pap "Cleartext-Password", sql etc...

Ivan Kalik tnt at kalik.net
Thu Jan 31 01:48:49 CET 2008


Can you post users entry in the database. it's quite likely that you
left == as the operator instead of using :=.

Ivan Kalik
Kalik Informatika ISP

Dana 30/1/2008, "Andrew Long" <fursink at gmail.com> piše:

>When I have (radcheck) attribute `User-Password', authentication
>succeeds but we see the following:
>
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type CHAP
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>!!! Please update your configuration so that the "known good"               !!!
>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>auth: type "CHAP"
>+- entering group CHAP
>  rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
>  rlm_chap: Using clear text password "aromaescape" for user
>elmaroma_cn3000 authentication.
>  rlm_chap: chap user elmaroma_cn3000 authenticated succesfully
>++[chap] returns ok
>
>If I change the attribute to `Cleartext-Password', authentication
>fails and I see:
>
>rlm_pap: WARNING! No "known good" password found for the user.
>Authentication may fail because of this.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type CHAP
>auth: type "CHAP"
>+- entering group CHAP
>  rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
>  rlm_chap: Cleartext-Password is required for authentication
>++[chap] returns invalid
>auth: Failed to validate the user.
>Login incorrect (rlm_chap: Clear text password not available):
>[elmaroma_cn3000/<CHAP-Password>] (from client cn3000_aroma port 0 cli
>00-02-6F-xx-xx-92)
>
>The "users" file
>----------------------
>DEFAULT	Fall-Through = 1
>DEFAULT	Service-Type == Framed-User
>	Framed-IP-Address = 255.255.255.254,
>	Framed-MTU = 576,
>	Service-Type = Framed-User,
>	Fall-Through = Yes
>DEFAULT	Framed-Protocol == PPP
>	Framed-Protocol = PPP,
>	Framed-Compression = Van-Jacobson-TCP-IP
>---------------------
>authorize {
>	preprocess
>	chap
>	mschap
>	suffix
>	unix
>	files
>	sql
>	expiration
>	logintime
>	noresetcounter
>	dailycounter
>	monthlycounter
>	daypasscounter
>	pap}
>authenticate {
>	pap
>	chap
>	mschap}
>
>Thanks muchly,
>
>Andrew Long
>EWS
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list