Re: help on pppd chap authorize by freeradius

Yes,
The problem was only the dictionary. In the default dictionary there was no "atribute 60" 
The problem is solved
Thank you
Alex

debik wrote:


The problem is in atribute 60. Compare yor dictionarys.

----- Original Message ----- From: "Alexandru Matei" <alex@qb.ro>
To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> 
Sent: Wednesday, November 15, 2006 4:57 PM
Subject: help on pppd chap authorize by freeradius



Hi,
I encounter an chap authorization problem using pppoe3.8, ppp 2.4.4b1 and Freeradius 1.1.3. 
The relevant logs are:

PPP dump:
Nov 15 17:43:29 localhost pppd[7486]: rcvd [LCP ConfReq id=0x2 <magic 0x1b31752> <pcomp> <accomp> <callback CBCP>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Nov 15 17:43:29 localhost pppd[7486]: sent [LCP ConfRej id=0x2 <pcomp> <accomp> <callback CBCP>] Nov 15 17:43:29 localhost pppd[7486]: rcvd [LCP ConfReq id=0x3 <magic 0x1b31752>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Nov 15 17:43:29 localhost pppd[7486]: sent [LCP ConfAck id=0x3 <magic 0x1b31752>] Nov 15 17:43:29 localhost pppd[7486]: sent [LCP EchoReq id=0x0 magic=0xbe000118] Nov 15 17:43:29 localhost pppd[7486]: sent [CHAP Challenge id=0x2 <dd114655881b93c9111ba4122068632faa63f98d>, name = "localhost"] Nov 15 17:43:29 localhost pppd[7486]: rcvd [CHAP Response id=0x2 <3e7ffb922fcba977f3dc8c2418d7dec2>, name = "test1"] 00 00 00 00 00 00 00 00 00 00 00 00 Nov 15 17:43:29 localhost pppd[7486]: rc_avpair_new: unknown attribute 60 Nov 15 17:43:31 localhost pppd[7486]: Peer test1 failed CHAP authentication 
Nov 15 17:43:31 localhost pppd[7486]: sent [CHAP Failure id=0x2 ""]
Nov 15 17:43:31 localhost pppd[7486]: sent [LCP TermReq id=0x2 "Authentication failed"] Nov 15 17:43:31 anton pppd[7486]: rcvd [LCP TermAck id=0x2] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... 
Nov 15 17:43:31 anton pppd[7486]: Connection terminated.
Nov 15 17:43:31 anton pppoe-server[7171]: Sent PADT

Freeradius log
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=64, length=89 
       Service-Type = Framed-User
       Framed-Protocol = PPP
       User-Name = "test1"
       CHAP-Password = 0x023e7ffb922fcba977f3dc8c2418d7dec2
       Calling-Station-Id = "00:20:18:8E:6C:0E"
       NAS-IP-Address = 127.0.0.1
       NAS-Port = 0
 Processing the authorize section of radiusd.conf
.....
 modcall[authorize]: module "sql" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
 rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
 Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 1
 rlm_chap: login attempt by "test1" with CHAP password
rlm_chap: Using clear text password password for user test1 authentication. 
 rlm_chap: Pasword check failed
 modcall[authenticate]: module "chap" returns reject for request 1
modcall: leaving group CHAP (returns reject) for request 1
auth: Failed to validate the user.

Altough I can obtain authorization using:
[root@localhost]# echo "User-Name = test1, CHAP-Password=password" | radclient localhost auth password 
Received response ID 100, code 2, length = 62
       Framed-Compression = None
       Service-Type = Framed-User
       Framed-IP-Address = 193.226.57.105
       Framed-IP-Netmask = 255.255.255.0
       Framed-MTU = 1492
       Framed-Protocol = PPP
       Port-Limit = 1

Do anyone encounter the same problem?

I can add that chap fails with all ppp versions (>=2.4.2)
Thank you,

Alex
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.