Framed-Protocol PPP question

Jonas Fornander support at netwood.net
Thu Aug 16 18:27:03 CEST 2012 

Jonas Fornander wrote:
> We have successfully installed and tested FreeRadius.
> 
> However authentication fails when we try with a live customer.
..
> [chap] Cleartext-Password is required for authentication

  That should be pretty clear.

> This is the entry we have for the customer in the users file:
>
> 3108396020 at netwood.net Cleartext-Password := "testing123"
>
> Any advice is greatly appreciated.

  Well... it wasn't found in the "users" file.

  It's impossible to know what really happened, because you helpfully
deleted all of the useful information from the debug log.

  Alan DeKok.

[jonas] Below is the whole log for that connection attempt. 

Ready to process requests.
rad_recv: Access-Request packet from host 64.105.132.249 port 1814, id=116,
length=294
        User-Name = "3108396020 at netwood.net"
        CHAP-Password = 0x01c0dd7a2fa7e1d41a9fbafbfc04a227e3
        CHAP-Challenge = 0x34c09a5e9141f29c9d7cae2f2066f379
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Identifier = "lsanca54-seb3"
        NAS-Port = 67371072
        NAS-Real-Port = 1140850918
        NAS-Port-Type = Virtual
        NAS-Port-Id = "4/4 vpi-vci 0 230 pppoe 345"
        Medium-Type = DSL
        Mac-Addr = "58-6d-8f-3e-7e-40"
        Connect-Info = "covad"
        Platform-Type = SmartEdge-800
        OS-Version = "6.1.5.6"
        Acct-Session-Id = "0303003F28004E4F-502C6F45"
        Framed-IP-Address = 68.167.6.182
        NAS-IP-Address = 66.166.60.137
        Message-Authenticator = 0xa4c9ddcd035e84cf48dd06f771b57593
        Proxy-State = 0x313932
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
:
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "3108396020 at netwood.net" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Login incorrect (rlm_chap: Clear text password not available):
[3108396020 at netwood.net/<CHAP-Password>] (from client LosAngeles port
67371072)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} ->
3108396020 at netwood.net
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 253 to 64.105.132.249 port 1814
        Proxy-State = 0x313838
Waking up in 4.9 seconds.
Cleaning up request 0 ID 253 with timestamp +9726
Ready to process requests.

//jonas

More information about the Freeradius-Users mailing list