Need help, MS RAS as radius client

Cui Jeffrey jeffreycui at hotmail.com
Tue Dec 12 03:00:11 CET 2006 

Hello everyone,
I started to use freeradius only a couple weeks ago. My job is to use 
rlm_jradius module to forward username/password to my own authentication 
application, it works fine with radclient.
But when I was trying to use windows RAS (vpn server) as freeradius' 
client, from freeradius' output, I can see that there is no user-password. 
Any idea why this happens? 
I am using freeradius 1.1.2 on Redhat enterprise Linux version 4.
Thank you
Jeffrey


rad_recv: Access-Request packet from host 192.168.2.151:1382, id=8, 
length=289
        Acct-Session-Id = "108"
        NAS-IP-Address = 192.168.2.151
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 129
        MS-RAS-Vendor = 311
        MS-RAS-Version = "MSRASV5.20"
        NAS-Port-Type = Virtual
        Tunnel-Type:0 = PPTP
        Tunnel-Medium-Type:0 = IP
        Calling-Station-Id = "10.11.14.105"
        Tunnel-Client-Endpoint:0 = "10.11.14.105"
        Microsoft-Attr-35 = 0x4d5352415356352e3030
        Microsoft-Attr-34 = 0x4d535241532d312d4a454646324b
        User-Name = "dvmh00000055 at DVVPN.COM"
        MS-CHAP-Challenge = 0xe6e76c750472fb5879986d8b8e75df6e
        MS-CHAP2-Response = 
0x0000f21eb6c0b591297af094964bb6e9417c0000000000000000f990636a5a5237f4c3456225c9c475b07004e32cb758fdf2

        Message-Authenticator = 0x25fa1bd20b0a0f3fa273ae4fc66eb8d5
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
  modcall[authorize]: module "mschap" returns ok for request 0
    rlm_realm: Looking up realm "DVVPN.COM" for User-Name = 
"dvmh00000055 at DVVPN.COM"
    rlm_realm: No such realm "DVVPN.COM"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry DEFAULT at line 183
  modcall[authorize]: module "files" returns ok for request 0
rlm_jradius: packing attribute Acct-Session-Id (type: 44; len: 3)
rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute NAS-Port (type: 5; len: 4)
rlm_jradius: packing attribute MS-RAS-Vendor (type: 20381705; len: 4)
rlm_jradius: packing attribute MS-RAS-Version (type: 20381714; len: 10)
rlm_jradius: packing attribute NAS-Port-Type (type: 61; len: 4)
rlm_jradius: packing attribute Tunnel-Type (type: 64; len: 4)
rlm_jradius: packing attribute Tunnel-Medium-Type (type: 65; len: 4)
rlm_jradius: packing attribute Calling-Station-Id (type: 31; len: 12)
rlm_jradius: packing attribute Tunnel-Client-Endpoint (type: 66; len: 12)
rlm_jradius: packing attribute Microsoft-Attr-35 (type: 20381731; len: 10)
rlm_jradius: packing attribute Microsoft-Attr-34 (type: 20381730; len: 14)
rlm_jradius: packing attribute User-Name (type: 1; len: 22)
rlm_jradius: packing attribute MS-CHAP-Challenge (type: 20381707; len: 16)
rlm_jradius: packing attribute MS-CHAP2-Response (type: 20381721; len: 50)
rlm_jradius: packing attribute Message-Authenticator (type: 80; len: 16)
rlm_jradius: packing attribute Client-IP-Address (type: 1052; len: 4)
rlm_jradius: packing packet with code: 1 (attr length: 429)
rlm_jradius: packing attribute Framed-IP-Address (type: 8; len: 4)
rlm_jradius: packing attribute Framed-MTU (type: 12; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute Framed-Compression (type: 13; len: 4)
rlm_jradius: packing packet with code: 0 (attr length: 80)
rlm_jradius: packing attribute Auth-Type (type: 1000; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: sending 586 bytes to jradius server
rlm_jradius: return code 8; receiving 2 packets
rlm_jradius: reading packet: code=1 len=429
rlm_jradius: reading attribute: type=44; len=3
rlm_jradius: reading attribute: type=4; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=5; len=4
rlm_jradius: reading attribute: type=20381705; len=4
rlm_jradius: reading attribute: type=20381714; len=10
rlm_jradius: reading attribute: type=61; len=4
rlm_jradius: reading attribute: type=64; len=4
rlm_jradius: reading attribute: type=65; len=4
rlm_jradius: reading attribute: type=31; len=12
rlm_jradius: reading attribute: type=66; len=12
rlm_jradius: reading attribute: type=20381731; len=10
rlm_jradius: received attribute we do not recognize (type: 20381731)
rlm_jradius: reading attribute: type=20381730; len=14
rlm_jradius: received attribute we do not recognize (type: 20381730)
rlm_jradius: reading attribute: type=1; len=22
rlm_jradius: reading attribute: type=20381707; len=16
rlm_jradius: reading attribute: type=20381721; len=50
rlm_jradius: reading attribute: type=80; len=16
rlm_jradius: reading attribute: type=1052; len=4
rlm_jradius: reading packet: code=0 len=80
rlm_jradius: reading attribute: type=8; len=4
rlm_jradius: reading attribute: type=12; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=13; len=4
rlm_jradius: reading request: config_item: len=48
rlm_jradius: reading attribute: type=1000; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
  modcall[authorize]: module "jradius" returns updated for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for dvmh00000055 at DVVPN.COM with 
NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 0
modcall: leaving group MS-CHAP (returns reject) for request 0
auth: Failed to validate the user.
Login incorrect: [dvmh00000055 at DVVPN.COM/<no User-Password attribute>] 
(from client jeff2003 port 129 cli 10.11.14.105)
  Found Post-Auth-Type
  Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 0
rlm_jradius: packing attribute Acct-Session-Id (type: 44; len: 3)
rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute NAS-Port (type: 5; len: 4)
rlm_jradius: packing attribute MS-RAS-Vendor (type: 20381705; len: 4)
rlm_jradius: packing attribute MS-RAS-Version (type: 20381714; len: 10)
rlm_jradius: packing attribute NAS-Port-Type (type: 61; len: 4)
rlm_jradius: packing attribute Tunnel-Type (type: 64; len: 4)
rlm_jradius: packing attribute Tunnel-Medium-Type (type: 65; len: 4)
rlm_jradius: packing attribute Calling-Station-Id (type: 31; len: 12)
rlm_jradius: packing attribute Tunnel-Client-Endpoint (type: 66; len: 12)
rlm_jradius: packing attribute User-Name (type: 1; len: 22)
rlm_jradius: packing attribute MS-CHAP-Challenge (type: 20381707; len: 16)
rlm_jradius: packing attribute MS-CHAP2-Response (type: 20381721; len: 50)
rlm_jradius: packing attribute Message-Authenticator (type: 80; len: 16)
rlm_jradius: packing attribute Client-IP-Address (type: 1052; len: 4)
rlm_jradius: packing packet with code: 1 (attr length: 381)
rlm_jradius: packing attribute Framed-IP-Address (type: 8; len: 4)
rlm_jradius: packing attribute Framed-MTU (type: 12; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute Framed-Compression (type: 13; len: 4)
rlm_jradius: packing attribute MS-CHAP-Error (type: 20381698; len: 10)
rlm_jradius: packing packet with code: 3 (attr length: 102)
rlm_jradius: packing attribute Auth-Type (type: 1000; len: 4)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Framed-Protocol (type: 7; len: 4)
rlm_jradius: packing attribute Post-Auth-Type (type: 1014; len: 4)
rlm_jradius: sending 576 bytes to jradius server
rlm_jradius: return code 7; receiving 2 packets
rlm_jradius: reading packet: code=1 len=381
rlm_jradius: reading attribute: type=44; len=3
rlm_jradius: reading attribute: type=4; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=5; len=4
rlm_jradius: reading attribute: type=20381705; len=4
rlm_jradius: reading attribute: type=20381714; len=10
rlm_jradius: reading attribute: type=61; len=4
rlm_jradius: reading attribute: type=64; len=4
rlm_jradius: reading attribute: type=65; len=4
rlm_jradius: reading attribute: type=31; len=12
rlm_jradius: reading attribute: type=66; len=12
rlm_jradius: reading attribute: type=1; len=22
rlm_jradius: reading attribute: type=20381707; len=16
rlm_jradius: reading attribute: type=20381721; len=50
rlm_jradius: reading attribute: type=80; len=16
rlm_jradius: reading attribute: type=1052; len=4
rlm_jradius: reading packet: code=3 len=102
rlm_jradius: reading attribute: type=8; len=4
rlm_jradius: reading attribute: type=12; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=13; len=4
rlm_jradius: reading attribute: type=20381698; len=10
rlm_jradius: reading request: config_item: len=64
rlm_jradius: reading attribute: type=1000; len=4
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=7; len=4
rlm_jradius: reading attribute: type=1014; len=4
  modcall[post-auth]: module "jradius" returns noop for request 0
modcall: leaving group REJECT (returns noop) for request 0
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 8 to 192.168.2.151 port 1382
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 8 with timestamp 457dbde0
Nothing to do.  Sleeping until we see a request.

_________________________________________________________________
与世界各地的朋友进行交流,免费下载  Live Messenger; 
http://get.live.com/messenger/overview

More information about the Freeradius-Users mailing list