subject:"problem in integeration with poptop"

Re: problem in integeration with poptop

2007-10-17 Thread Alan DeKok

hadi golestani wrote:
> I know that it's taking too much , but plz accept my apologize 'cause I
> a little confused and have no time(sorry to say that and I know that
> it's not a commercial community so plz don't be angry at me).

  If cannot make the time to understand the problem and solution, you
won't be very successful in fixing it.

> I've add the below line at the top of the users file.
> root  Cleartext-Password := "myRealRootPassword"
> 
> because this is the real root / root's password of my linux, this line
> in debug 'cause that access-accept via radtest
> 
> modcall: entering group authenticate for request 0
>   modcall[authenticate]: module "unix" returns ok for request 0

  Then it's not using the entry you configured.

> modcall: leaving group authenticate (returns ok) for request 0
> Sending Access-Accept of id 219 to 127.0.0.1  port 32772
> 
> but when I've changed it to e.g. test / testpass old error occurred.

You're not posting the full debug log, as suggested in the
FAQ, README, INSTALL, etc.

  You're probably also massively editing radiusd.conf.  STOP IT.

  Start with the default configuration files, and follow the FAQ to add
a test account in the "users" file.  Follow the FAQ to check that the
account works, via "radtest".

  Then, login from the VPN client using that test account.

  If it doesn't work, I will be shocked.

  Again, most of the problems you see are because you are editing the
configuration without understanding what you're doing.  The default
configuration is designed to work in the widest possible set of
circumstances, with minimum changes required to get ANYTHING to work.

  I feel like putting that in letters 10 feet high in the FAQ, README,
etc.  But somehow I think there will still be people who won't bother
reading them.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

2007-10-17 Thread hadi golestani

I know that it's taking too much , but plz accept my apologize 'cause I a
little confused and have no time(sorry to say that and I know that it's not
a commercial community so plz don't be angry at me).

I've add the below line at the top of the users file.
root  Cleartext-Password := "myRealRootPassword"

because this is the real root / root's password of my linux, this line in
debug 'cause that access-accept via radtest

modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns ok for request 0
modcall: leaving group authenticate (returns ok) for request 0
Sending Access-Accept of id 219 to 127.0.0.1 port 32772

but when I've changed it to e.g. test / testpass old error occurred.
and when I try to connect from vpn client even for root / root's real
password the access has been rejected with this debug output:

modcall: entering group MS-CHAP for request 1
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 1
modcall: leaving group MS-CHAP (returns reject) for request 1
auth: Failed to validate the user.

why radiusd said No User-Password configured? Does it mean that password is
not received from pptpd?

tnx a lot.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

2007-10-17 Thread tnt

It's Cleartext not Clertext for the password attribute.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

2007-10-17 Thread Alan DeKok

hadi golestani wrote:
> I've add that line and comment ntlm line but still some error( tnx god
> it's not the same error)
> 
> my radtest syntax:
> radtest root rootpassword localhost.localdomain 1645 testing123
> 
> modcall[authorize]: module "files" returns ok for request 4

You deleted most of the debug log.  If you don't know what the
problem is, you don't know what's important in the debug log, and what's
not important.

> rlm_pap: WARNING! No "known good" password found for the user. 
> Authentication may fail because of this.
>   modcall[authorize]: module "pap" returns noop for request 4
> modcall: leaving group authorize (returns ok) for request 4
>   rad_check_password:  Found Auth-Type System
> auth: type "System"

  So you didn't put the entry at the TOP of the "users" file.  The FAQ
contains instructions for getting simple PAP authentication working.
It's really not hard.

> i've attached radius.conf and users and output of debug mode for both
> radtest and vpn client.

  Why?  The problem is simple: you haven't followed the instructions in
the FAQ for PAP authentication.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

2007-10-16 Thread tnt

You have obviously done some work on breaking the server configuration.
Put mschap{} section back the way it was (with ntlm_auth line commented
out). You don't need *any* changes to the default configuration if you
are using users file. Put this in users file:

root   Clertext-Password := "rootpassword"

Radtest will work and so will mschap (VPN).

Ivan Kalik
Kalik Informatika ISP


Dana 16/10/2007, "hadi golestani" <[EMAIL PROTECTED]> piše:

>I've change it to /usr/bin/ntlm_auth ( found from locate ntlm )
>but still same error.
>What I must add to users file to test my radius from radtest or vpn client?
>
>sorry for bothering I'm too newbie.
>
>On 10/16/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>>
>> Well path to ntlm_auth obviously isn't /path/to/ntlm_auth.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 16/10/2007, "hadi golestani" <[EMAIL PROTECTED]> pi�e:
>>
>> >hi,
>> >I've installed poptop and freeradius well and both are working,
>> >but when I try to connect from a vpn connection or even radtest some
>> error
>> >occured.
>> >what I need to add to users.conf for a simple radtest connection or a vpn
>> >client?
>> >
>> >it's the output of debug mode for vpn client, some thing like this has
>> been
>> >printed for radtest also:
>> >
>> >
>> >rad_recv: Access-Request packet from host 127.0.0.1:32770, id=30,
>> length=132
>> >
>> >Service-Type = Framed-User
>> >Framed-Protocol = PPP
>> >User-Name = "root"
>> >MS-CHAP-Challenge = 0x4d1a9b1028ef83957754c83ce0f55e01
>> >MS-CHAP2-Response =
>>
>> >0x9e000d1394f73d58cc731cd6cf58de7cb74f8c6daec89825fb28b90bb60b737fb683a4a80f6252935547
>> >
>> >NAS-IP-Address = 127.0.0.1
>> >NAS-Port = 0
>> >  Processing the authorize section of radiusd.conf
>> >modcall: entering group authorize for request 11
>> >  modcall[authorize]: module "preprocess" returns ok for request 11
>> >  modcall[authorize]: module "chap" returns noop for request 11
>> >  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
>> >  modcall[authorize]: module "mschap" returns ok for request 11
>> >rlm_realm: No '@' in User-Name = "root", looking up realm NULL
>> >rlm_realm: No such realm "NULL"
>> >  modcall[authorize]: module "suffix" returns noop for request 11
>> >  rlm_eap: No EAP-Message, not doing EAP
>> >  modcall[authorize]: module "eap" returns noop for request 11
>> >users: Matched entry DEFAULT at line 152
>> >users: Matched entry DEFAULT at line 171
>> >users: Matched entry DEFAULT at line 183
>> >  modcall[authorize]: module "files" returns ok for request 11
>> >modcall: leaving group authorize (returns ok) for request 11
>> >  rad_check_password:  Found Auth-Type MS-CHAP
>> >auth: type "MS-CHAP"
>> >  Processing the authenticate section of radiusd.conf
>> >modcall: entering group MS-CHAP for request 11
>> >  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>> >  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>> >  rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password
>> >radius_xlat: Running registered xlat function of module mschap for string
>> >'Challenge'
>> > mschap2: 4d
>> >radius_xlat: Running registered xlat function of module mschap for string
>> >'NT-Response'
>> >radius_xlat:  '/path/to/ntlm_auth --request-nt-key --username=root
>> >--challenge=f1090a99b916ef69
>> >--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547'
>> >Exec-Program: /path/to/ntlm_auth --request-nt-key --username=root
>> >--challenge=f1090a99b916ef69
>> >--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547
>> >Exec-Program output: Exec-Program: FAILED to execute /path/to/ntlm_auth:
>> No
>> >such file or directory
>> >Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
>> >/path/to/ntlm_auth: No such file or directory
>> >Exec-Program: returned: 1
>> >  rlm_mschap: External script failed.
>> >  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>> >  modcall[authenticate]: module "mschap" returns reject for request 11
>> >modcall: leaving group MS-CHAP (returns reject) for request 11
>> >auth: Failed to validate the user.
>> >Delaying request 11 for 1 seconds
>> >Finished request 11
>> >Going to the next request
>> >--- Walking the entire request list ---
>> >Waking up in 1 seconds...
>> >--- Walking the entire request list ---
>> >Waking up in 1 seconds...
>> >--- Walking the entire request list ---
>> >Sending Access-Reject of id 30 to 127.0.0.1 port 32770
>> >Waking up in 4 seconds...
>> >--- Walking the entire request list ---
>> >Cleaning up request 11 ID 30 with timestamp 47152198
>> >Nothing to do.  Sleeping until we see a request.
>> >
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

2007-10-16 Thread hadi golestani

I've change it to /usr/bin/ntlm_auth ( found from locate ntlm )
but still same error.
What I must add to users file to test my radius from radtest or vpn client?

sorry for bothering I'm too newbie.

On 10/16/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> Well path to ntlm_auth obviously isn't /path/to/ntlm_auth.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 16/10/2007, "hadi golestani" <[EMAIL PROTECTED]> piše:
>
> >hi,
> >I've installed poptop and freeradius well and both are working,
> >but when I try to connect from a vpn connection or even radtest some
> error
> >occured.
> >what I need to add to users.conf for a simple radtest connection or a vpn
> >client?
> >
> >it's the output of debug mode for vpn client, some thing like this has
> been
> >printed for radtest also:
> >
> >
> >rad_recv: Access-Request packet from host 127.0.0.1:32770, id=30,
> length=132
> >
> >Service-Type = Framed-User
> >Framed-Protocol = PPP
> >User-Name = "root"
> >MS-CHAP-Challenge = 0x4d1a9b1028ef83957754c83ce0f55e01
> >MS-CHAP2-Response =
>
> >0x9e000d1394f73d58cc731cd6cf58de7cb74f8c6daec89825fb28b90bb60b737fb683a4a80f6252935547
> >
> >NAS-IP-Address = 127.0.0.1
> >NAS-Port = 0
> >  Processing the authorize section of radiusd.conf
> >modcall: entering group authorize for request 11
> >  modcall[authorize]: module "preprocess" returns ok for request 11
> >  modcall[authorize]: module "chap" returns noop for request 11
> >  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
> >  modcall[authorize]: module "mschap" returns ok for request 11
> >rlm_realm: No '@' in User-Name = "root", looking up realm NULL
> >rlm_realm: No such realm "NULL"
> >  modcall[authorize]: module "suffix" returns noop for request 11
> >  rlm_eap: No EAP-Message, not doing EAP
> >  modcall[authorize]: module "eap" returns noop for request 11
> >users: Matched entry DEFAULT at line 152
> >users: Matched entry DEFAULT at line 171
> >users: Matched entry DEFAULT at line 183
> >  modcall[authorize]: module "files" returns ok for request 11
> >modcall: leaving group authorize (returns ok) for request 11
> >  rad_check_password:  Found Auth-Type MS-CHAP
> >auth: type "MS-CHAP"
> >  Processing the authenticate section of radiusd.conf
> >modcall: entering group MS-CHAP for request 11
> >  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
> >  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
> >  rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password
> >radius_xlat: Running registered xlat function of module mschap for string
> >'Challenge'
> > mschap2: 4d
> >radius_xlat: Running registered xlat function of module mschap for string
> >'NT-Response'
> >radius_xlat:  '/path/to/ntlm_auth --request-nt-key --username=root
> >--challenge=f1090a99b916ef69
> >--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547'
> >Exec-Program: /path/to/ntlm_auth --request-nt-key --username=root
> >--challenge=f1090a99b916ef69
> >--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547
> >Exec-Program output: Exec-Program: FAILED to execute /path/to/ntlm_auth:
> No
> >such file or directory
> >Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
> >/path/to/ntlm_auth: No such file or directory
> >Exec-Program: returned: 1
> >  rlm_mschap: External script failed.
> >  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> >  modcall[authenticate]: module "mschap" returns reject for request 11
> >modcall: leaving group MS-CHAP (returns reject) for request 11
> >auth: Failed to validate the user.
> >Delaying request 11 for 1 seconds
> >Finished request 11
> >Going to the next request
> >--- Walking the entire request list ---
> >Waking up in 1 seconds...
> >--- Walking the entire request list ---
> >Waking up in 1 seconds...
> >--- Walking the entire request list ---
> >Sending Access-Reject of id 30 to 127.0.0.1 port 32770
> >Waking up in 4 seconds...
> >--- Walking the entire request list ---
> >Cleaning up request 11 ID 30 with timestamp 47152198
> >Nothing to do.  Sleeping until we see a request.
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

2007-10-16 Thread tnt

Well path to ntlm_auth obviously isn't /path/to/ntlm_auth.

Ivan Kalik
Kalik Informatika ISP


Dana 16/10/2007, "hadi golestani" <[EMAIL PROTECTED]> piše:

>hi,
>I've installed poptop and freeradius well and both are working,
>but when I try to connect from a vpn connection or even radtest some error
>occured.
>what I need to add to users.conf for a simple radtest connection or a vpn
>client?
>
>it's the output of debug mode for vpn client, some thing like this has been
>printed for radtest also:
>
>
>rad_recv: Access-Request packet from host 127.0.0.1:32770, id=30, length=132
>
>Service-Type = Framed-User
>Framed-Protocol = PPP
>User-Name = "root"
>MS-CHAP-Challenge = 0x4d1a9b1028ef83957754c83ce0f55e01
>MS-CHAP2-Response =
>0x9e000d1394f73d58cc731cd6cf58de7cb74f8c6daec89825fb28b90bb60b737fb683a4a80f6252935547
>
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 0
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 11
>  modcall[authorize]: module "preprocess" returns ok for request 11
>  modcall[authorize]: module "chap" returns noop for request 11
>  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
>  modcall[authorize]: module "mschap" returns ok for request 11
>rlm_realm: No '@' in User-Name = "root", looking up realm NULL
>rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 11
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 11
>users: Matched entry DEFAULT at line 152
>users: Matched entry DEFAULT at line 171
>users: Matched entry DEFAULT at line 183
>  modcall[authorize]: module "files" returns ok for request 11
>modcall: leaving group authorize (returns ok) for request 11
>  rad_check_password:  Found Auth-Type MS-CHAP
>auth: type "MS-CHAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group MS-CHAP for request 11
>  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
>  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>  rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password
>radius_xlat: Running registered xlat function of module mschap for string
>'Challenge'
> mschap2: 4d
>radius_xlat: Running registered xlat function of module mschap for string
>'NT-Response'
>radius_xlat:  '/path/to/ntlm_auth --request-nt-key --username=root
>--challenge=f1090a99b916ef69
>--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547'
>Exec-Program: /path/to/ntlm_auth --request-nt-key --username=root
>--challenge=f1090a99b916ef69
>--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547
>Exec-Program output: Exec-Program: FAILED to execute /path/to/ntlm_auth: No
>such file or directory
>Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
>/path/to/ntlm_auth: No such file or directory
>Exec-Program: returned: 1
>  rlm_mschap: External script failed.
>  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>  modcall[authenticate]: module "mschap" returns reject for request 11
>modcall: leaving group MS-CHAP (returns reject) for request 11
>auth: Failed to validate the user.
>Delaying request 11 for 1 seconds
>Finished request 11
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 30 to 127.0.0.1 port 32770
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 11 ID 30 with timestamp 47152198
>Nothing to do.  Sleeping until we see a request.
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

problem in integeration with poptop

2007-10-16 Thread hadi golestani

hi,
I've installed poptop and freeradius well and both are working,
but when I try to connect from a vpn connection or even radtest some error
occured.
what I need to add to users.conf for a simple radtest connection or a vpn
client?

it's the output of debug mode for vpn client, some thing like this has been
printed for radtest also:


rad_recv: Access-Request packet from host 127.0.0.1:32770, id=30, length=132

Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "root"
MS-CHAP-Challenge = 0x4d1a9b1028ef83957754c83ce0f55e01
MS-CHAP2-Response =
0x9e000d1394f73d58cc731cd6cf58de7cb74f8c6daec89825fb28b90bb60b737fb683a4a80f6252935547

NAS-IP-Address = 127.0.0.1
NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
  modcall[authorize]: module "preprocess" returns ok for request 11
  modcall[authorize]: module "chap" returns noop for request 11
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
  modcall[authorize]: module "mschap" returns ok for request 11
rlm_realm: No '@' in User-Name = "root", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 11
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 11
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
  modcall[authorize]: module "files" returns ok for request 11
modcall: leaving group authorize (returns ok) for request 11
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 11
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password
radius_xlat: Running registered xlat function of module mschap for string
'Challenge'
 mschap2: 4d
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response'
radius_xlat:  '/path/to/ntlm_auth --request-nt-key --username=root
--challenge=f1090a99b916ef69
--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547'
Exec-Program: /path/to/ntlm_auth --request-nt-key --username=root
--challenge=f1090a99b916ef69
--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547
Exec-Program output: Exec-Program: FAILED to execute /path/to/ntlm_auth: No
such file or directory
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute
/path/to/ntlm_auth: No such file or directory
Exec-Program: returned: 1
  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 11
modcall: leaving group MS-CHAP (returns reject) for request 11
auth: Failed to validate the user.
Delaying request 11 for 1 seconds
Finished request 11
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 30 to 127.0.0.1 port 32770
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 11 ID 30 with timestamp 47152198
Nothing to do.  Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

Re: problem in integeration with poptop

Re: problem in integeration with poptop

Re: problem in integeration with poptop

Re: problem in integeration with poptop

Re: problem in integeration with poptop

Re: problem in integeration with poptop

problem in integeration with poptop

8 matches

Site Navigation

Mail list logo

Footer information