configure pptp vpn using freeradius as a authenticator

elahe jahani elahe.jahani91 at gmail.com
Mon Jun 12 11:57:04 CEST 2017


Hello!
I recently want to configure a vpn server which is a radiusclient and send
accept-request to freeradius for authentication!

I create a vpn connection in windows 7 as a vpn client and try to connect
to my vpn server. my vpn server is pptp on debian 7.6 and also install
radiusclient1 inside pptp and config them through manual!I install
freeradius on other debian os and config it.

when I try to connect vpn connection to vpn server I entrance with 691
error. and when I run freeradius in debug mode with -X. i see :

rad_recv: Access-Request packet from host 192.168.59.3 port 47804, id=118,
length=63
    Service-Type = Framed-User
    Framed-Protocol = PPP
    User-Name = "Deg"
    Calling-Station-Id = "192.168.69.2"
    NAS-IP-Address = 192.168.0.113
    NAS-Port = 0

# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "Deg", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry Deg at line 96
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] No clear-text password in the request.  Not performing PAP.
++[pap] returns noop
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No User-Password or CHAP-Password attribute in the request.
Cannot perform authentication.
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> Deg
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 118 to 192.168.59.3 port 47804
Waking up in 4.9 seconds.
Cleaning up request 0 ID 118 with timestamp +34
Ready to process requests.




I dont know why freeradius does not receive User-Password or CHAP-Password!
whereas when I use radtest or radclient locally every things is ok and
Access-Accept!!

root at debian:~# radtest Deg  123 192.168.59.1 0 testing123
Sending Access-Request of id 122 to 192.168.59.1 port 1812
    User-Name = "Deg"
    User-Password = "123"
    NAS-IP-Address = 192.168.0.72
    NAS-Port = 0
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.59.1 port 1812, id=122,
length=20


I appreciate the time you took to question me, and I thank you for taking
time out to answer my question!


More information about the Freeradius-Users mailing list