Chap Authentication failure

Sudarshan Soma sudarshan12s at gmail.com
Tue Jun 17 15:03:32 CEST 2008


Hi,
Iam trying to understand CHALLENGE RESPONSE behaviour. I have tried to
use CHAP protocol and issued the following.
 echo 'User-Name="userX"'; echo 'CHAP-Password="stealme"' |
/usr/local/bin/radclient -x 192.168.11.94:1812 auth testing12

It gives me the following error:
User-Name="userX"
Sending Access-Request of id 184 to 192.168.11.94 port 1812
        CHAP-Password = 0xb83e2e295a4a0d3edddbfbb3a37058ff7a
rad_recv: Access-Reject packet from host 192.168.11.94:1812, id=184, length=20


The radius server gives the following messages, please help me
rad_recv: Access-Request packet from host 192.168.11.94:33116, id=184,
length=39        CHAP-Password = 0xb83e2e295a4a0d3edddbfbb3a37058ff7a
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Proxy reply, or no User-Name.  Ignoring.
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
rlm_chap: Attribute "User-Name" is required for authentication.
  modcall[authenticate]: module "chap" returns invalid for request 0
modcall: leaving group CHAP (returns invalid) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 184 to 192.168.11.94 port 33116
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 184 with timestamp 4857b5ab
Nothing to do.  Sleeping until we see a request.


Regards,
pavan



More information about the Freeradius-Users mailing list