrieb Paul Goodman: >>>> Does anyone have some hacks to enable a clean compile on Mac OS >>>> X? When I try to run make, I get the following compile errors: >>>> >>>> cc -Wall -fPIC -c pam_radius_auth.c -o pam_radius_auth.o >>>> pam_radius_auth.c: In function ‘get_random_vector’: >>>> pam_radius_auth.c:358: error: storage size of ‘tz’ isn’t known >>>> pam_radius_auth.c:363: warning: implicit declaration of function >>>> ‘gettimeofday’ >>> This would suggests that sys/time.h is not included. >>>> pam_radius_auth.c:358: warning: unused variable ‘tz’ >>>> pam_radius_auth.c: In function ‘talk_radius’: >>>> pam_radius_auth.c:886: warning: pointer targets in passing >>>> argument 6 of ‘recvfrom’ differ in signedness >>>> pam_radius_auth.c: In function ‘pam_sm_authenticate’: >>>> pam_radius_auth.c:1102: warning: assignment from incompatible >>>> pointer type >>>> make: *** [pam_radius_auth.o] Error 1 >>>> >>>> Is there something besides the X Code that I need to have installed? >>> Probably this is more a configuration problem, where MacOS is not >>> BSD or even less GNU. >>>> - >>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/ >>>> list/users.html >>> Have a nice day! >>> Nicolas Goutte >>> extragroup GmbH - Karlsruhe >>> Waldstr. 49 >>> 76133 Karlsruhe >>> Germany >>> Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman >>> Haerdle >>> Registergericht: Amtsgericht Münster / HRB: 5624 >>> Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 >>> - >>> List info/subscribe/unsubscribe? See http://www.freeradius.org/ >>> list/users.html >> - >> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ >> users.html > > Nicolas Goutte > > > extragroup GmbH - Karlsruhe > Waldstr. 49 > 76133 Karlsruhe > Germany > > Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle > Registergericht: Amtsgericht Münster / HRB: 5624 > Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to configure radius server
http://wiki.freeradius.org/HOWTO http://www.google.com It also depends on what do you want to bind with freeradius and what auth. mech. do you want to use. Just use uncle google ;] On 15 Jul 2008 06:37:18 -, "Sandeep " <[EMAIL PROTECTED]> wrote: > Hi, all members of free radius..I install fras fedora9 and want to make > radius server but i am new in this field is any body help me to do this. > first of all please provide me step to step tutorials so that i can read it > and install configure my server .. with testing PLEASE HELP ME Sandeep > rohilla -- ---- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange password when authenticating via pppoe-server.
Now it work's fine!
The password in the radiusclient was misspelled.
SORRY for trouble ;)
On Sat, 12 Jul 2008 12:25:44 +0100, "Ivan Kalik" <[EMAIL PROTECTED]> wrote:
> Post the whole debug including the request. You have chopped off the
> front bit.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 12/7/2008, "Maciej Drobniuch" <[EMAIL PROTECTED]> piše:
>
>>
>>Hi!
>>Now I have a new problem.
>>When auth via radiusclient, everyting works fine:
>>
>>>radtest steve testing localhost 1813 somesecret
>>
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: calling pap
>>(rlm_pap) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: login attempt with password
>>"testing"
>>Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: Using clear text password
>>"testing"
>>Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: User authenticated
> successfully
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: returned
> from
>>pap (rlm_pap) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: ++[pap] returns ok
>>Sat Jul 12 12:07:31 2008 : Debug: +- entering group post-auth
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: calling exec
>>(rlm_exec) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: returned from
>>exec (rlm_exec) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: ++[exec] returns noop
>>Sending Access-Accept of id 146 to 127.0.0.1 port 32770
>>Service-Type = Framed-User
>>Framed-Protocol = PPP
>>Framed-IP-Address = 172.16.3.33
>>Framed-IP-Netmask = 255.255.255.0
>>Framed-Routing = Broadcast-Listen
>>Framed-Filter-Id = "std.ppp"
>>Framed-MTU = 1500
>>Framed-Compression = Van-Jacobson-TCP-IP
>>
>>I've also tried to auth using this command(and the login is also
>>successful):
>>echo User-Name = "steve", CHAP-Password = "testing" | radclient localhost
>>auth somesecret
>>
>>But when i've had tried to login from a client (windows xp) station using
>>the pppoe-server(on the server) the debug output looks like this:
>>Force PAP(require-pap) on pppoe-server:
>>Sat Jul 12 12:11:23 2008 : Debug: auth: type "PAP"
>>Sat Jul 12 12:11:23 2008 : Debug: +- entering group PAP
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: calling pap
>>(rlm_pap) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: login attempt with password
>>"��23�tn?? 8ťĞ1R�"
>>Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Using clear text password
>>"testing"
>>Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Passwords don't match
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: returned
> from
>>pap (rlm_pap) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: ++[pap] returns reject
>>Sat Jul 12 12:11:23 2008 : Debug: auth: Failed to validate the user.
>>Sat Jul 12 12:11:23 2008 : Debug: WARNING: Unprintable characters in
> the
>>password. Double-check the shared secret on the server and the NAS!
>>Sat Jul 12 12:11:23 2008 : Debug: Found Post-Auth-Type Reject
>>Sat Jul 12 12:11:23 2008 : Debug: +- entering group REJECT
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: calling
>>attr_filter.access_reject (rlm_attr_filter) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: expand: %{User-Name} -> steve
>>Sat Jul 12 12:11:23 2008 : Debug: attr_filter: Matched entry DEFAULT at
>>line 11
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: returned from
>>attr_filter.access_reject (rlm_attr_filter) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: ++[attr_filter.access_reject] returns
>>updated
>>Force CHAP(require-chap) on PPPoE server:
>>Sat Jul 12 12:13:04 2008 : Debug: auth: type "CHAP"
>>Sat Jul 12 12:13:04 2008 : Debug: +- entering group CHAP
>>Sat Jul 12 12:13:04 2008 : Debug: modsingle[authenticate]: calling chap
>>(rlm_chap) for request 0
>>Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: login attempt by "steve"
> with
>>CHAP password
>>Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: Using clear text password
>>"testing" for user steve authentication.
>>Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: Password check failed
>>Sat Jul 12 12:13:04 2008 : Debug: modsingle[authenticate]: returned
> from
>>chap (rlm_chap) for request 0
>>Sat Jul 12 12:13:04 2008 : Debug: ++[chap] returns reject
>>
Re: Strange password when authenticating via pppoe-server.
ns
updated
Sending Access-Reject of id 59 to 127.0.0.1 port 32770
Sat Jul 12 15:54:03 2008 : Debug: Finished request 0.
Sat Jul 12 15:54:03 2008 : Debug: Going to the next request
Sat Jul 12 15:54:03 2008 : Debug: Waking up in 4.9 seconds.
Sat Jul 12 15:54:08 2008 : Debug: Cleaning up request 0 ID 59 with
timestamp +8
Sat Jul 12 15:54:08 2008 : Debug: Ready to process requests.
On Sat, 12 Jul 2008 12:25:44 +0100, "Ivan Kalik" <[EMAIL PROTECTED]> wrote:
> Post the whole debug including the request. You have chopped off the
> front bit.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 12/7/2008, "Maciej Drobniuch" <[EMAIL PROTECTED]> piše:
>
>>
>>Hi!
>>Now I have a new problem.
>>When auth via radiusclient, everyting works fine:
>>
>>>radtest steve testing localhost 1813 somesecret
>>
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: calling pap
>>(rlm_pap) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: login attempt with password
>>"testing"
>>Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: Using clear text password
>>"testing"
>>Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: User authenticated
> successfully
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: returned
> from
>>pap (rlm_pap) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: ++[pap] returns ok
>>Sat Jul 12 12:07:31 2008 : Debug: +- entering group post-auth
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: calling exec
>>(rlm_exec) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: returned from
>>exec (rlm_exec) for request 4
>>Sat Jul 12 12:07:31 2008 : Debug: ++[exec] returns noop
>>Sending Access-Accept of id 146 to 127.0.0.1 port 32770
>>Service-Type = Framed-User
>>Framed-Protocol = PPP
>>Framed-IP-Address = 172.16.3.33
>>Framed-IP-Netmask = 255.255.255.0
>>Framed-Routing = Broadcast-Listen
>>Framed-Filter-Id = "std.ppp"
>>Framed-MTU = 1500
>>Framed-Compression = Van-Jacobson-TCP-IP
>>
>>I've also tried to auth using this command(and the login is also
>>successful):
>>echo User-Name = "steve", CHAP-Password = "testing" | radclient localhost
>>auth somesecret
>>
>>But when i've had tried to login from a client (windows xp) station using
>>the pppoe-server(on the server) the debug output looks like this:
>>Force PAP(require-pap) on pppoe-server:
>>Sat Jul 12 12:11:23 2008 : Debug: auth: type "PAP"
>>Sat Jul 12 12:11:23 2008 : Debug: +- entering group PAP
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: calling pap
>>(rlm_pap) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: login attempt with password
>>"��23�tn?? 8ťĞ1R�"
>>Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Using clear text password
>>"testing"
>>Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Passwords don't match
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: returned
> from
>>pap (rlm_pap) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: ++[pap] returns reject
>>Sat Jul 12 12:11:23 2008 : Debug: auth: Failed to validate the user.
>>Sat Jul 12 12:11:23 2008 : Debug: WARNING: Unprintable characters in
> the
>>password. Double-check the shared secret on the server and the NAS!
>>Sat Jul 12 12:11:23 2008 : Debug: Found Post-Auth-Type Reject
>>Sat Jul 12 12:11:23 2008 : Debug: +- entering group REJECT
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: calling
>>attr_filter.access_reject (rlm_attr_filter) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: expand: %{User-Name} -> steve
>>Sat Jul 12 12:11:23 2008 : Debug: attr_filter: Matched entry DEFAULT at
>>line 11
>>Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: returned from
>>attr_filter.access_reject (rlm_attr_filter) for request 7
>>Sat Jul 12 12:11:23 2008 : Debug: ++[attr_filter.access_reject] returns
>>updated
>>Force CHAP(require-chap) on PPPoE server:
>>Sat Jul 12 12:13:04 2008 : Debug: auth: type "CHAP"
>>Sat Jul 12 12:13:04 2008 : Debug: +- entering group CHAP
>>Sat Jul 12 12:13:04 2008 : Debug: modsingle[authenticate]: calling chap
>>(rlm_chap) for request 0
>>Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: login attempt by "steve"
> with
>>CHAP password
>>Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: Using clear text password
>>"testing" for user steve authentication.
Strange password when authenticating via pppoe-server.
Hi!
Now I have a new problem.
When auth via radiusclient, everyting works fine:
>radtest steve testing localhost 1813 somesecret
Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: calling pap
(rlm_pap) for request 4
Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: login attempt with password
"testing"
Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: Using clear text password
"testing"
Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: User authenticated successfully
Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: returned from
pap (rlm_pap) for request 4
Sat Jul 12 12:07:31 2008 : Debug: ++[pap] returns ok
Sat Jul 12 12:07:31 2008 : Debug: +- entering group post-auth
Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: calling exec
(rlm_exec) for request 4
Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: returned from
exec (rlm_exec) for request 4
Sat Jul 12 12:07:31 2008 : Debug: ++[exec] returns noop
Sending Access-Accept of id 146 to 127.0.0.1 port 32770
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
I've also tried to auth using this command(and the login is also
successful):
echo User-Name = "steve", CHAP-Password = "testing" | radclient localhost
auth somesecret
But when i've had tried to login from a client (windows xp) station using
the pppoe-server(on the server) the debug output looks like this:
Force PAP(require-pap) on pppoe-server:
Sat Jul 12 12:11:23 2008 : Debug: auth: type "PAP"
Sat Jul 12 12:11:23 2008 : Debug: +- entering group PAP
Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: calling pap
(rlm_pap) for request 7
Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: login attempt with password
"ŞĂ23ćtn?? 8šľ1RĄ"
Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Using clear text password
"testing"
Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Passwords don't match
Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: returned from
pap (rlm_pap) for request 7
Sat Jul 12 12:11:23 2008 : Debug: ++[pap] returns reject
Sat Jul 12 12:11:23 2008 : Debug: auth: Failed to validate the user.
Sat Jul 12 12:11:23 2008 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
Sat Jul 12 12:11:23 2008 : Debug: Found Post-Auth-Type Reject
Sat Jul 12 12:11:23 2008 : Debug: +- entering group REJECT
Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 7
Sat Jul 12 12:11:23 2008 : Debug: expand: %{User-Name} -> steve
Sat Jul 12 12:11:23 2008 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 7
Sat Jul 12 12:11:23 2008 : Debug: ++[attr_filter.access_reject] returns
updated
Force CHAP(require-chap) on PPPoE server:
Sat Jul 12 12:13:04 2008 : Debug: auth: type "CHAP"
Sat Jul 12 12:13:04 2008 : Debug: +- entering group CHAP
Sat Jul 12 12:13:04 2008 : Debug: modsingle[authenticate]: calling chap
(rlm_chap) for request 0
Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: login attempt by "steve" with
CHAP password
Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: Using clear text password
"testing" for user steve authentication.
Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: Password check failed
Sat Jul 12 12:13:04 2008 : Debug: modsingle[authenticate]: returned from
chap (rlm_chap) for request 0
Sat Jul 12 12:13:04 2008 : Debug: ++[chap] returns reject
Sat Jul 12 12:13:04 2008 : Debug: auth: Failed to validate the user.
Sat Jul 12 12:13:04 2008 : Debug: Found Post-Auth-Type Reject
Sat Jul 12 12:13:04 2008 : Debug: +- entering group REJECT
Sat Jul 12 12:13:04 2008 : Debug: modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 0
Sat Jul 12 12:13:04 2008 : Debug: expand: %{User-Name} -> steve
Sat Jul 12 12:13:04 2008 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Sat Jul 12 12:13:04 2008 : Debug: modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 0
Sat Jul 12 12:13:04 2008 : Debug: ++[attr_filter.access_reject] returns
updated
Sending Access-Reject of id 57 to 127.0.0.1 port 32770
Sat Jul 12 12:13:04 2008 : Debug: Finished request 0.
Sat Jul 12 12:13:04 2008 : Debug: Going to the next request
Sat Jul 12 12:13:04 2008 : Debug: Waking up in 4.9 seconds.
Sat Jul 12 12:13:09 2008 : Debug: Cleaning up request 0 ID 57 with
timestamp +8
Sat Jul 12 12:13:09 2008 : Debug: Ready to process requests.
What's wrong again?
Thanks !
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange password when authenticating via pppoe-server.
Hi!
Now I have a new problem.
When auth via radiusclient, everyting works fine:
>radtest steve testing localhost 1813 somesecret
Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: calling pap
(rlm_pap) for request 4
Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: login attempt with password
"testing"
Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: Using clear text password
"testing"
Sat Jul 12 12:07:31 2008 : Debug: rlm_pap: User authenticated successfully
Sat Jul 12 12:07:31 2008 : Debug: modsingle[authenticate]: returned from
pap (rlm_pap) for request 4
Sat Jul 12 12:07:31 2008 : Debug: ++[pap] returns ok
Sat Jul 12 12:07:31 2008 : Debug: +- entering group post-auth
Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: calling exec
(rlm_exec) for request 4
Sat Jul 12 12:07:31 2008 : Debug: modsingle[post-auth]: returned from
exec (rlm_exec) for request 4
Sat Jul 12 12:07:31 2008 : Debug: ++[exec] returns noop
Sending Access-Accept of id 146 to 127.0.0.1 port 32770
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
I've also tried to auth using this command(and the login is also
successful):
echo User-Name = "steve", CHAP-Password = "testing" | radclient localhost
auth somesecret
But when i've had tried to login from a client (windows xp) station using
the pppoe-server(on the server) the debug output looks like this:
Force PAP(require-pap) on pppoe-server:
Sat Jul 12 12:11:23 2008 : Debug: auth: type "PAP"
Sat Jul 12 12:11:23 2008 : Debug: +- entering group PAP
Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: calling pap
(rlm_pap) for request 7
Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: login attempt with password
"ŞĂ23ćtn?? 8šľ1RĄ"
Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Using clear text password
"testing"
Sat Jul 12 12:11:23 2008 : Debug: rlm_pap: Passwords don't match
Sat Jul 12 12:11:23 2008 : Debug: modsingle[authenticate]: returned from
pap (rlm_pap) for request 7
Sat Jul 12 12:11:23 2008 : Debug: ++[pap] returns reject
Sat Jul 12 12:11:23 2008 : Debug: auth: Failed to validate the user.
Sat Jul 12 12:11:23 2008 : Debug: WARNING: Unprintable characters in the
password. Double-check the shared secret on the server and the NAS!
Sat Jul 12 12:11:23 2008 : Debug: Found Post-Auth-Type Reject
Sat Jul 12 12:11:23 2008 : Debug: +- entering group REJECT
Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 7
Sat Jul 12 12:11:23 2008 : Debug: expand: %{User-Name} -> steve
Sat Jul 12 12:11:23 2008 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Sat Jul 12 12:11:23 2008 : Debug: modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 7
Sat Jul 12 12:11:23 2008 : Debug: ++[attr_filter.access_reject] returns
updated
Force CHAP(require-chap) on PPPoE server:
Sat Jul 12 12:13:04 2008 : Debug: auth: type "CHAP"
Sat Jul 12 12:13:04 2008 : Debug: +- entering group CHAP
Sat Jul 12 12:13:04 2008 : Debug: modsingle[authenticate]: calling chap
(rlm_chap) for request 0
Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: login attempt by "steve" with
CHAP password
Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: Using clear text password
"testing" for user steve authentication.
Sat Jul 12 12:13:04 2008 : Debug: rlm_chap: Password check failed
Sat Jul 12 12:13:04 2008 : Debug: modsingle[authenticate]: returned from
chap (rlm_chap) for request 0
Sat Jul 12 12:13:04 2008 : Debug: ++[chap] returns reject
Sat Jul 12 12:13:04 2008 : Debug: auth: Failed to validate the user.
Sat Jul 12 12:13:04 2008 : Debug: Found Post-Auth-Type Reject
Sat Jul 12 12:13:04 2008 : Debug: +- entering group REJECT
Sat Jul 12 12:13:04 2008 : Debug: modsingle[post-auth]: calling
attr_filter.access_reject (rlm_attr_filter) for request 0
Sat Jul 12 12:13:04 2008 : Debug: expand: %{User-Name} -> steve
Sat Jul 12 12:13:04 2008 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Sat Jul 12 12:13:04 2008 : Debug: modsingle[post-auth]: returned from
attr_filter.access_reject (rlm_attr_filter) for request 0
Sat Jul 12 12:13:04 2008 : Debug: ++[attr_filter.access_reject] returns
updated
Sending Access-Reject of id 57 to 127.0.0.1 port 32770
Sat Jul 12 12:13:04 2008 : Debug: Finished request 0.
Sat Jul 12 12:13:04 2008 : Debug: Going to the next request
Sat Jul 12 12:13:04 2008 : Debug: Waking up in 4.9 seconds.
Sat Jul 12 12:13:09 2008 : Debug: Cleaning up request 0 ID 57 with
timestamp +8
Sat Jul 12 12:13:09 2008 : Debug: Ready to process requests.
What's wrong again?
Thanks !
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_pap: WARNING! No "known good" passwor d found for the user.
our
> authorization is working but authentication is failing right ?
>
> Thanks
> Sambuddho
> On Fri, 2008-07-11 at 21:21 +0200, Maciej Drobniuch wrote:
>> I've cleaned the mess up like you've said, but i've got new errors for
> you
>> which are not familiar to me ;)
>>
>> Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method
> (Auth-Type)
>> configuration found for the request: Rejecting the user
>> Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user.
>>
>> Am I using an old definition of Auth-Type in my users file?
>> Or what ?
>>
>> fred Auth-Type := Local, Cleartext-Password =="somepass"
>>Service-Type = Framed-User,
>>Framed-Protocol = PPP
>>
>> With what should i replace the "Auth-Type" variable or variable name?
>> Thanks for your tips!
>>
>> On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <[EMAIL PROTECTED]> wrote:
>> > You probably have two instances of the server installed. These files
>> > don't belong to the server that is running.
>> >
>> > Ivan Kalik
>> > Kalik Informatika ISP
>> >
>> >
>> > Dana 11/7/2008, "Maciej Drobniuch" <[EMAIL PROTECTED]> piše:
>> >
>> >>
>> >>Hi!
>> >>
>> >>>radtest fred somepass localhost 1813 somesecret
>> >>Sending Access-Request of id 102 to 127.0.0.1 port 1812
>> >>User-Name = "fred"
>> >>User-Password = "somepass"
>> >>NAS-IP-Address = 127.0.0.1
>> >>NAS-Port = 1813
>> >>rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102,
>> >>length=20
>> >>rad_verify: Received Access-Reject packet from client 127.0.0.1 port
> 1812
>> >>with invalid signature (err=2)! (Shared secret is incorrect.)
>> >>
>> >>>radiusd -X
>> >>rad_recv: Access-Request packet from host 127.0.0.1 port 32770,
> id=102,
>> >>length=56
>> >>User-Name = "fred"
>> >>User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021["
>> >>NAS-IP-Address = 127.0.0.1
>> >>NAS-Port = 1813
>> >>+- entering group authorize
>> >>++[preprocess] returns ok
>> >>++[chap] returns noop
>> >>++[mschap] returns noop
>> >>rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
>> >>rlm_realm: No such realm "NULL"
>> >>++[suffix] returns noop
>> >> rlm_eap: No EAP-Message, not doing EAP
>> >>++[eap] returns noop
>> >>++[unix] returns notfound
>> >>++[files] returns noop
>> >>++[expiration] returns noop
>> >>++[logintime] returns noop
>> >>rlm_pap: WARNING! No "known good" password found for the user.
>> >>Authentication may fail because of this.
>> >>++[pap] returns noop
>> >>auth: No authenticate method (Auth-Type) configuration found for the
>> >>request: Rejecting the user
>> >>auth: Failed to validate the user.
>> >> WARNING: Unprintable characters in the password.Double-check
>> > the
>> >>shared secret on the server and the NAS!
>> >> Found Post-Auth-Type Reject
>> >>+- entering group REJECT
>> >>expand: %{User-Name} -> fred
>> >> attr_filter: Matched entry DEFAULT at line 11
>> >>++[attr_filter.access_reject] returns updated
>> >>Sending Access-Reject of id 102 to 127.0.0.1 port 32770
>> >>Finished request 2.
>> >>Going to the next request
>> >>Waking up in 4.9 seconds.
>> >>Cleaning up request 2 ID 102 with timestamp +151
>> >>Ready to process requests.
>> >>
>> >>>cat client.conf
>> >>client 127.0.0.1 {
>> >>secret = somesecret
>> >>shortname = localhost
>> >>nastype = other
>> >>}
>> >>
>> >>>cat users
>> >>fred Cleartext-Password =="somepass"
>> >> Service-Type = Framed-User,
>> >> Framed-Protocol = PPP
>> >>
>> >>wilma Auth-Type := CHAP, User-password =="somepass"
>> >> Service-Type = Framed-User,
>> >> Framed-Protocol = PPP
>> >>
>> >>barney Auth-Type := MS-CHAP, User-Password == "somepass"
>> >> Service-Type = Framed-User,
>> >> Framed-Protocol = PPP
>> >>
>> >>What's wrong with this line >User-Password =
>> >>"h\347`\005\270\202\336<\336i~e\031\r\021[" ???
>> >>Thanks for the support!
>> >>
>> >>--
>> >>
>> >>Maciej Drobniuch
>> >>
>> >>-
>> >>List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >>
>> >>
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>>
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_pap: WARNING! No "known good" passwor d found for the user.
I've cleaned the mess up like you've said, but i've got new errors for you
which are not familiar to me ;)
Fri Jul 11 21:17:56 2008 : Debug: auth: No authenticate method (Auth-Type)
configuration found for the request: Rejecting the user
Fri Jul 11 21:17:56 2008 : Debug: auth: Failed to validate the user.
Am I using an old definition of Auth-Type in my users file?
Or what ?
fred Auth-Type := Local, Cleartext-Password =="somepass"
Service-Type = Framed-User,
Framed-Protocol = PPP
With what should i replace the "Auth-Type" variable or variable name?
Thanks for your tips!
On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <[EMAIL PROTECTED]> wrote:
> You probably have two instances of the server installed. These files
> don't belong to the server that is running.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 11/7/2008, "Maciej Drobniuch" <[EMAIL PROTECTED]> piše:
>
>>
>>Hi!
>>
>>>radtest fred somepass localhost 1813 somesecret
>>Sending Access-Request of id 102 to 127.0.0.1 port 1812
>>User-Name = "fred"
>>User-Password = "somepass"
>>NAS-IP-Address = 127.0.0.1
>>NAS-Port = 1813
>>rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102,
>>length=20
>>rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
>>with invalid signature (err=2)! (Shared secret is incorrect.)
>>
>>>radiusd -X
>>rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102,
>>length=56
>>User-Name = "fred"
>>User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021["
>>NAS-IP-Address = 127.0.0.1
>>NAS-Port = 1813
>>+- entering group authorize
>>++[preprocess] returns ok
>>++[chap] returns noop
>>++[mschap] returns noop
>>rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
>>rlm_realm: No such realm "NULL"
>>++[suffix] returns noop
>> rlm_eap: No EAP-Message, not doing EAP
>>++[eap] returns noop
>>++[unix] returns notfound
>>++[files] returns noop
>>++[expiration] returns noop
>>++[logintime] returns noop
>>rlm_pap: WARNING! No "known good" password found for the user.
>>Authentication may fail because of this.
>>++[pap] returns noop
>>auth: No authenticate method (Auth-Type) configuration found for the
>>request: Rejecting the user
>>auth: Failed to validate the user.
>> WARNING: Unprintable characters in the password.Double-check
> the
>>shared secret on the server and the NAS!
>> Found Post-Auth-Type Reject
>>+- entering group REJECT
>>expand: %{User-Name} -> fred
>> attr_filter: Matched entry DEFAULT at line 11
>>++[attr_filter.access_reject] returns updated
>>Sending Access-Reject of id 102 to 127.0.0.1 port 32770
>>Finished request 2.
>>Going to the next request
>>Waking up in 4.9 seconds.
>>Cleaning up request 2 ID 102 with timestamp +151
>>Ready to process requests.
>>
>>>cat client.conf
>>client 127.0.0.1 {
>>secret = somesecret
>>shortname = localhost
>>nastype = other
>>}
>>
>>>cat users
>>fred Cleartext-Password =="somepass"
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>>wilma Auth-Type := CHAP, User-password =="somepass"
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>>barney Auth-Type := MS-CHAP, User-Password == "somepass"
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>>What's wrong with this line >User-Password =
>>"h\347`\005\270\202\336<\336i~e\031\r\021[" ???
>>Thanks for the support!
>>
>>--
>>
>>Maciej Drobniuch
>>
>>-
>>List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_pap: WARNING! No "known good" passwor d found for the user.
Hi!
I've deleted the old /sbin /bin /raddb dirs and then i've executed make
install in the freerad 2.0.5 dir...
So what is the fastest and the cleanest way to remove the old version?
Usually I use packages but I've had problems running radiusd when
installing from them...
Thanks and sorry for my lame eng.
On Fri, 11 Jul 2008 19:30:26 +0100, "Ivan Kalik" <[EMAIL PROTECTED]> wrote:
> You probably have two instances of the server installed. These files
> don't belong to the server that is running.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 11/7/2008, "Maciej Drobniuch" <[EMAIL PROTECTED]> piše:
>
>>
>>Hi!
>>
>>>radtest fred somepass localhost 1813 somesecret
>>Sending Access-Request of id 102 to 127.0.0.1 port 1812
>>User-Name = "fred"
>>User-Password = "somepass"
>>NAS-IP-Address = 127.0.0.1
>>NAS-Port = 1813
>>rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102,
>>length=20
>>rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
>>with invalid signature (err=2)! (Shared secret is incorrect.)
>>
>>>radiusd -X
>>rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102,
>>length=56
>>User-Name = "fred"
>>User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021["
>>NAS-IP-Address = 127.0.0.1
>>NAS-Port = 1813
>>+- entering group authorize
>>++[preprocess] returns ok
>>++[chap] returns noop
>>++[mschap] returns noop
>>rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
>>rlm_realm: No such realm "NULL"
>>++[suffix] returns noop
>> rlm_eap: No EAP-Message, not doing EAP
>>++[eap] returns noop
>>++[unix] returns notfound
>>++[files] returns noop
>>++[expiration] returns noop
>>++[logintime] returns noop
>>rlm_pap: WARNING! No "known good" password found for the user.
>>Authentication may fail because of this.
>>++[pap] returns noop
>>auth: No authenticate method (Auth-Type) configuration found for the
>>request: Rejecting the user
>>auth: Failed to validate the user.
>> WARNING: Unprintable characters in the password.Double-check
> the
>>shared secret on the server and the NAS!
>> Found Post-Auth-Type Reject
>>+- entering group REJECT
>>expand: %{User-Name} -> fred
>> attr_filter: Matched entry DEFAULT at line 11
>>++[attr_filter.access_reject] returns updated
>>Sending Access-Reject of id 102 to 127.0.0.1 port 32770
>>Finished request 2.
>>Going to the next request
>>Waking up in 4.9 seconds.
>>Cleaning up request 2 ID 102 with timestamp +151
>>Ready to process requests.
>>
>>>cat client.conf
>>client 127.0.0.1 {
>>secret = somesecret
>>shortname = localhost
>>nastype = other
>>}
>>
>>>cat users
>>fred Cleartext-Password =="somepass"
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>>wilma Auth-Type := CHAP, User-password =="somepass"
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>>barney Auth-Type := MS-CHAP, User-Password == "somepass"
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>>What's wrong with this line >User-Password =
>>"h\347`\005\270\202\336<\336i~e\031\r\021[" ???
>>Thanks for the support!
>>
>>--
>>
>>Maciej Drobniuch
>>
>>-
>>List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_pap: WARNING! No "known good" password found for the user.
Hi!
>radtest fred somepass localhost 1813 somesecret
Sending Access-Request of id 102 to 127.0.0.1 port 1812
User-Name = "fred"
User-Password = "somepass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1813
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=102,
length=20
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812
with invalid signature (err=2)! (Shared secret is incorrect.)
>radiusd -X
rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=102,
length=56
User-Name = "fred"
User-Password = "h\347`\005\270\202\336<\336i~e\031\r\021["
NAS-IP-Address = 127.0.0.1
NAS-Port = 1813
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "fred", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
WARNING: Unprintable characters in the password.Double-check the
shared secret on the server and the NAS!
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> fred
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 102 to 127.0.0.1 port 32770
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 102 with timestamp +151
Ready to process requests.
>cat client.conf
client 127.0.0.1 {
secret = somesecret
shortname = localhost
nastype = other
}
>cat users
fred Cleartext-Password =="somepass"
Service-Type = Framed-User,
Framed-Protocol = PPP
wilma Auth-Type := CHAP, User-password =="somepass"
Service-Type = Framed-User,
Framed-Protocol = PPP
barney Auth-Type := MS-CHAP, User-Password == "somepass"
Service-Type = Framed-User,
Framed-Protocol = PPP
What's wrong with this line >User-Password =
"h\347`\005\270\202\336<\336i~e\031\r\021[" ???
Thanks for the support!
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP-Password does NOT match local User-Password
On Tue, 08 Jul 2008 18:49:48 +0200, Alan DeKok <[EMAIL PROTECTED]> wrote: > > Upgrade to 2.0.5. > I had tht version and the same error appeared > > You are forcing Auth-Type. Don't do that. > So, what I must force to don't mess up things? > > And the passwords don't match. The passwords match. Do they have to be in plaint text (in db) or some kind of a hash ? How can I see what password (in plain, when auth in pap) comes in to freeradius from pppd. THANKS FOR YOUR SUPPORT! sorry for my lame eng. -- Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP-Password does NOT match local User-Password
Hi everyone !
I'm a newbie in freeradius.
I've tryied several freeradius versions, but i get always the same error:
auth: user supplied CHAP-Password does NOT match local User-Password
Currently i'm using freeradius 1.0.5 and i want to bind it with the
pppoe-server(accounts are mysql based).
This is the ppp auth part of the radiusd -X:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32772, id=50, length=90
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "qweqwe"
CHAP-Password = 0x1a490e809284566aa959336e511314fe82
Calling-Station-Id = "00:04:61:5C:14:11"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080705'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080705
modcall[authorize]: module "auth_log" returns ok for request 0
radius_xlat: ':'
rlm_attr_rewrite: No match found for attribute User-Name with value
'qweqwe'
modcall[authorize]: module "dwukropki" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "qweqwe", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
radius_xlat: 'qweqwe'
rlm_sql (sql): sql_set_user escaped user --> 'qweqwe'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'qweqwe' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
FROM radcheck WHERE Username = 'qweqwe' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'qweqwe' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'qweqwe' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT r.id,r.UserName,r.Attribute,inet_ntoa(n.ipaddr) as
value,r.op ??FROM radreply as r, nodes as n WHERE r.Username = 'qweqwe'
AND n.name=r.UserName ORDER BY r.id'
rlm_sql_mysql: query: SELECT
r.id,r.UserName,r.Attribute,inet_ntoa(n.ipaddr) as value,r.op ??FROM
radreply as r, nodes as n WHERE r.Username = 'qweqwe' AND n.name=r.UserName
ORDER BY r.id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'qweqwe' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'qweqwe' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password does NOT match local User-Password
auth: Failed to validate the user.
Login incorrect: [qweqwe] (from client localhost port 0 cli
00:04:61:5C:14:11)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 50 to 127.0.0.1:32772
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 50 with timestamp 486f753f
Nothing to do. Sleeping until we see a request.
Thanks for the support and sorry for my lame eng.
--
Maciej Drobniuch
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
