Freeradius and eDirectory

Radius radius at kingmanaz.net
Wed Jul 6 17:48:25 CEST 2005


Thanks Dusty, I'll get all this for you.

It all works fine on an older release is what is really making it
very hard.

Yes, we want it to do both. Chap & PAP


Dusty Doris wrote:

>>The only part the does not work is the chap authentication all other
>>authentication works as it should. Our wholesale provider says we are
>>doing PAP just fine but no chap. They had very old instructions for
>>Freeradius but decided to start out with a totally clean install.
>>
>>This user below is in mysql database, and the system passwd/shadow files.
>>
>>He will not authenticate with the mysql database when we include a realm
>>@domain
>>and chap password.
>>
>>It gets the slipstream false from the database so I'm not sure why it
>>won't authenticate
>>the rest.
>>
>>Thread 1 handling request 0, (1 handled so far)
>>    User-Name = "rniclh at surftheusa.com"
>>    User-Password = "test123"
>>    NAS-IP-Address = 255.255.255.255
>>    NAS-Port = 100
>>    
>>
>
>I don't see a CHAP password in there.
>
>  
>
>>  Processing the authorize section of radiusd.conf
>>modcall: entering group authorize for request 0
>>  hints: Matched other at 80
>>    
>>
>
>You matched on the hints file on line 80 - what does your hints file say?
>
>  
>
>>  modcall[authorize]: module "preprocess" returns ok for request 0
>>  modcall[authorize]: module "attr_filter" returns noop for request 0
>>  modcall[authorize]: module "chap" returns noop for request 0
>>    rlm_realm: No '@' in User-Name = "rniclh", skipping NULL due to config.
>>  modcall[authorize]: module "suffix" returns noop for request 0
>>  rlm_eap: No EAP-Message, not doing EAP
>>  modcall[authorize]: module "eap" returns noop for request 0
>>    users: Matched entry DEFAULT at line 159
>>    users: Matched entry DEFAULT at line 178
>>    users: Matched entry DEFAULT at line 190
>>    
>>
>
>You matched the users file in three seperate lines, 159, 178, and 190.
>What does your users file say on each of those lines?
>
>  
>
>>  modcall[authorize]: module "files" returns ok for request 0
>>radius_xlat:  'rniclh'
>>rlm_sql (sql): sql_set_user escaped user --> 'rniclh'
>>    
>>
>...
>  
>
>>  modcall[authorize]: module "sql" returns ok for request 0
>>modcall: group authorize returns ok for request 0
>>    
>>
>
>Your sql call returned OK, that means the sql part worked.
>
>  
>
>>  rad_check_password:  Found Auth-Type System
>>auth: type "System"
>>    
>>
>
>Now it just got changed to Auth-Type System.  Is this from your users
>file?
>
>  
>
>>  Processing the authenticate section of radiusd.conf
>>modcall: entering group authenticate for request 0
>>rlm_unix: [rniclh]: invalid password
>>    
>>
>
>You authenticated with the unix module, is that what you want?  The user
>failed because the password did not match your /etc/passwd file.
>
>  
>
>>  modcall[authenticate]: module "unix" returns reject for request 0
>>modcall: group authenticate returns reject for request 0
>>auth: Failed to validate the user.
>>    
>>
>
>I would look at your hints file and your users file to the lines it
>matched at - post them here if you want us to take a look at it.  Also, if
>you don't want to use /etc/passwd, then disable the unix module in the
>authentication section.
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>




More information about the Freeradius-Users mailing list