Re: Fw: CHAP not working after upgrade from 0.9.3 to 1.0
But why the 0.9.3 version reading from the same LDAP database detect it as clear.. I don't think I should change anything in LDAP.. Maybe new setting is required in 1.0.0 which i don't know.. --haizam - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 17, 2004 22:20 Subject: Re: Fw: CHAP not working after upgrade from 0.9.3 to 1.0 Rohaizam Abu Bakar [EMAIL PROTECTED] wrote: Anyone can help...?? I've changed a few line in radiusd.conf.. still problem.. But when I divert the request to 0.9.3 version reading same LDAP entry It is OK So the password is confirm in clear form The debug log you posted shows that the server is NOT reading the clear-text password from the LDAP database. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP not working after upgrade from 0.9.3 to 1.0
Just upgraded from 0.9.3 to 1.0 on my FreeBSD 4.9 machine... Previously while on 0.9.3, PAP CHAP working fine... But now... after upgrade to 1.0.. CHAP is not working... The configuration in 1.0 is following previous 0.9.3 version... (rewritten.. not replacing!!) From the debug log below.. It keep complaining cannot find clear password.. I'm very sure that the password in clear form.. since while using 0.9.3.. it read the same entry and OK.. Please help..!!! --haizam User-Name = kpdn.gov.my CHAP-Password = 0xae9a6aff9c471ab31942831e2418d0bebd Processing the authorize section of radiusd.conf modcall: entering group authorize for request 52 modcall[authorize]: module preprocess returns ok for request 52 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 52 modcall[authorize]: module mschap returns noop for request 52 rlm_realm: No '/' in User-Name = kpdn.gov.my, skipping NULL due to config. modcall[authorize]: module IPASS returns noop for request 52 rlm_realm: No '@' in User-Name = kpdn.gov.my, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = kpdn.gov.my rlm_realm: Proxying request from user kpdn.gov.my to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 52 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 52 modcall[authorize]: module files returns notfound for request 52 modcall: entering group redundant for request 52 rlm_ldap: - authorize rlm_ldap: performing user authorization for kpdn.gov.my radius_xlat: '(uid=kpdn.gov.my)' radius_xlat: 'ou=RADIUS,ou=People,dc=jaring,dc=my' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=RADIUS,ou=People,dc=jaring,dc=my, with filter (uid=kpdn.gov.my) rlm_ldap: checking if remote access for kpdn.gov.my is allowed by dialupAccess rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelServerAuthId as Tunnel-Server-Auth-Id, value :0:X op=11 rlm_ldap: Adding radiusTunnelClientAuthId as Tunnel-Client-Auth-Id, value :0:X op=11 rlm_ldap: Adding radiusTunnelAssignmentId as Tunnel-Assignment-Id, value :0:XX op=11 rlm_ldap: Adding radiusTunnelPassword as Tunnel-Password, value :0:XX op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value :0:IP op=11 rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value :0:L2TP op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Outbound-User op=11 rlm_ldap: extracted attribute Cisco-AVPair from generic item Cisco-AVPair += vpdn:ip-addresses= rlm_ldap: user kpdn.gov.my authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap1 returns ok for request 52 modcall: group redundant returns ok for request 52 modcall: group authorize returns ok for request 52 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 52 rlm_chap: login attempt by kpdn.gov.my with CHAP password rlm_chap: Could not find clear text password for user kpdn.gov.my modcall[authenticate]: module chap returns invalid for request 52 modcall: group Auth-Type returns invalid for request 52 auth: Failed to validate the user. Login incorrect (rlm_chap: Clear text password not available): [kpdn.gov.my] (from client sysadmin port 0) Delaying request 52 for 1 seconds Finished request 52 Going to the next request - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fw: CHAP not working after upgrade from 0.9.3 to 1.0
Anyone can help...?? I've changed a few line in radiusd.conf.. still problem.. But when I divert the request to 0.9.3 version reading same LDAP entry It is OK So the password is confirm in clear form --haizam - Original Message - From: Rohaizam Abu Bakar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 16, 2004 16:56 Subject: CHAP not working after upgrade from 0.9.3 to 1.0 Just upgraded from 0.9.3 to 1.0 on my FreeBSD 4.9 machine... Previously while on 0.9.3, PAP CHAP working fine... But now... after upgrade to 1.0.. CHAP is not working... The configuration in 1.0 is following previous 0.9.3 version... (rewritten.. not replacing!!) From the debug log below.. It keep complaining cannot find clear password.. I'm very sure that the password in clear form.. since while using 0.9.3.. it read the same entry and OK.. Please help..!!! --haizam User-Name = kpdn.gov.my CHAP-Password = 0xae9a6aff9c471ab31942831e2418d0bebd Processing the authorize section of radiusd.conf modcall: entering group authorize for request 52 modcall[authorize]: module preprocess returns ok for request 52 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 52 modcall[authorize]: module mschap returns noop for request 52 rlm_realm: No '/' in User-Name = kpdn.gov.my, skipping NULL due to config. modcall[authorize]: module IPASS returns noop for request 52 rlm_realm: No '@' in User-Name = kpdn.gov.my, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = kpdn.gov.my rlm_realm: Proxying request from user kpdn.gov.my to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 52 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 52 modcall[authorize]: module files returns notfound for request 52 modcall: entering group redundant for request 52 rlm_ldap: - authorize rlm_ldap: performing user authorization for kpdn.gov.my radius_xlat: '(uid=kpdn.gov.my)' radius_xlat: 'ou=RADIUS,ou=People,dc=jaring,dc=my' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=RADIUS,ou=People,dc=jaring,dc=my, with filter (uid=kpdn.gov.my) rlm_ldap: checking if remote access for kpdn.gov.my is allowed by dialupAccess rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelServerAuthId as Tunnel-Server-Auth-Id, value :0:X op=11 rlm_ldap: Adding radiusTunnelClientAuthId as Tunnel-Client-Auth-Id, value :0:X op=11 rlm_ldap: Adding radiusTunnelAssignmentId as Tunnel-Assignment-Id, value :0:XX op=11 rlm_ldap: Adding radiusTunnelPassword as Tunnel-Password, value :0:XX op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value :0:IP op=11 rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value :0:L2TP op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Outbound-User op=11 rlm_ldap: extracted attribute Cisco-AVPair from generic item Cisco-AVPair += vpdn:ip-addresses= rlm_ldap: user kpdn.gov.my authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap1 returns ok for request 52 modcall: group redundant returns ok for request 52 modcall: group authorize returns ok for request 52 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 52 rlm_chap: login attempt by kpdn.gov.my with CHAP password rlm_chap: Could not find clear text password for user kpdn.gov.my modcall[authenticate]: module chap returns invalid for request 52 modcall: group Auth-Type returns invalid for request 52 auth: Failed to validate the user. Login incorrect (rlm_chap: Clear text password not available): [kpdn.gov.my] (from client sysadmin port 0) Delaying request 52 for 1 seconds Finished request 52 Going to the next request - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html