Re: Need help

Frank Winkler <frank@riess.de> · Mon, 05 Nov 2007 11:02:20 +0100

Alan DeKok wrote:

 >Why have you massively edited the debug output?

I haven't - I just censored the password, that's all! But in fact, it seems 

that I forgot one occurance :( ...

 >> The password is displayed in plain text.
 >
 >Which password?  Could you explain which part of the edited output you
 >refer to?

The "XXX" above.

 >In any case, what little you've posted shows that the client is
 >sending a PAP authentication request.  Are you sure that you have
 >configured the server to do PAP authentication using NT-hashed

I have tried PAP and CHAP - how do I tell him about NT-hashes? I think 

that's exactly where it fails.

 >passwords?  The debug output you've posted conveniently deletes EVERY
 >REFERENCE TO THE AUTHENTICATION PROCESS.

That's ll I get! But you're right ... I remember that there was much more 

output when I tried it the last time. Oops, I accidentally typed "-x" 

instead of "-X".

Here we go again:

Ready to process requests.

rad_recv: Access-Request packet from host 127.0.0.1:63689, id=86, length=57
        User-Name = "fwvpn"
        User-Password = "XXX"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 10
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0

radius_xlat: 

'/opt/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20071105'

rlm_detail: 

/opt/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 

expands to 

/opt/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20071105

  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 100
  modcall[authorize]: module "files" returns ok for request 0
try to find in file

rlm_passwd: Added LM-Password: '624AAC413795CDC1AAD3B435B51404EE' to 

config_items

rlm_passwd: Added NT-Password: 'C5A237B7E9D8E708D8436B6148A25FA1' to 

config_items

try to find in file
  modcall[authorize]: module "radpasswd" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [fwvpn/XXX] (from client localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 86 to 127.0.0.1 port 63689
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 86 with timestamp 472ee8ce
Nothing to do.  Sleeping until we see a request.

"Auth-Type System" sounds like the culprit ... but I can't find that in 

radiusd.conf.

TIA

	fw