Re: mschapv2 problem
Cristian Novac wrote:
> The authentication is still not working
> I attached the log I got when running in debug mode;
It's long and informative. As was pointed out, it includes a lot of
issues that you should fix.
In short, you configured "Auth-Type" somewhere, and broke the server.
The debug log shows this clearly:
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
modcall[authorize]: module "chap" returns noop for request 10
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
- So mschap should be used for authentication
modcall[authorize]: module "mschap" returns ok for request 10
rlm_realm: No '@' in User-Name = "BE2048", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 10
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 10
users: Matched entry BE2048 at line 108
- Which is:
BE2048 Auth-Type := Local, User-Password == "mypass@wd"
See? All of the documentation and Wiki pages say don't set Auth-Type.
Why? Because ALMOST EVERYONE GETS IT WRONG.
DELETE EVERY REFERENCE TO "Auth-Type := Local"
You configured the server to prevent MS-CHAP authentication. The
debug log shows this. It's not hard to find: look for the first
instance of the word "reject" while it's processing a request. Then,
read the lines above that.
Also, upgrade to 1.1.7. There are many fixes, and more documentation
saying what to do, and what not to do.
Alan DeKok.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.