empty password / dhcpd

Felipe Ceglia - PY1NB felipe-listas at terenet.com.br
Wed Jun 20 21:34:15 CEST 2007 

Hey!

I just added Auth-Type := Local for this group, and it worked.
Is there any clever/cleaner way to do it?

Thank you.

Felipe Ceglia - PY1NB wrote:
> Hi again...
> 
> I am now trying to authenticate a DHCPd request from a mikrotik box.
> My freeradius server says that there is a problem with user's password.
> How can I tell him (PAP) that this should be ok?
> 
> Something strange that I noticed is that the calling station id got 
> changed from the original mac address value. Anyway, I just put this as 
> a calling-station id attribute on radcheck.
> 
> 
> mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
> Username = '00:0B:CD:EC:63:50' ORDER BY id;
> +------+-------------------+--------------------+-------------------+----+
> | id   | UserName          | Attribute          | Value             | op |
> +------+-------------------+--------------------+-------------------+----+
> | 2047 | 00:0B:CD:EC:63:50 | Calling-Station-Id | 1:0:b:cd:ec:63:50 | := |
> | 2050 | 00:0B:CD:EC:63:50 | User-Password      |                   | := |
> +------+-------------------+--------------------+-------------------+----+
> 2 rows in set (0.00 sec)
> 
> SELECT 
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 
> '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName 
> ORDER BY radgroupcheck.id;
> Empty set (0.00 sec)
> 
> mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
> Username = '00:0B:CD:EC:63:50' ORDER BY id;
> +----+-------------------+-------------------+-----------------+----+
> | id | UserName          | Attribute         | Value           | op |
> +----+-------------------+-------------------+-----------------+----+
> | 42 | 00:0B:CD:EC:63:50 | Framed-IP-Address | 192.168.254.101 | == |
> | 43 | 00:0B:CD:EC:63:50 | Framed-IP-Netmask | 255.255.255.0   | == |
> +----+-------------------+-------------------+-----------------+----+
> 2 rows in set (0.00 sec)
> 
> SELECT 
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
> FROM radgroupreply,usergroup WHERE usergroup.Username = 
> '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName 
> ORDER BY radgroupreply.id;
> Empty set (0.00 sec)
> 
> 
> 
> 
> 
> 
> Ready to process requests.
> rad_recv: Access-Request packet from host 172.16.3.5:32768, id=71, 
> length=113
>         NAS-Port-Type = Ethernet
>         NAS-Port = 2205155400
>         Calling-Station-Id = "1:0:b:cd:ec:63:50"
>         Called-Station-Id = "server1"
>         User-Name = "00:0B:CD:EC:63:50"
>         User-Password = ""
>         NAS-Identifier = "MikroTik"
>         NAS-IP-Address = 172.16.3.5
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "00:0B:CD:EC:63:50", looking up 
> realm NULL
>     rlm_realm: Found realm "NULL"
>     rlm_realm: Adding Stripped-User-Name = "00:0B:CD:EC:63:50"
>     rlm_realm: Proxying request from user 00:0B:CD:EC:63:50 to realm NULL
>     rlm_realm: Adding Realm = "NULL"
>     rlm_realm: Authentication realm is LOCAL.
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched entry DEFAULT at line 174
>   modcall[authorize]: module "files" returns ok for request 0
> radius_xlat:  '00:0B:CD:EC:63:50'
> rlm_sql (sql): sql_set_user escaped user --> '00:0B:CD:EC:63:50'
> radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
> Username = '00:0B:CD:EC:63:50' ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 4
> radius_xlat:  'SELECT 
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 
> '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName 
> ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
> Username = '00:0B:CD:EC:63:50' ORDER BY id'
> radius_xlat:  'SELECT 
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
> FROM radgroupreply,usergroup WHERE usergroup.Username = 
> '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName 
> ORDER BY radgroupreply.id'
> rlm_sql (sql): Released sql socket id: 4
>   modcall[authorize]: module "sql" returns ok for request 0
> rlm_pap: Found existing Auth-Type, not changing it.
>   modcall[authorize]: module "pap" returns noop for request 0
> modcall: leaving group authorize (returns ok) for request 0
> ******************************************************************************
>   rad_check_password:  Found Auth-Type PAP
> auth: type "PAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group PAP for request 0
>   modcall[authenticate]: module "pap" returns invalid for request 0
> modcall: leaving group PAP (returns invalid) for request 0
> ******************************************************************************
> auth: Failed to validate the user.
> Login incorrect (rlm_pap: empty password supplied): [00:0B:CD:EC:63:50/] 
> (from client mikrotik port 2205155400 cli 1:0:b:cd:ec:63:50)
> rad_lowerpair:  Stripped-User-Name now '00:0b:cd:ec:63:50'
> rad_lowerpair:  User-Password now ''
> rad_rmspace_pair:  Stripped-User-Name now '00:0b:cd:ec:63:50'
> rad_rmspace_pair:  User-Password now ''
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: Request already proxied.  Ignoring.
>   modcall[authorize]: module "suffix" returns noop for request 0
> 
> 
> 
> 
> Thank you,
> 
> Felipe
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list