subject:"RE\: \[rad\] RE\: Free Radius users record samples for SmartEdgerouter subcriberauthentication."

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

2009-06-17 Thread Elias Abou Zeid

Hi Ivan,

I used the following user record:

a...@radius  User-Password == "test"
Service-Type = Framed-User,
Framed-Protocol = PPP

And I sent a CHAP request, authentication still work.


rad_recv: Access-Request packet from host 10.205.1.1:1812, id=212,
length=188
User-Name = "a...@radius"
CHAP-Password = 0x01fb483b2d567fd0e128500a3ce0980d0b
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = "Quiet"
NAS-Port = 167903232
NAS-Real-Port = 2717909092
NAS-Port-Type = Virtual
NAS-Port-Id = "10/2 vlan-id 100 pppoe 372"
Medium-Type = DSL
Mac-Addr = "00-0c-29-10-12-c3"
Platform-Type = SmartEdge-800
OS-Version = "6.1.2.6p9"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090617'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090617
  modcall[authorize]: module "auth_log" returns ok for request 0
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "RADIUS" for User-Name = "a...@radius"
rlm_realm: No such realm "RADIUS"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry a...@radius at line 148
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
  rlm_chap: login attempt by "a...@radius" with CHAP password
  rlm_chap: Using clear text password "test" for user a...@radius
authentication.
  rlm_chap: chap user a...@radius authenticated succesfully
  modcall[authenticate]: module "chap" returns ok for request 0
modcall: leaving group CHAP (returns ok) for request 0
Login OK: [...@radius/] (from client SE-Quiet port
167903232)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_ippool: Could not find Pool-Name attribute.
  modcall[post-auth]: module "main_pool" returns noop for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/10.205.1.1/reply-detail-20090617'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m
%d expands to
/usr/local/var/log/radius/radacct/10.205.1.1/reply-detail-20090617
  modcall[post-auth]: module "reply_log" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 212 to 10.205.1.1 port 1812
Service-Type = Framed-User
Framed-Protocol = PPP
Finished request 0

 

-Original Message-
From:
freeradius-users-bounces+elias.abou.zeid=ericsson....@lists.freeradius.o
rg
[mailto:freeradius-users-bounces+elias.abou.zeid=ericsson@lists.free
radius.org] On Behalf Of Ivan Kalik
Sent: June-17-09 11:02 AM
To: FreeRadius users mailing list
Subject: RE: [rad] RE: Free Radius users record samples for
SmartEdgerouter subcriberauthentication.

> Just out for sake of completeness. On FreeRADIUS Version 1.1.7
>
> I tried both User-Password == "test" and Cleartext-Password := "test".
>
> They both work fine when the user entry is before default setting in 
> users file.

For a pap request. Try sending chap or mschap request and see what
happens. Cleartext-Password will work with all cases, User-Password
won't.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

2009-06-17 Thread Charles Gregory


On Wed, 17 Jun 2009, Elias Abou Zeid wrote:

Just out for sake of completeness. On FreeRADIUS Version 1.1.7
I tried both User-Password == "test" and Cleartext-Password := "test".
They both work fine when the user entry is before default setting in
users file.
Just to let you know.
Elias


Thank you, Elias.

- Charles
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

2009-06-17 Thread Ivan Kalik

> Just out for sake of completeness. On FreeRADIUS Version 1.1.7
>
> I tried both User-Password == "test" and Cleartext-Password := "test".
>
> They both work fine when the user entry is before default setting in
> users file.

For a pap request. Try sending chap or mschap request and see what
happens. Cleartext-Password will work with all cases, User-Password won't.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

2009-06-17 Thread Alan DeKok

Elias Abou Zeid wrote:
> Just out for sake of completeness. On FreeRADIUS Version 1.1.7
> 
> I tried both User-Password == "test" and Cleartext-Password := "test".
> 
> They both work fine when the user entry is before default setting in
> users file.

  Yes.  Because *old* versions of the server accepted 'User-Password
==', and not 'Cleartext-Password :='.  We try to keep compatibility
between versions of the server.

  Even with that, 'User-Password ==' is wrong.  It's been wrong for
nearly three years now.  Any blog, web page, "howto", etc. that suggests
it is wrong, and is out of date.

  At some point, that backwards compatibility will be removed.  Any
systems still using "User-Password ==" will then *break*.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

2009-06-17 Thread Elias Abou Zeid

Hi,

Just out for sake of completeness. On FreeRADIUS Version 1.1.7

I tried both User-Password == "test" and Cleartext-Password := "test".

They both work fine when the user entry is before default setting in
users file.

Just to let you know.

Elias


-Original Message-
From:
freeradius-users-bounces+elias.abou.zeid=ericsson@lists.freeradius.o
rg
[mailto:freeradius-users-bounces+elias.abou.zeid=ericsson@lists.free
radius.org] On Behalf Of a.l.m.bu...@lboro.ac.uk
Sent: June-17-09 4:09 AM
To: FreeRadius users mailing list
Subject: Re: [rad] RE: Free Radius users record samples for
SmartEdgerouter subcriberauthentication.

Hi,

> I still suggest:
>
>> abcUser-Password == "test"

that is wrong. wrong and wrong


Elias, please put your entry at the top of the users file - or remove
the 

DEFAULT Auth-Type == System

from your config (this forces the server to always use 'system' auth
- which you really dont want)

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

2009-06-17 Thread Elias Abou Zeid

Alan,

It worked after I put my user entry before DEFAULT Auth-Type == System.

Thanks for your help,
Elias
-Original Message-
From:
freeradius-users-bounces+elias.abou.zeid=ericsson@lists.freeradius.o
rg
[mailto:freeradius-users-bounces+elias.abou.zeid=ericsson@lists.free
radius.org] On Behalf Of a.l.m.bu...@lboro.ac.uk
Sent: June-17-09 4:09 AM
To: FreeRadius users mailing list
Subject: Re: [rad] RE: Free Radius users record samples for
SmartEdgerouter subcriberauthentication.

Hi,

> I still suggest:
>
>> abcUser-Password == "test"

that is wrong. wrong and wrong


Elias, please put your entry at the top of the users file - or remove
the 

DEFAULT Auth-Type == System

from your config (this forces the server to always use 'system' auth
- which you really dont want)

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

2009-06-16 Thread Charles Gregory


On Tue, 16 Jun 2009, Elias Abou Zeid wrote:

a...@radius  Cleartext-Password := "test"
   Service-Type = Framed-User,
   Framed-Protocol = PPP


Why do you specify a realm (@RADIUS)? Try removing it, or, as suggested 
by others, specift a default realm.



   users: Matched entry DEFAULT at line 152
   users: Matched entry DEFAULT at line 171
   users: Matched entry DEFAULT at line 183


These lines tell us that you have more rules in your users file
than the one you list above. Taken at face value, looks like two rules 
with 'fall through' followed by one without. And it never gets to the rule 
for 'abc'.


Remember that radius looks for the first matching rule in your users file. 
DEFAULT rules should go at the bottom.


- Charles
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

Re: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

Re: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

RE: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

Re: [rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.

7 matches

Site Navigation

Mail list logo

Footer information