Attributes Bandwidth in radgrouprepy table

"Belén Colmenar (Grupo GOWEX)" bcolmenar at gowex.com
Mon Dec 22 17:18:42 CET 2008 


tnt at kalik.net escribió:
>> I'm coming back with this problem.
>>
>> When I change "User-Password" for "Cleartext-Password", my NAS can't 
>> connect with the Radius because NAS is sendig in CHAP mode
>>
>>     
>
> That makes no sense. Cleartext-Password works with every authentication
> method. Encrypted ones don't.
>   
I don't know why didn't work but in the next times yes. Now I have put 
Cleartext-Password.
>   
>> [chap] login attempt by "belen at host.com" with CHAP password
>> [chap] Using clear text password "pass" for user belen at host.com 
>> authentication.
>> [chap] Password check failed
>>     
> ..
>   
>> When I set "User-Password" in the data base, again, I can connect but 
>> with the "mistake":
>>
>> Found Auth-Type = CHAP
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> !!!    Replacing User-Password in config items with 
>> Cleartext-Password.     !!!
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> !!! Please update your configuration so that the "known 
>> good"               !!!
>> !!! clear text password is in Cleartext-Password, and not in 
>> User-Password. !!!
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> +- entering group CHAP {...}
>> [chap] login attempt by "belen at host.com" with CHAP password
>> [chap] Using clear text password "pass" for user belen at hostcom 
>> authentication.
>> [chap] chap user belen at seasuntel.com authenticated succesfully
>>     
>
> You have doctored the username (at least) in second output so there is no
> way to see is it the same user and password. It is critical that you
> provide debug with usernames and passwords. Use temporary test users,
> not real ones. Also it woud help if both debugs were complete. If you
> don't trust the list ...
>
>   
Yes, both usernames are the same and I guess I haven't show all the 
debug by space and long where important data is shown
>> It is really wrong????
>>
>>     
>
> Can't say when you have altered the debug.
>
>   
>> Besides, this could be affecting to my SQL query in radgroupreply?
>>
>>     
>
> No. Have you made changes to sql.conf apart from connection details?
> Groups are read as default.
>   
Yes, I've changed SQL queries in dialup.conf and now are like that:

    authorize_group_reply_query = "SELECT ${groupreply_table}.id, 
${groupreply_table}.GroupName,${groupreply_table}.Attribute, 
${groupreply_table}.Value,${groupreply_table}.op FROM 
${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username 
= '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = 
${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"

    authorize_group_check_query = "SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 
'%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName 
ORDER BY radgroupcheck.id"

More information about the Freeradius-Users mailing list