[rad] RE: Free Radius users record samples for SmartEdgerouter subcriberauthentication.
Elias Abou Zeid
elias.abou.zeid at ericsson.com
Wed Jun 17 17:42:54 CEST 2009
Hi Ivan,
I used the following user record:
abc at RADIUS User-Password == "test"
Service-Type = Framed-User,
Framed-Protocol = PPP
And I sent a CHAP request, authentication still work.
rad_recv: Access-Request packet from host 10.205.1.1:1812, id=212,
length=188
User-Name = "abc at RADIUS"
CHAP-Password = 0x01fb483b2d567fd0e128500a3ce0980d0b
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = "Quiet"
NAS-Port = 167903232
NAS-Real-Port = 2717909092
NAS-Port-Type = Virtual
NAS-Port-Id = "10/2 vlan-id 100 pppoe 372"
Medium-Type = DSL
Mac-Addr = "00-0c-29-10-12-c3"
Platform-Type = SmartEdge-800
OS-Version = "6.1.2.6p9"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090617'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.205.1.1/auth-detail-20090617
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "RADIUS" for User-Name = "abc at RADIUS"
rlm_realm: No such realm "RADIUS"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry abc at RADIUS at line 148
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
rlm_chap: login attempt by "abc at RADIUS" with CHAP password
rlm_chap: Using clear text password "test" for user abc at RADIUS
authentication.
rlm_chap: chap user abc at RADIUS authenticated succesfully
modcall[authenticate]: module "chap" returns ok for request 0
modcall: leaving group CHAP (returns ok) for request 0
Login OK: [abc at RADIUS/<CHAP-Password>] (from client SE-Quiet port
167903232)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_ippool: Could not find Pool-Name attribute.
modcall[post-auth]: module "main_pool" returns noop for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/10.205.1.1/reply-detail-20090617'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m
%d expands to
/usr/local/var/log/radius/radacct/10.205.1.1/reply-detail-20090617
modcall[post-auth]: module "reply_log" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 212 to 10.205.1.1 port 1812
Service-Type = Framed-User
Framed-Protocol = PPP
Finished request 0
-----Original Message-----
From:
freeradius-users-bounces+elias.abou.zeid=ericsson.com at lists.freeradius.o
rg
[mailto:freeradius-users-bounces+elias.abou.zeid=ericsson.com at lists.free
radius.org] On Behalf Of Ivan Kalik
Sent: June-17-09 11:02 AM
To: FreeRadius users mailing list
Subject: RE: [rad] RE: Free Radius users record samples for
SmartEdgerouter subcriberauthentication.
> Just out for sake of completeness. On FreeRADIUS Version 1.1.7
>
> I tried both User-Password == "test" and Cleartext-Password := "test".
>
> They both work fine when the user entry is before default setting in
> users file.
For a pap request. Try sending chap or mschap request and see what
happens. Cleartext-Password will work with all cases, User-Password
won't.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list