Problem with CHAP, users file and radclient

Andreas Engler freeradius at arcor.de
Tue Dec 20 16:49:45 CET 2005


Hello,

i try to test a new freeradius (1.0.5) installation with radclient 
(Version 1.72.2.1)and an existing auth-log detailfile. The 
authentication failed in rlm_check_password. Please take a look at the 
radius.log sequence at bottom.

In the auth-log file are accepted requests of a different server, wich 
gets the user-password via mysql. In the auth-log file are Chap-Password 
and Chap-Challenge attributes.

The new installation should use the users file for storing the password. 
So i exctracted the data from mysql-db and created the users file. The 
passwords are stored cleartext.

Did i somthing missing in the configuration (see log)?
Couldn't i use radclient this way to test real packets?
Did you need mor information?

Thank you for help

Andreas Engler


the users file entry:

hubba  User-Password == "bubba", NAS-Port-Id == 1/0/0/8.32

the radius.log sequence:

Thread 1 handling request 0, (1 handled so far)
    Framed-Protocol = PPP
    User-Name = "hubba"
    CHAP-Password = 0x2c98390c540135e0bbf1024d3dff4a71ef
    NAS-Port-Type = Virtual
    NAS-Port = 268959776
    NAS-Port-Id = "1/0/0/8.32"
    Connect-Info = "pppoe4atm"
    Service-Type = Framed-User
    NAS-IP-Address = xxx.xxx.xxx.xxx
    CHAP-Challenge = 0x3fc1d8dc7b393459a292d664a9054a92
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
rlm_passwd: Added Grp-Name: 'test##all##' to request_items
  modcall[authorize]: module "etc_group" returns ok for request 0
radius_xlat:  '/var/log/radius/radacct/127.0.0.1/auth-detail-20051220'
rlm_detail: 
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
to /var/log/radius/radacct/127.0.0.1/auth-detail-20051220
  modcall[authorize]: module "auth_log" returns ok for request 0
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 0
    users: Matched entry DEFAULT at line 11
    users: Matched entry hubba at line 31
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
  rlm_chap: login attempt by "hubba" with CHAP password
  rlm_chap: Using clear text password bubba for user hubba authentication.
  rlm_chap: Pasword check failed
  modcall[authenticate]: module "chap" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Login incorrect (rlm_chap: Wrong user password): [hubba/<CHAP-Password>] 
(from client localhost port 268959776)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051220/ccc4fe4e/attachment.html>


More information about the Freeradius-Users mailing list