MSCHAPv2 with 1.1.4

Matt Cobb mattc at lockdownnetworks.com
Thu Jun 21 22:40:44 CEST 2007


Tried that already. 

cobb Cleartext-Password := "secret"

It just spits out an error that says I didn't use User-Password and
fails:

Thread 1 handling request 0, (1 handled so far)

        NAS-Identifier = "localhost"

        NAS-Port-Type = Ethernet

        Service-Type = Framed-User

        Framed-Protocol = PPP

        Calling-Station-Id = "127.0.0.1"

        User-Name = "cobb at guests"

        MS-CHAP2-Response =
0x01013410fa7660ac21dc93c5313bcab77f150000000000000000e601cdc04a6c368aed
b66db426dff79111702aa7dbf9d3bb

        MS-CHAP-Challenge = 0xc171ce27fd0fc0189daf86b649fe8588

        Service-Type = 47

  Processing the authorize section of radiusd.conf

modcall: entering group authorize for request 0

  modcall[authorize]: module "preprocess" returns ok for request 0

  modcall[authorize]: module "chap" returns noop for request 0

  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'

  modcall[authorize]: module "mschap" returns ok for request 0

modcall: entering group  for request 0

    rlm_realm: Looking up realm "guests" for User-Name = "cobb at guests"

    rlm_realm: Found realm "guests"

    rlm_realm: Adding Stripped-User-Name = "cobb"

    rlm_realm: Proxying request from user cobb to realm guests

    rlm_realm: Adding Realm = "guests"

    rlm_realm: Authentication realm is LOCAL.

  modcall[authorize]: module "suffix" returns noop for request 0

    rlm_realm: Request already proxied.  Ignoring.

  modcall[authorize]: module "ntdomain" returns noop for request 0

modcall: leaving group  (returns noop) for request 0

  rlm_eap: No EAP-Message, not doing EAP

  modcall[authorize]: module "eap" returns noop for request 0

    users: Matched entry cobb at line 2

  modcall[authorize]: module "files" returns ok for request 0

modcall: leaving group authorize (returns ok) for request 0

  rad_check_password:  Found Auth-Type MS-CHAP

auth: type "MS-CHAP"

  Processing the authenticate section of radiusd.conf

modcall: entering group MS-CHAP for request 0

  rlm_mschap: No User-Password configured.  Cannot create LM-Password.

  rlm_mschap: No User-Password configured.  Cannot create NT-Password.

  rlm_mschap: Told to do MS-CHAPv2 for cobb at guests with NT-Password

  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.

  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

  modcall[authenticate]: module "mschap" returns reject for request 0

modcall: leaving group MS-CHAP (returns reject) for request 0

auth: Failed to validate the user.

Login incorrect: [cobb at guests] (from client localhost port 0 cli
127.0.0.1)

  Found Post-Auth-Type

  Processing the post-auth section of radiusd.conf

modcall: entering group REJECT for request 0

DBUS Method Call to com.lockdownnetworks.RadiusEvents:/ on
com.lockdownnetworks.RadiusEvents

Early exit of processing return values.

Finished with dbus method.

  modcall[post-auth]: module "dbus" returns reject for request 0

modcall: leaving group REJECT (returns reject) for request 0

Delaying request 0 for 1 seconds

Finished request 0

Going to the next request

Thread 1 waiting to be assigned a request

rad_recv: Access-Request packet from host 127.0.0.1:32776, id=181,
length=161

Sending Access-Reject of id 181 to 127.0.0.1 port 32776

--- Walking the entire request list ---

Waking up in 3 seconds...

--- Walking the entire request list ---

Cleaning up request 0 ID 181 with timestamp 467ae04a

Nothing to do.  Sleeping until we see a request.



-----Original Message-----
From:
freeradius-users-bounces+mattc=lockdownnetworks.com at lists.freeradius.org
[mailto:freeradius-users-bounces+mattc=lockdownnetworks.com at lists.freera
dius.org] On Behalf Of tnt at kalik.co.yu
Sent: Thursday, June 21, 2007 11:30 AM
To: FreeRadius users mailing list
Subject: Re: MSCHAPv2 with 1.1.4

>
>users file:
>
>cobb User-Password=="secret"
>
>                (also tried Cleartext-Password with same results)
>

Wrong operator (==) for Cleartext-Password. Use :=

cobb   Cleartext-Password := "secret"

Ivan Kalik
Kalik Informatika ISP

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list