another CHAP issue

Nick nick at njryce.net
Thu Aug 16 17:34:44 CEST 2012 

Hi,

 

I have recently installed freeradius and am having some trouble
authenticating a test adsl user.

 

The users file is default plus the following additions:-

 

DEFAULT Framed-Protocol == PPP

        Framed-Protocol = PPP,

        Framed-Compression = Van-Jacobson-TCP-IP,

        Tunnel-Type == L2TP,

        Tunnel-Medium-Type == IP,

        Service-Type = Framed-User,

        Tunnel-Password = blahblah,

        Tunnel-Server-Endpoint = 192.168.0.1,

        Tunnel-Client-Auth-ID = Tunnel-21CN,

        Fall-Through = Yes

 

testuser at randomdomain.net.uk Cleartext-Password :="test123", NAS-IP-Address
== 1.1.1.1

        Service-Type = Framed-User,

        Framed-Protocol = PPP,

        Framed-IP-Address = 10.1.1.1,

        Framed-IP-Netmask = 255.255.255.255,

        Cisco-AVPair = "ip:dns-servers=8.8.8.8"

 

 

Ready to process requests.

rad_recv: Access-Request packet from host 62.249.192.164 port 31625, id=13,
length=145

        Framed-Protocol = PPP

        User-Name = "testuser at randomdomain.net.uk"

        CHAP-Password = 0x027bcf494903b89f4cda018f7c8af60ce1

        Connect-Info = "14292000/1000"

        NAS-Port-Type = ISDN

        NAS-Port = 21337

        NAS-Port-Id = "Uniq-Sess-ID1337"

        Service-Type = Framed-User

        NAS-IP-Address = 62.249.255.146

        Calling-Station-Id = "WBC BBEU00014378"

# Executing section authorize from file
/etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

[chap] Setting 'Auth-Type := CHAP'

++[chap] returns ok

++[mschap] returns noop

++[digest] returns noop

[suffix] Looking up realm "randomdomain.net.uk" for User-Name =
"testuser at randomdomain.net.uk"

[suffix] No such realm "randomdomain.net.uk"

++[suffix] returns noop

[eap] No EAP-Message, not doing EAP

++[eap] returns noop

[files] users: Matched entry DEFAULT at line 172

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.

++[pap] returns noop

Found Auth-Type = CHAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group CHAP {...}

[chap] login attempt by "testuser at randomdomain.net.uk" with CHAP password

[chap] Cleartext-Password is required for authentication

++[chap] returns invalid

Failed to authenticate the user.

Using Post-Auth-Type Reject

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group REJECT {...}

[attr_filter.access_reject]     expand: %{User-Name} ->
testuser at randomdomain.net.uk

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 0 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 0

Sending Access-Reject of id 13 to 62.249.192.164 port 31625

Waking up in 4.9 seconds.

Cleaning up request 0 ID 13 with timestamp +4

Ready to process requests.

 

 

The main thing that strikes me is the below:-

 

[chap] login attempt by "testuser at randomdomain.net.uk" with CHAP password

[chap] Cleartext-Password is required for authentication

++[chap] returns invalid

 

There is a Cleartext-Password set so unsure why this error is occurring.
Any help most appreciated.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120816/b56a8352/attachment-0001.html>

More information about the Freeradius-Users mailing list