Simple Freeradius configuration

["Kelly Ormsby" <kelly7478@gmail.com>]

Hi all,

I've installed freeradius 1.1.6 on Fedora core 2 (kernel 2.6.5-1.358) (I can't upgrade please don't go there). I did a basic configure/make/make install.

The only changes to the default configuration is adding an entry to the 
clients.conf file to allow requests from the Cisco VPN gateway. So far as I can tell CHAP and CHAPv2 should work straight out of the box (as per this page 
http://deployingradius.com/documents/configuration/auth_type.html).

I've tried to authenticate using a local /etc/passwd user, and I get the output posted below. Is the default configuration enough for it to consult the /etc/passwd files (I thought that is what "DEFAULT Auth-Type = System" did?) or is there something else I need to add. Can CHAP (or CHAPv2) use /etc/passwd? I'm a little confused about the differences and I'm sure thats not helping :)

I'd really rather not list the users individually in the users file, I'd like there to still only be one place to add users, so I'd like to use /etc/passwd file only. I apologise if there is documentation listed on this, I really feel that I've searched everywhere I can and no one seems to give real details.

Thanks,

rad_recv: Access-Request packet from host 192.168.100.254:1645, id=45, length=152
        Framed-Protocol = PPP
        User-Name = "denvertech"
        MS-CHAP-Challenge = 0x79c27ab491824ce5
        MS-CHAP-Response = 0x010100000000000000000000000000000000000000000000000033f6aa08b02f18fa3e3013072a8f8f171469f179b7b7434b
        NAS-Port-Type = Virtual
        NAS-Port = 33
        NAS-Port-Id = "Uniq-Sess-ID33"
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.100.254
  Processing the authorize section of 
radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
  modcall[authorize]: module "mschap" returns ok for request 2
    rlm_realm: No '@' in User-Name = "denvertech", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 2
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
    users: Matched entry DEFAULT at line 184
  modcall[authorize]: module "files" returns ok for request 2
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns ok) for request 2
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 2
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv1 with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: MS-CHAP-Response is incorrect.
  modcall[authenticate]: module "mschap" returns reject for request 2
modcall: leaving group MS-CHAP (returns reject) for request 2
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 45 to 192.168.100.254 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 45 with timestamp 46c3b8db
Nothing to do.  Sleeping until we see a request.

-- 
Kelly Ormsby
Senior Unix Systems Administrator

Email: kelly7478@gmail.com
Mobile: 0417 910 801