Freeradius and eDirectory

Radius radius at kingmanaz.net
Wed Jul 6 17:58:28 CEST 2005 

Dusty Doris wrote:

>>The only part the does not work is the chap authentication all other
>>authentication works as it should. Our wholesale provider says we are
>>doing PAP just fine but no chap. They had very old instructions for
>>Freeradius but decided to start out with a totally clean install.
>>
>>This user below is in mysql database, and the system passwd/shadow files.
>>
>>He will not authenticate with the mysql database when we include a realm
>>@domain
>>and chap password.
>>
>>It gets the slipstream false from the database so I'm not sure why it
>>won't authenticate
>>the rest.
>>
>>Thread 1 handling request 0, (1 handled so far)
>>    User-Name = "rniclh at surftheusa.com"
>>    User-Password = "test123"
>>    NAS-IP-Address = 255.255.255.255
>>    NAS-Port = 100
>>    
>>
>
>I don't see a CHAP password in there.
>
>  
>
>>  Processing the authorize section of radiusd.conf
>>modcall: entering group authorize for request 0
>>  hints: Matched other at 80
>>    
>>
>
>You matched on the hints file on line 80 - what does your hints file say?
>
>  
>
DEFAULT    Suffix == ".ppp", Strip-User-Name = Yes
    Hint = "PPP",
    Service-Type = Framed-User,
    Framed-Protocol = PPP

DEFAULT    Suffix == ".slip", Strip-User-Name = Yes
    Hint = "SLIP",
    Service-Type = Framed-User,
    Framed-Protocol = SLIP

DEFAULT    Suffix == ".cslip", Strip-User-Name = Yes
    Hint = "CSLIP",
    Service-Type = Framed-User,
    Framed-Protocol = SLIP,
    Framed-Compression = Van-Jacobson-TCP-IP

other    Suffix == "@surftheusa.com", Strip-User-Name = Yes
    Hint = "PPP",
    Service-Type = Framed-User,
    Framed-Protocol = PPP
   

>>  modcall[authorize]: module "preprocess" returns ok for request 0
>>  modcall[authorize]: module "attr_filter" returns noop for request 0
>>  modcall[authorize]: module "chap" returns noop for request 0
>>    rlm_realm: No '@' in User-Name = "rniclh", skipping NULL due to config.
>>  modcall[authorize]: module "suffix" returns noop for request 0
>>  rlm_eap: No EAP-Message, not doing EAP
>>  modcall[authorize]: module "eap" returns noop for request 0
>>    users: Matched entry DEFAULT at line 159
>>    users: Matched entry DEFAULT at line 178
>>    users: Matched entry DEFAULT at line 190
>>    
>>
>
>You matched the users file in three seperate lines, 159, 178, and 190.
>What does your users file say on each of those lines?
>
>  
>
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT    Auth-Type == System
    Fall-Through = 1

# Defaults for all framed connections.
#
DEFAULT    Service-Type == Framed-User
    Framed-IP-Address = 255.255.255.254,
    Framed-MTU = 576,
    Service-Type = Framed-User,
    Fall-Through = Yes

#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
#    by the terminal server in which case there may not be a "P" suffix.
#    The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT    Framed-Protocol == PPP
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT    Hint == "CSLIP"
    Framed-Protocol = SLIP,
    Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT    Hint == "SLIP"
    Framed-Protocol = SLIP

>>  modcall[authorize]: module "files" returns ok for request 0
>>radius_xlat:  'rniclh'
>>rlm_sql (sql): sql_set_user escaped user --> 'rniclh'
>>    
>>
>...
>  
>
>>  modcall[authorize]: module "sql" returns ok for request 0
>>modcall: group authorize returns ok for request 0
>>    
>>
>
>Your sql call returned OK, that means the sql part worked.
>
>  
>
>>  rad_check_password:  Found Auth-Type System
>>auth: type "System"
>>    
>>
>
>Now it just got changed to Auth-Type System.  Is this from your users
>file?
>
>  
>
>>  Processing the authenticate section of radiusd.conf
>>modcall: entering group authenticate for request 0
>>rlm_unix: [rniclh]: invalid password
>>    
>>
>
>You authenticated with the unix module, is that what you want?  The user
>failed because the password did not match your /etc/passwd file.
>
>  
>
>>  modcall[authenticate]: module "unix" returns reject for request 0
>>modcall: group authenticate returns reject for request 0
>>auth: Failed to validate the user.
>>    
>>
>
>I would look at your hints file and your users file to the lines it
>matched at - post them here if you want us to take a look at it.  Also, if
>you don't want to use /etc/passwd, then disable the unix module in the
>authentication section.
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>

More information about the Freeradius-Users mailing list