Attributes Bandwidth in radgrouprepy table

"Belén Colmenar (Grupo GOWEX)" bcolmenar at gowex.com
Mon Dec 22 13:14:56 CET 2008 

Hi again,

I'm coming back with this problem.

When I change "User-Password" for "Cleartext-Password", my NAS can't 
connect with the Radius because NAS is sendig in CHAP mode

rad_recv: Access-Request packet from host 192.168.1.39 port 2050, id=0, 
length=228
        User-Name = "belen at host.com"
        CHAP-Challenge = 0x53a8429597c9b905cbab17b209bf294
        CHAP-Password = 0x005fe19cab42985d294e73e48156dd4ce0
        NAS-IP-Address = 0.0.0.0
        Service-Type = Login-User
        Framed-IP-Address = 192.168.10.2
        Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
        Called-Station-Id = "xx-xx-xx-xx-xx-xx"
        NAS-Identifier = "nas01"
        Acct-Session-Id = "4900b86200000000"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 0
        Message-Authenticator = 0x9a651id7eab7ded29008bf6c18244954
       WISPr-Logoff-URL = "http://192.168.10.1:3990/logoff"
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[sql]   expand: %{User-Name} -> belen at host.com
[sql] sql_set_user escaped user --> 'belen at host.com'
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'belen at host.com'           ORDER BY id
[sql] User found in radcheck table
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "belen at host.com" with CHAP password
[chap] Using clear text password "pass" for user belen at host.com 
authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_chap: Wrong user password): 
[belen at host.com/<CHAP-Password>] (from client malditonas port 0 cli 
xx-xx-xx-xx-xx-xx)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> belen at host.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 192.168.1.39 port 2050
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +1313
Ready to process requests.


When I set "User-Password" in the data base, again, I can connect but 
with the "mistake":

Found Auth-Type = CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with 
Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known 
good"               !!!
!!! clear text password is in Cleartext-Password, and not in 
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group CHAP {...}
[chap] login attempt by "belen at host.com" with CHAP password
[chap] Using clear text password "pass" for user belen at hostcom 
authentication.
[chap] chap user belen at seasuntel.com authenticated succesfully
++[chap] returns ok

It is really wrong????

Besides, this could be affecting to my SQL query in radgroupreply?

I remember my dicctionary doesn't send attributes to the NAS and query 
about radgroupreply is being ignored

Thanks



tnt at kalik.net escribió:
>> On the other hand, I don't know how I can fix this fail and why is produced
>>
>> WARNING: Found User-Password == "...".
>> WARNING: Are you sure you don't mean Cleartext-Password?
>> WARNING: See "man rlm_pap" for more information.
>>
>>     
>
> Because you should be using Cleartext-Password in user entry.
>
> http://wiki.freeradius.org/SQL_HOWTO#Populating_SQL
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>   

--

More information about the Freeradius-Users mailing list