Auth configuration help

Tim Sylvester tim.sylvester at networkradius.com
Thu Aug 25 04:24:19 CEST 2011 

You NAS is sending the password in clear text and is not doing CHAP, so the
RADIUS server needs to find either a clear text password or a hashed
password. Where are you storing usernames/passwords? Make sure that you have
an entry with for User-Name = aewais at domain.ca and Cleartext-Password :=
"password".

 

 

 

-------- Original Message -------- 


Subject: 

Auth configuration help


Date: 

Wed, 24 Aug 2011 21:53:46 -0400


From: 

Dom  <mailto:dversace at tekcorner.ca> <dversace at tekcorner.ca>


To: 

freeradius-users at lists.freeradius.org

 

I was hoping someone could help.  We have a cisco 3825 with radius 
server pointed to our freeradius installation.  When I test radius 
authentication using NTRadping using CHAP authentication everything 
works fine.  However when we try to connect via a standard dsl 
connection we get these failures.  I was hoping someone could help point 
me in the right direction to fix the issue.
 
Thanks
 
rad_recv: Access-Request packet from host 64.34.66.5 port 1645, id=26, 
length=134
        Framed-Protocol = PPP
        User-Name =  <mailto:aewais at domain.ca> "aewais at domain.ca"
        User-Password = "password"
        Calling-Station-Id = "bas105300000096"
        Connect-Info = "1000000000"
        NAS-Port-Type = Virtual
        NAS-Port = 26
        NAS-Port-Id = "Uniq-Sess-ID26"
        Service-Type = Framed-User
        NAS-IP-Address = 64.34.xxxx.xxxx
# Executing section authorize from file 
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "tekcorner.ca" for User-Name =
<mailto:aewais at domain.ca> "aewais at domain.ca"
[suffix] No such realm "domain.ca"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  <--- The PAP
module could not find a password for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: 
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> aewais at domain.ca
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 26 to 64.34.xxx.xxx port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 26 with timestamp +97
Ready to process requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110824/56764e6c/attachment.html>

More information about the Freeradius-Users mailing list