Re: Fwd: Auth configuration help

2011-08-24 Thread Alan DeKok 
Dom wrote:
> I was hoping someone could help.  We have a cisco 3825 with radius 
> server pointed to our freeradius installation.  When I test radius 
> authentication using NTRadping using CHAP authentication everything 
> works fine.  However when we try to connect via a standard dsl 
> connection we get these failures.  I was hoping someone could help point 
> me in the right direction to fix the issue.

  You haven't posted the debug log from the CHAP authentication.  For
some reason, you're treating CHAP *differently* from PAP.  This is not
part of the default config, so it's something you've done.

> [pap] WARNING! No "known good" password found for the user.  
> Authentication may fail because of this.

  Maybe that's a clue?  Reading the debug log helps.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Fwd: Auth configuration help

2011-08-24 Thread Dom 



 Original Message 
Subject:Auth configuration help
Date:   Wed, 24 Aug 2011 21:53:46 -0400
From:   Dom 
To: freeradius-users@lists.freeradius.org



I was hoping someone could help.  We have a cisco 3825 with radius
server pointed to our freeradius installation.  When I test radius
authentication using NTRadping using CHAP authentication everything
works fine.  However when we try to connect via a standard dsl
connection we get these failures.  I was hoping someone could help point
me in the right direction to fix the issue.

Thanks

rad_recv: Access-Request packet from host 64.34.66.5 port 1645, id=26,
length=134
Framed-Protocol = PPP
User-Name = "aew...@domain.ca"
User-Password = "password"
Calling-Station-Id = "bas10530096"
Connect-Info = "10"
NAS-Port-Type = Virtual
NAS-Port = 26
NAS-Port-Id = "Uniq-Sess-ID26"
Service-Type = Framed-User
NAS-IP-Address = 64.34..
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "tekcorner.ca" for User-Name = "aew...@domain.ca"
[suffix] No such realm "domain.ca"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->  aew...@domain.ca
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 26 to 64.34.xxx.xxx port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 26 with timestamp +97
Ready to process requests.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html