Re: Freeradius users
Hi Adrian,Have you looked in the 'users' file in the raddb/ directory? There's some examples in there (user 'steve'). You can usually trim some stuff out of that account and use it as the base for your other users. I prefer to use MySQL to hold all the user and accounting information.Service-Type = Framed-User and Framed-Protocol = PPP are the important AV pairs for PPP users (along with Framed-IP-Address and Framed-IP-Netmask).Hope this helps you, if not, check the docs/ directory in the source, and also search for the .sql file which is the MySQL database structure I use for users and accounting. Regards,Nick LarsenOn 9/29/06, Adrian Acuna <[EMAIL PROTECTED]> wrote: Hello Everybody: In my new job they want to implement Radius for PPP connection. I have installed Freeradius-1.1.3. The instalation messages show that everything is OK. But I really don't know how create new users and test it. I need something like directions to create accounts and raise the connection. I have reviewed a lot of web pages but I found only PPP dial server information. I will appreciate your help and support! Adrian Acuna View this message in context: Freeradius users Sent from the FreeRadius - User mailing list archive at Nabble.com. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards,Nick LarsenWellingtonNEW ZEALAND - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segfault with EAP-PEAP/MSCHAPv2
Hi,I get the exact same problem, and I too have been working on it for a while, and is getting quite frustrating. I've tried FreeRADIUS 1.1.2 and 1.1.3 both from source, and 1.1.2 from the FreeBSD ports collection (although I had to hack the port to get it to build past sqlippool), on FreeBSD 6.0 and the problem persists. Regular logins work fine, but whenever a PEAP login is attempted, it crashes, and a truss/strace doesn't help at all.I have until this Friday to have this sorted, else we'll be finding other ways to do it, which is unfortunate as I have no other issues with FreeRADIUS. I think I'll give Debian Sarge a shot. I'll let you know if it works (which would mean FreeBSD has some issues with EAP-PEAP).Regards,Nick LarsenOn 9/26/06, Alan DeKok <[EMAIL PROTECTED]> wrote: Paul A Roberts <[EMAIL PROTECTED]> wrote:> This is the core dump. FreeBSD 6.1 host, 1.1.2 FreeRadius. Authenticates fine using NTRadPing with MS-CHAP but crashes each time trying to authenticate from an XP box using EAP-PEAP/MS-CHAPv2. Hmm... that doesn't help much. All I can suggest is to try 1.1.3, maybe that works. I recall therebeing other issues with FreeBSD before, but I don't recall what. Alan DeKok.-- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Regards,Nick LarsenWellingtonNEW ZEALAND - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS crashes after EAP/PEAP authentication
Cool,Thanks, I'll try FreeRADIUS 1.1.3, let hope it solves my problems ;)Regards,NickOn 8/31/06, Alan DeKok < [EMAIL PROTECTED]> wrote:"Nick Larsen" < [EMAIL PROTECTED]> wrote:> I did notice in the output, just before the backtrace: radlog(L_ERR,> "rlm_eap_tls (%s): xlat failed.",> Could this be the problem? It may be related. > This GDB was configured as "sparc64-marcel-freebsd"...>> warning: exec file is newer than core file. That's not good. It means that the infomration from the core filemay be useless. And I noticed the version is 1.1.1. Please try 1.1.3, which ahs anumber of bugs fixed. Alan DeKok.-- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards,Nick LarsenWellingtonNEW ZEALAND - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS crashes after EAP/PEAP authentication
HiI sent an email to the list with the subject "EAP PEAP, unable to load certificate", but as the subject has changed slightly, I've decided to create a new thread.Has anyone had any issues at all when setting up PEAP? My FreeRADIUS installation, which is used for ADSL/Dial Up AAA (and if I can get it working Wireless AAA), crashes as a wireless client tries to authenticate, but is fine for DSL/Dial Up.I'm running FreeRADIUS 1.1.1 (OpenSSL 0.9.7e-p1 25 Oct 2004).Running on: FreeBSD radius02.01.net.nz 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Nov 2 22:33:15 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC sparc64FreeRADIUS confuration line: ./configure --sysconfdir=/etc --localstatedir=/var --disable-ltdl-install --with-ltdl-include=/usr/local/include --with-ltdl-lib=/usr/local/lib --with-large-files --with-rlm_sql_unixodbc --without-rlm_krb5 --without-rlm_sql_postgresql --without-rlm_ldap --enable-strict-dependencies --disable-shared --with-openssl-includes=/usr/local/include/openssl --with-openssl-libraries=/usr/local/lib Here is the radiusd -XA output when a wireless user tries to authenticate: Ready to process requests. rad_recv: Access-Request packet from host 10.10.1.199:1812, id=5, length=73 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02010009016e69636b NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0x44a4bae6e408185535e54b666e440793 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'nick'rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 5 to 10.10.1.199 port 1812 Framed-IP-Address := 10.10.1.197 Service-Type := Framed-User Framed-Protocol := PPP Acct-Interim-Interval := 600 Framed-IP-Netmask := 255.255.255.0 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x441787b224b2cade909f815da10d28a2 Finished request 0Going to the next request --- Walking the entire request list --- Waking up in 6 seconds...rad_recv: Access-Request packet from host 10.10.1.199:1812, id=6, length=156 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202004a19800040160301003b01370301d47428dbffab776a5aa27dd1f3ae43b58ba88be83f19c437a92b5e416c87ecf6140005000a000900640062000300060100 State = 0x441787b224b2cade909f815da10d28a2 NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0xd35a0b343af33d868016f1faa2c401ca Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No suc
Re: EAP PEAP, unable to load certificate
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute ,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 1modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLSrlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initializationSegmentation fault: 11 (core dumped) Does anyone know what may cause this? The only other time I've had radius seg-fault is when I was trying to get rlm_sql working.Cheers,Nick Larsen.On 8/29/06, Nick Larsen <[EMAIL PROTECTED]> wrote: Hi,I have forcibly set Auth-Type to Local, so perhaps that's the problem.Here's my debug output anyway...rad_recv: Access-Request packet from host 10.10.1.199:1812, id=1, length=73 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02010009016e69636b NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0xa2632b22341f08798a0fca4aa0f457c9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 160 modcall[authorize]: module "preprocess" returns ok for request 160 modcall[authorize]: module "chap" returns noop for request 160 modcall[authorize]: module "mschap" returns noop for request 160 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 160 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 160 radius_xlat: 'nick'rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute ,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 160modcall: leaving group authorize (returns updated) for request 160 rad_check_password: Found Auth-Type Local auth: type Localauth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user.Login incorrect: [nick] (from client Finc-Wireless port 0) Delaying request 160 for 1 seconds Finished request 160Going to the next request --- Walking the entire request list ---Waking up in 1 seconds... --- Walking the entire request list ---Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 1 to 10.10.1.199 port 1812 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 160 ID 1 with timestamp 44f357bfNothing to do. Sleeping until we see a request. Cheers for your help, Nick LarsenOn 8/29/06, Alan DeKok < [EMAIL PROTECTED]> wrote: "Nick Larsen" <[EMAIL PROTECTED]> wrote:> Now I'm trying to authenticate users via wireless PDA's, but I now get > "auth: No User-Password or CHAP-Password attribute in the request" in > Access-Request, I guess it's the Linksys WAG54g now, so I better start> trawling through the net again. No. Run the server in debugging mode, and post the output here. That message happens ONLY if you forcibly set "Auth-Type = Local" when it doesn't make sense to do so. Alan DeKok.-- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards,Nick LarsenWellingtonNEW ZEALAND -- Regards,Nick LarsenWellingtonNEW ZEALAND - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP PEAP, unable to load certificate
Hi,I have forcibly set Auth-Type to Local, so perhaps that's the problem.Here's my debug output anyway...rad_recv: Access-Request packet from host 10.10.1.199:1812, id=1, length=73 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02010009016e69636b NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0xa2632b22341f08798a0fca4aa0f457c9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 160 modcall[authorize]: module "preprocess" returns ok for request 160 modcall[authorize]: module "chap" returns noop for request 160 modcall[authorize]: module "mschap" returns noop for request 160 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 160 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 160 radius_xlat: 'nick'rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute ,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 160modcall: leaving group authorize (returns updated) for request 160 rad_check_password: Found Auth-Type Local auth: type Localauth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user.Login incorrect: [nick] (from client Finc-Wireless port 0) Delaying request 160 for 1 seconds Finished request 160Going to the next request --- Walking the entire request list ---Waking up in 1 seconds... --- Walking the entire request list ---Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 1 to 10.10.1.199 port 1812Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 160 ID 1 with timestamp 44f357bfNothing to do. Sleeping until we see a request.Cheers for your help, Nick LarsenOn 8/29/06, Alan DeKok <[EMAIL PROTECTED]> wrote: "Nick Larsen" <[EMAIL PROTECTED]> wrote:> Now I'm trying to authenticate users via wireless PDA's, but I now get> "auth: No User-Password or CHAP-Password attribute in the request" in > Access-Request, I guess it's the Linksys WAG54g now, so I better start> trawling through the net again. No. Run the server in debugging mode, and post the output here. That message happens ONLY if you forcibly set "Auth-Type = Local" when it doesn't make sense to do so. Alan DeKok.-- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards,Nick LarsenWellingtonNEW ZEALAND - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP PEAP, unable to load certificate
Hi,Thanks for that, it worked wonders. I also had to recreate some certificates properly.Now I'm trying to authenticate users via wireless PDA's, but I now get "auth: No User-Password or CHAP-Password attribute in the request" in Access-Request, I guess it's the Linksys WAG54g now, so I better start trawling through the net again. Thanks again,Nick LarsenOn 8/25/06, K. Hoercher <[EMAIL PROTECTED]> wrote: On 8/25/06, Nick Larsen <[EMAIL PROTECTED]> wrote:> tls: certificate_file = "(null)"You have to fill in this information. See the comment in eap.confabove the pertinent line.regardsK. Hoercher-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards,Nick LarsenWellingtonNEW ZEALAND - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP PEAP, unable to load certificate
Hi Subscribers,I'm currently setting up a wireless hotspot for a cafe, and am currently stuck with the EAP part in FreeRADIUS.I'm running "FreeRADIUS Version 1.1.1" on FreeBSD`uname -a` output: FreeBSD radius02.01.net.nz 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Nov 2 22:33:15 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC sparc64 I'm trying to connect my i-mate PDA2k (PDA) to the Linksys WAG54g access point. The access point is set up to use WPA-RADIUS, but when I attempt to connect to it from the PDA, It say's the Linksys isn't sending a User-Password or CHAP-Password attribute, so this is where I thought I needed EAP. We want to make is as easy as possible for people with mobile devices to connect to the AP, so I decided to use the PEAP method, which requires tls{} to be enabled.I have created an SSL certificate (CA) and private key file, and put them in /etc/raddb/certs and referenced them correctly in eap.conf under tls{} but when I enable peap{} I get the following output from radiusd -XA:(On the 8th to last line, you'll see fopen, and it has nothing between the quotes in the 1st argument.)Starting - reading configuration files ... reread_config: reading radiusd.confConfig: including file: /etc/raddb/clients.confConfig: including file: /etc/raddb/snmp.confConfig: including file: /etc/raddb/eap.confConfig: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 5120 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: bind_address = 10.10.1.18 IP address [10.10.1.18] main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon. read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/local/libModule: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)"rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec) Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded SQL Counter sqlcounter: counter-name = "Daily-Session-Time" sqlcounter: check-name = "Max-Daily-Session" sqlcounter: key = "User-Name" sqlcounter: sqlmod-inst = "sql" sqlcounter: query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" sqlcounter: reset = "daily" sqlcounter: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"rlm_sqlcounter: Counter attribute Daily-Session-Time is number 1830 rlm_sqlcounter: Check attribute Max-Daily-Session is number 1831rlm_sqlcounter: Current Time: 1156477612 [2006-08-25 15:46:52], Next reset 1156507200 [2006-08-26 00:00:00]rlm_sqlcounter: Current Time: 1156477612 [2006-08-25 15:46:52], Prev reset 1156420800 [2006-08-25 00:00:00] Module: Instantiated sqlcounter (dailycounter) sqlcounter: counter-name = "Monthly-Session-Time" sqlcounter: check-name = "Max-Monthly-Session" sqlcounter: key = "User-Name" sqlcounter: sqlmod-inst = "sql" sqlcounter: query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" sqlcounter: reset = "monthly" sqlcounter: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"rlm_sqlcounter: Counter attribute Monthly-Session-Time is number 1832 rlm_sqlcounter: Check attribute Max-Monthly-Session is number 1833rlm_sqlcounter: Current Time: 1156477612 [2006-08-25 15:46:52], Next reset 1157025600 [2006-09-01 00:00:00]rlm_sqlcounter: Current Time: 1156477612 [2006-08-25 15:46:52], Prev reset 1154347200 [2006-08-01 00:00:00] Module: Instantiated sqlcounter (monthlycounter)Module: Loaded PAP pap: encryption_scheme = "crypt"Module: Instantiated pap (pap)Module: Loaded CHAPModule: Instantiated chap (chap)Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_ha