freeradius, problem with chap ?
James J J Hooper
jjj.hooper at bristol.ac.uk
Thu Dec 1 23:51:16 CET 2011
On 01/12/2011 22:41, Piotr wrote:
> This is debug from l2tp/ipsec connection:
> CHAP-Password = 0x01972f0886c4e5e2f30e32053dbcf67504
> [chap] login attempt by "tom3" with CHAP password
> [chap] Cleartext-Password is required for authentication
> ++[chap] returns invalid
> Failed to authenticate the user.
> Login incorrect (rlm_chap: Clear text password not available):
> and here is debug from working connection for sslvpn:
> User-Password = "bd8d9a"
> [MOTP] expand: %{User-Password} -> bd8d9a
> Exec-Program: returned: 0
> ++[MOTP] returns ok
> Login OK: [tom3/bd8d9a] (from client ciscoasa port 5353472 cli
> 9.72.8.13)
If you want FR to handle the CHAP for you:
> [chap] Cleartext-Password is required for authentication
If FR doesn't know the correct password, you can't expect it to do CHAP.
Change things so FR knows the password, or do plain text authn as per your
first scenario.
-James
More information about the Freeradius-Users
mailing list