Help needed with MS-CHAP

[Charles Blake]

Dear friends:



I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.



I pretend to authenticate users against shadow.



I am using the default radius.conf and users files. I have included the
microsoft dictionary in radiusclient.conf file.



radtest shows ok:



# radtest mts mypassword localhost 0 testing123
Sending Access-Request of id 160 to 127.0.0.1 port 1812
        User-Name = "mts"
        User-Password = "mypassword"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=160, length=20



But when I try to authenticate an user using MS-CHAP, I am getting this
output:



rad_recv: Access-Request packet from host 127.0.0.1:1027, id=5, length=146
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "mts"
        MS-CHAP-Challenge = 0x6b61b1ed954a289c0fa3aebedc329ac6
        MS-CHAP2-Response =
0x8f0001684e1d34295e1232edb0682bd04e6e00000000000000002caaa9579823e00501812d3e2dce9225b7dd251c02e1fd89
        Calling-Station-Id = "172.16.255.11"
        NAS-IP-Address = 192.168.181.254
        NAS-Port = 0
Wed Feb 22 20:47:07 2006 : Debug:   Processing the authorize section of
radiusd.conf
Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group authorize for
request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modcall[authorize]: module "preprocess"
returns ok for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: calling chap
(rlm_chap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: returned from chap
(rlm_chap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modcall[authorize]: module "chap"
returns noop for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   rlm_mschap: Found MS-CHAP attributes.
Setting 'Auth-Type  = MS-CHAP'
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modcall[authorize]: module "mschap"
returns ok for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Wed Feb 22 20:47:07 2006 : Debug:     rlm_realm: No '@' in User-Name =
"mts", looking up realm NULL
Wed Feb 22 20:47:07 2006 : Debug:     rlm_realm: No such realm "NULL"
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modcall[authorize]: module "suffix"
returns noop for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: calling eap
(rlm_eap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   rlm_eap: No EAP-Message, not doing EAP
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: returned from eap
(rlm_eap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modcall[authorize]: module "eap" returns
noop for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: calling files
(rlm_files) for request 0
Wed Feb 22 20:47:07 2006 : Debug:     users: Matched entry DEFAULT at line
152
Wed Feb 22 20:47:07 2006 : Debug:     users: Matched entry DEFAULT at line
171
Wed Feb 22 20:47:07 2006 : Debug:     users: Matched entry DEFAULT at line
183
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authorize]: returned from
files (rlm_files) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modcall[authorize]: module "files"
returns ok for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall: leaving group authorize (returns
ok) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   rad_check_password:  Found Auth-Type
MS-CHAP
Wed Feb 22 20:47:07 2006 : Debug: auth: type "MS-CHAP"
Wed Feb 22 20:47:07 2006 : Debug:   Processing the authenticate section of
radiusd.conf
Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group MS-CHAP for
request 0
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authenticate]: calling mschap
(rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   rlm_mschap: No User-Password configured.
Cannot create LM-Password.
Wed Feb 22 20:47:07 2006 : Debug:   rlm_mschap: No User-Password configured.
Cannot create NT-Password.
Wed Feb 22 20:47:07 2006 : Debug:   rlm_mschap: Told to do MS-CHAPv2 for mts
with NT-Password
Wed Feb 22 20:47:07 2006 : Debug:   rlm_mschap: FAILED: No NT/LM-Password.
Cannot perform authentication.
Wed Feb 22 20:47:07 2006 : Debug:   rlm_mschap: FAILED: MS-CHAP2-Response is
incorrect
Wed Feb 22 20:47:07 2006 : Debug:   modsingle[authenticate]: returned from
mschap (rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug:   modcall[authenticate]: module "mschap"
returns reject for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall: leaving group MS-CHAP (returns
reject) for request 0
Wed Feb 22 20:47:07 2006 : Debug: auth: Failed to validate the user.
Wed Feb 22 20:47:07 2006 : Debug: Delaying request 0 for 1 seconds
Wed Feb 22 20:47:07 2006 : Debug: Finished request 0
Wed Feb 22 20:47:07 2006 : Debug: Going to the next request
Wed Feb 22 20:47:07 2006 : Debug: --- Walking the entire request list ---
Wed Feb 22 20:47:07 2006 : Debug: Waking up in 1 seconds...
Wed Feb 22 20:47:08 2006 : Debug: --- Walking the entire request list ---
Wed Feb 22 20:47:08 2006 : Debug: Waking up in 1 seconds...
Wed Feb 22 20:47:09 2006 : Debug: --- Walking the entire request list ---
Sending Access-Reject of id 5 to 127.0.0.1 port 1027
Wed Feb 22 20:47:09 2006 : Debug: Waking up in 4 seconds...
Wed Feb 22 20:47:13 2006 : Debug: --- Walking the entire request list ---
Wed Feb 22 20:47:13 2006 : Debug: Cleaning up request 0 ID 5 with timestamp
43fd141b
Wed Feb 22 20:47:13 2006 : Debug: Nothing to do.  Sleeping until we see a
request.



What I am doing wrong?



Thank you for your help,



Charles