subject:"Re\: FreeRadius2\+daloRAIUS mschap problem\: No Cleartext\-Password configured"

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

2010-09-10 Thread Alan DeKok

Denis Iskandarov wrote:
 used for 802.1x EAP-TLS and EAP-TTLS (maybe for peap in future as
 well) with Ubiquiti and Mikrotik network equipment
 
 setup works perfectly without sql with text conf files.
 when creating user in sql getting next error:
 (Output omitted)

  You have deleted the output which is needed to help you.

 Found Auth-Type = MSCHAP
 +- entering group MS-CHAP {...}
 [mschap] No Cleartext-Password configured.  Cannot create LM-Password.
 [mschap] No Cleartext-Password configured.  Cannot create NT-Password.

  So... you haven't told the server what the known good password is
for the user.  Go fix that.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

2010-09-10 Thread Denis Iskandarov

  You have deleted the output which is needed to help you.

 Found Auth-Type = MSCHAP
 +- entering group MS-CHAP {...}
 [mschap] No Cleartext-Password configured.  Cannot create LM-Password.
 [mschap] No Cleartext-Password configured.  Cannot create NT-Password.

  So... you haven't told the server what the known good password is
 for the user.  Go fix that.

Sorry i didn't understand you. which good known password ?I'm using
daloRADIUS. and while creating user i appended cleartext password :=
to it:
Here is output of radcheck table:

mysql select * from radcheck;
++--+++-+
|  id | username | attribute   | op | value   |
++--+++-+
|  2 | ubnt123  | Cleartext-Password | := | ubnt321 |
++--+++-+

It's almost same string as in users text conf, but in mysql table form.
Something changed while using sql. freeradius or mschap can't
understand this field. Don't know why.
Here is full debug output:

FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar
31 2010 at 00:25:31
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
   prefix = /usr
   localstatedir = /var
   logdir = /var/log/radius
   libdir = /usr/lib/freeradius
   radacctdir = /var/log/radius/radacct
   hostname_lookups = no
   max_request_time = 30
   cleanup_delay = 5
   max_requests = 1024
   allow_core_dumps = no
   pidfile = /var/run/radiusd/radiusd.pid
   checkrad = /usr/sbin/checkrad
   debug_level = 0
   proxy_requests = yes
 log {
   stripped_names = no
   auth = yes

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

2010-09-10 Thread Alan DeKok

Denis Iskandarov wrote:
 Sorry i didn't understand you. which good known password ?I'm using
 daloRADIUS. and while creating user i appended cleartext password :=
 to it:
 Here is output of radcheck table:

  Yes...

 It's almost same string as in users text conf, but in mysql table form.
 Something changed while using sql. freeradius or mschap can't
 understand this field. Don't know why.

  It's in the debug output.  You uncommented sql in
raddb/sites-enabled/default, but *not* in raddb/sites-enabled/inner-tunnel

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

2010-09-10 Thread John Dennis


On 09/10/2010 09:18 AM, Denis Iskandarov wrote:

  You have deleted the output which is needed to help you.


Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.


  So... you haven't told the server what the known good password is
for the user.  Go fix that.


Sorry i didn't understand you. which good known password ?I'm using
daloRADIUS. and while creating user i appended cleartext password :=
to it:
Here is output of radcheck table:

mysql  select * from radcheck;
++--+++-+
|  id | username | attribute   | op | value   |
++--+++-+
|  2 | ubnt123  | Cleartext-Password | := | ubnt321 |
++--+++-+

It's almost same string as in users text conf, but in mysql table form.
Something changed while using sql. freeradius or mschap can't
understand this field. Don't know why.
Here is full debug output:


It doesn't look like you've got sql enabled in the inner tunnel (e.g. 
the virtual server invoked after a TLS session is established). Edit 
your config to enable sql in the inner-tunnel.


--
John Dennis jden...@redhat.com

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

2010-09-10 Thread Denis Iskandarov

Thanks too all of You !
It worked!!!
I saw all the documentations on freeradius, different howtos and forum
threads, but didn't saw this option.
why people didn't wrote about this.

Also one newbie question about this mailing list: How should i answer
on answers of my thread? Put Re:Re: in the beginning ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

Re: FreeRadius2+daloRAIUS mschap problem: No Cleartext-Password configured

5 matches

Site Navigation

Mail list logo

Footer information