empty password / dhcpd
tnt at kalik.co.yu
tnt at kalik.co.yu
Wed Jun 20 21:34:10 CEST 2007
Just delete that User-Password entry from the radcheck table.
Ivan Kalik
Kalik Informatika ISP
Dana 20/6/2007, "Felipe Ceglia - PY1NB" <felipe-listas at terenet.com.br>
piše:
>Hi again...
>
>I am now trying to authenticate a DHCPd request from a mikrotik box.
>My freeradius server says that there is a problem with user's password.
>How can I tell him (PAP) that this should be ok?
>
>Something strange that I noticed is that the calling station id got
>changed from the original mac address value. Anyway, I just put this as
>a calling-station id attribute on radcheck.
>
>
>mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
>Username = '00:0B:CD:EC:63:50' ORDER BY id;
>+------+-------------------+--------------------+-------------------+----+
>| id | UserName | Attribute | Value | op |
>+------+-------------------+--------------------+-------------------+----+
>| 2047 | 00:0B:CD:EC:63:50 | Calling-Station-Id | 1:0:b:cd:ec:63:50 | := |
>| 2050 | 00:0B:CD:EC:63:50 | User-Password | | := |
>+------+-------------------+--------------------+-------------------+----+
>2 rows in set (0.00 sec)
>
>SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
>FROM radgroupcheck,usergroup WHERE usergroup.Username =
>'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName
>ORDER BY radgroupcheck.id;
>Empty set (0.00 sec)
>
>mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
>Username = '00:0B:CD:EC:63:50' ORDER BY id;
>+----+-------------------+-------------------+-----------------+----+
>| id | UserName | Attribute | Value | op |
>+----+-------------------+-------------------+-----------------+----+
>| 42 | 00:0B:CD:EC:63:50 | Framed-IP-Address | 192.168.254.101 | == |
>| 43 | 00:0B:CD:EC:63:50 | Framed-IP-Netmask | 255.255.255.0 | == |
>+----+-------------------+-------------------+-----------------+----+
>2 rows in set (0.00 sec)
>
>SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
>FROM radgroupreply,usergroup WHERE usergroup.Username =
>'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName
>ORDER BY radgroupreply.id;
>Empty set (0.00 sec)
>
>
>
>
>
>
>Ready to process requests.
>rad_recv: Access-Request packet from host 172.16.3.5:32768, id=71,
>length=113
> NAS-Port-Type = Ethernet
> NAS-Port = 2205155400
> Calling-Station-Id = "1:0:b:cd:ec:63:50"
> Called-Station-Id = "server1"
> User-Name = "00:0B:CD:EC:63:50"
> User-Password = ""
> NAS-Identifier = "MikroTik"
> NAS-IP-Address = 172.16.3.5
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "00:0B:CD:EC:63:50", looking up
>realm NULL
> rlm_realm: Found realm "NULL"
> rlm_realm: Adding Stripped-User-Name = "00:0B:CD:EC:63:50"
> rlm_realm: Proxying request from user 00:0B:CD:EC:63:50 to realm NULL
> rlm_realm: Adding Realm = "NULL"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> users: Matched entry DEFAULT at line 174
> modcall[authorize]: module "files" returns ok for request 0
>radius_xlat: '00:0B:CD:EC:63:50'
>rlm_sql (sql): sql_set_user escaped user --> '00:0B:CD:EC:63:50'
>radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
>Username = '00:0B:CD:EC:63:50' ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 4
>radius_xlat: 'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
>FROM radgroupcheck,usergroup WHERE usergroup.Username =
>'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName
>ORDER BY radgroupcheck.id'
>radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
>Username = '00:0B:CD:EC:63:50' ORDER BY id'
>radius_xlat: 'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
>FROM radgroupreply,usergroup WHERE usergroup.Username =
>'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName
>ORDER BY radgroupreply.id'
>rlm_sql (sql): Released sql socket id: 4
> modcall[authorize]: module "sql" returns ok for request 0
>rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for request 0
>modcall: leaving group authorize (returns ok) for request 0
>******************************************************************************
> rad_check_password: Found Auth-Type PAP
>auth: type "PAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group PAP for request 0
> modcall[authenticate]: module "pap" returns invalid for request 0
>modcall: leaving group PAP (returns invalid) for request 0
>******************************************************************************
>auth: Failed to validate the user.
>Login incorrect (rlm_pap: empty password supplied): [00:0B:CD:EC:63:50/]
>(from client mikrotik port 2205155400 cli 1:0:b:cd:ec:63:50)
>rad_lowerpair: Stripped-User-Name now '00:0b:cd:ec:63:50'
>rad_lowerpair: User-Password now ''
>rad_rmspace_pair: Stripped-User-Name now '00:0b:cd:ec:63:50'
>rad_rmspace_pair: User-Password now ''
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: Request already proxied. Ignoring.
> modcall[authorize]: module "suffix" returns noop for request 0
>
>
>
>
>Thank you,
>
>Felipe
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list