Hi, No, again I can assure you that the same password is sent in both cases, and it matches the password on the server (stored in clear text).
Thursday, September 6, 2007, 11:04:12 AM, you wrote: > Password on the server is most likely the same. Password sent most likely > isn't. > Ivan Kalik > Kalik Informatika ISP > Dana 6/9/2007, "Dan Searle" <[EMAIL PROTECTED]> piše: >>Hi, >> >>I can assure you the password is exactly the same in both cases. I'll >>try and setup a test user later on and post the results. But the >>passwords in the two traces I posted below were the same. >> >>Dan... >> >>Thursday, September 6, 2007, 10:47:34 AM, you wrote: >> >>> And how can anyone help? You have deleted the most relevant parts of the >>> debug (CHAP attributes and the password, which, according to the server, >>> are not the same in both cases). If you don't want to use data from a >>> real user, create a test one and post that. >> >>> Ivan Kalik >>> Kalik Informatika ISP >> >> >>> Dana 6/9/2007, "Dan Searle" <[EMAIL PROTECTED]> piše: >> >>>>Hi, >>>> >>>>Hello? Is there anybody out there? Can someone who knows how CHAP >>>>works please explain to me how this could be happening? >>>> >>>>Does a CHAP challenge time-out after a certain amount of time? Does >>>>the rlm_chap module hold a copy of old CHAP challenge's and prevent >>>>the same one being re-used to stop replay attacks? If so how do I >>>>switch this off? >>>> >>>>Anyone? Anything? >>>> >>>>Dan... >>>> >>>>Thursday, August 30, 2007, 3:08:16 PM, you wrote: >>>> >>>>> Hi, >>>> >>>>> I've been running a free radius server for a while now, but today for >>>>> no apparent reason I'm getting a lot of intermittent authentication >>>>> failures using the rlm_chap module. >>>> >>>>> Here's a trace of two login's the first works fine, the second a few >>>>> moments later fails, the username and password supplied in both cases >>>>> are correct and exactly the same. Can anyone shed any light on this? >>>>> I've tried rebuilding the mysql database from scratch, and recompiling >>>>> and installing the radius server, but to no avail... >>>> >>>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>>> rad_recv: Access-Request packet from host 81.178.20.107:1024, id=25, >>>>> length=204 >>>>> NAS-Port-Type = Wireless-802.11 >>>>> Calling-Station-Id = "00:14:A4:87:DF:FF" >>>>> Called-Station-Id = "rural-ap1" >>>>> NAS-Port-Id = "wlan2" >>>>> User-Name = "[EMAIL PROTECTED]" >>>>> NAS-Port = 2149580817 >>>>> Acct-Session-Id = "80200011" >>>>> Framed-IP-Address = 10.5.50.254 >>>>> Mikrotik-Host-IP = 10.5.50.254 >>>>> CHAP-Challenge = 0xxxxxx[removed] >>>>> CHAP-Password = 0xxxxxx[removed] >>>>> Service-Type = Login-User >>>>> WISPr-Logoff-URL = "http://10.5.50.1/logout"; >>>>> NAS-Identifier = "rural-ap1" >>>>> NAS-IP-Address = 10.0.0.249 >>>>> Processing the authorize section of radiusd.conf >>>>> modcall: entering group authorize for request 3 >>>>> modcall[authorize]: module "preprocess" returns ok for request 3 >>>>> rlm_chap: Setting 'Auth-Type := CHAP' >>>>> modcall[authorize]: module "chap" returns ok for request 3 >>>>> users: Matched entry DEFAULT at line 54 >>>>> radius_xlat: '/usr/local/bin/mtauth.pl [EMAIL PROTECTED]' >>>>> modcall[authorize]: module "files" returns ok for request 3 >>>>> radius_xlat: '[EMAIL PROTECTED]' >>>>> rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]' >>>>> radius_xlat: 'SELECT id, UserName, Attribute, Value, op >>>>> FROM radcheck WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id' >>>>> rlm_sql (sql): Reserving sql socket id: 0 >>>>> rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op >>>>> FROM radcheck WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id >>>>> radius_xlat: 'SELECT >>>>> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op >>>>> FROM radgroupcheck,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName >>>>> ORDER BY radgroupcheck.id' >>>>> rlm_sql_mysql: query: SELECT >>>>> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op >>>>> FROM radgroupcheck,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName >>>>> ORDER BY radgroupcheck.id >>>>> radius_xlat: 'SELECT id, UserName, Attribute, Value, op >>>>> FROM radreply WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id' >>>>> rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op >>>>> FROM radreply WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id >>>>> radius_xlat: 'SELECT >>>>> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op >>>>> FROM radgroupreply,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName >>>>> ORDER BY radgroupreply.id' >>>>> rlm_sql_mysql: query: SELECT >>>>> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op >>>>> FROM radgroupreply,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName >>>>> ORDER BY radgroupreply.id >>>>> rlm_sql (sql): Released sql socket id: 0 >>>>> modcall[authorize]: module "sql" returns ok for request 3 >>>>> modcall: leaving group authorize (returns ok) for request 3 >>>>> rad_check_password: Found Auth-Type CHAP >>>>> auth: type "CHAP" >>>>> Processing the authenticate section of radiusd.conf >>>>> modcall: entering group CHAP for request 3 >>>>> rlm_chap: login attempt by "[EMAIL PROTECTED]" with CHAP password >>>>> rlm_chap: Using clear text password "xxxxxxx" for user [EMAIL >>>>> PROTECTED] authentication. >>>>> rlm_chap: chap user [EMAIL PROTECTED] authenticated succesfully >>>>> modcall[authenticate]: module "chap" returns ok for request 3 >>>>> modcall: leaving group CHAP (returns ok) for request 3 >>>>> Exec-Program output: Session-Timeout=1173, >>>>> Mikrotik-Xmit-Limit=1073222818, Mikrotik-Recv-Limit=1073515121, >>>>> Exec-Program-Wait: value-pairs: Session-Timeout=1173, >>>>> Mikrotik-Xmit-Limit=1073222818, Mikrotik-Recv-Limit=1073515121, >>>>> Exec-Program: returned: 0 >>>>> Sending Access-Accept of id 25 to 81.178.20.107 port 1024 >>>>> Session-Timeout = 1173 >>>>> Mikrotik-Xmit-Limit = 1073222818 >>>>> Mikrotik-Recv-Limit = 1073515121 >>>>> Finished request 3 >>>> >>>>> ---------------------------------------------------------------------------------------- >>>> >>>>> rad_recv: Access-Request packet from host 81.178.20.107:1024, id=24, >>>>> length=204 >>>>> NAS-Port-Type = Wireless-802.11 >>>>> Calling-Station-Id = "00:14:A4:87:DF:FF" >>>>> Called-Station-Id = "rural-ap1" >>>>> NAS-Port-Id = "wlan2" >>>>> User-Name = "[EMAIL PROTECTED]" >>>>> NAS-Port = 2149580816 >>>>> Acct-Session-Id = "80200010" >>>>> Framed-IP-Address = 10.5.50.254 >>>>> Mikrotik-Host-IP = 10.5.50.254 >>>>> CHAP-Challenge = 0xxxxxx[removed] >>>>> CHAP-Password = 0xxxxxx[removed] >>>>> Service-Type = Login-User >>>>> WISPr-Logoff-URL = "http://10.5.50.1/logout"; >>>>> NAS-Identifier = "rural-ap1" >>>>> NAS-IP-Address = 10.0.0.249 >>>>> Processing the authorize section of radiusd.conf >>>>> modcall: entering group authorize for request 5 >>>>> modcall[authorize]: module "preprocess" returns ok for request 5 >>>>> rlm_chap: Setting 'Auth-Type := CHAP' >>>>> modcall[authorize]: module "chap" returns ok for request 5 >>>>> users: Matched entry DEFAULT at line 54 >>>>> radius_xlat: '/usr/local/bin/mtauth.pl [EMAIL PROTECTED]' >>>>> modcall[authorize]: module "files" returns ok for request 5 >>>>> radius_xlat: '[EMAIL PROTECTED]' >>>>> rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]' >>>>> radius_xlat: 'SELECT id, UserName, Attribute, Value, op >>>>> FROM radcheck WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id' >>>>> rlm_sql (sql): Reserving sql socket id: 3 >>>>> rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op >>>>> FROM radcheck WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id >>>>> radius_xlat: 'SELECT >>>>> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op >>>>> FROM radgroupcheck,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName >>>>> ORDER BY radgroupcheck.id' >>>>> rlm_sql_mysql: query: SELECT >>>>> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op >>>>> FROM radgroupcheck,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName >>>>> ORDER BY radgroupcheck.id >>>>> radius_xlat: 'SELECT id, UserName, Attribute, Value, op >>>>> FROM radreply WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id' >>>>> rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op >>>>> FROM radreply WHERE Username = '[EMAIL PROTECTED]' >>>>> ORDER BY id >>>>> radius_xlat: 'SELECT >>>>> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op >>>>> FROM radgroupreply,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName >>>>> ORDER BY radgroupreply.id' >>>>> rlm_sql_mysql: query: SELECT >>>>> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op >>>>> FROM radgroupreply,usergroup WHERE usergroup.Username = >>>>> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName >>>>> ORDER BY radgroupreply.id >>>>> rlm_sql (sql): Released sql socket id: 3 >>>>> modcall[authorize]: module "sql" returns ok for request 5 >>>>> modcall: leaving group authorize (returns ok) for request 5 >>>>> rad_check_password: Found Auth-Type CHAP >>>>> auth: type "CHAP" >>>>> Processing the authenticate section of radiusd.conf >>>>> modcall: entering group CHAP for request 5 >>>>> rlm_chap: login attempt by "[EMAIL PROTECTED]" with CHAP password >>>>> rlm_chap: Using clear text password "xxxxxxx" for user [EMAIL >>>>> PROTECTED] authentication. >>>>> rlm_chap: Password check failed >>>>> modcall[authenticate]: module "chap" returns reject for request 5 >>>>> modcall: leaving group CHAP (returns reject) for request 5 >>>>> auth: Failed to validate the user. >>>> >>>> >>>>> ---------------------------------------------------------------------------------------- >>>> >>>> >>>>> -- >>>> >>>>> Dan Searle >>>>> Adelix Ltd >>>>> [EMAIL PROTECTED] web: www.adelix.com >>>>> tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 >>>>> snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. >>>> >>>>> Adelix Ltd is a registered company in England & Wales No. 4232156 >>>>> VAT registration number 779 4232 91 >>>>> Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) >>>> >>>>> Any views expressed in this email communication are those >>>>> of the individual sender, except where the sender specifically states >>>>> them to be the views of a member of Adelix Ltd. Adelix Ltd. does not >>>>> represent, warrant or guarantee that the integrity of this communication >>>>> has been maintained nor that the communication is free of errors or >>>>> interference. >>>> >>>> >>>>> ------------------------------------------------------------------------------------ >>>>> Scanned for viruses, spam and offensive content by CensorNet MailSafe >>>> >>>>> Professional Web & E-mail Filtering from www.censornet.com >>>>> - >>>>> List info/subscribe/unsubscribe? See >>>>> http://www.freeradius.org/list/users.html >>>> >>>>> ------------------------------------------------------------------------------------ >>>>> Scanned for viruses, spam and offensive content by CensorNet MailSafe >>>> >>>>> Professional Web & E-mail Filtering from www.censornet.com >>>> >>>> >>>>-- >>>> >>>>Dan Searle >>>>Adelix Ltd >>>>[EMAIL PROTECTED] web: www.adelix.com >>>>tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 >>>>snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. >>>> >>>>Adelix Ltd is a registered company in England & Wales No. 4232156 >>>>VAT registration number 779 4232 91 >>>>Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) >>>> >>>>Any views expressed in this email communication are those >>>>of the individual sender, except where the sender specifically states >>>>them to be the views of a member of Adelix Ltd. Adelix Ltd. does not >>>>represent, warrant or guarantee that the integrity of this communication >>>>has been maintained nor that the communication is free of errors or >>>>interference. >>>> >>>> >>>>------------------------------------------------------------------------------------ >>>>Scanned for viruses, spam and offensive content by CensorNet MailSafe >>>> >>>>Professional Web & E-mail Filtering from www.censornet.com >>>>- >>>>List info/subscribe/unsubscribe? See >>>>http://www.freeradius.org/list/users.html >>>> >>>> >> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> ------------------------------------------------------------------------------------ >>> Scanned for viruses, spam and offensive content by CensorNet MailSafe >> >>> Professional Web & E-mail Filtering from www.censornet.com >> >>-- >> >>Dan Searle >>Adelix Ltd >>[EMAIL PROTECTED] web: www.adelix.com >>tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 >>snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. >> >>Adelix Ltd is a registered company in England & Wales No. 4232156 >>VAT registration number 779 4232 91 >>Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) >> >>Any views expressed in this email communication are those >>of the individual sender, except where the sender specifically states >>them to be the views of a member of Adelix Ltd. Adelix Ltd. does not >>represent, warrant or guarantee that the integrity of this communication >>has been maintained nor that the communication is free of errors or >>interference. >> >> >>------------------------------------------------------------------------------------ >>Scanned for viruses, spam and offensive content by CensorNet MailSafe >> >>Professional Web & E-mail Filtering from www.censornet.com >> >> > ------------------------------------------------------------------------------------ > Scanned for viruses, spam and offensive content by CensorNet MailSafe > Professional Web & E-mail Filtering from www.censornet.com -- Dan Searle Adelix Ltd [EMAIL PROTECTED] web: www.adelix.com tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592 snail: The Old Post Office, Bristol Rd, Hambrook, Bristol BS16 1RY. UK. Adelix Ltd is a registered company in England & Wales No. 4232156 VAT registration number 779 4232 91 Adelix Ltd is BS EN ISO 9001:2000 Certified (No. GB 12763) Any views expressed in this email communication are those of the individual sender, except where the sender specifically states them to be the views of a member of Adelix Ltd. Adelix Ltd. does not represent, warrant or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors or interference. ------------------------------------------------------------------------------------ Scanned for viruses, spam and offensive content by CensorNet MailSafe Professional Web & E-mail Filtering from www.censornet.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
