<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Hello,
<br>
<br>
i try to test a new freeradius (1.0.5) installation with radclient
(Version 1.72.2.1)and an existing auth-log detailfile. The
authentication failed in rlm_check_password. Please take a look at the
radius.log sequence at bottom.
<br>
<br>
In the auth-log file are accepted requests of a different server, wich
gets the user-password via mysql. In the auth-log file are
Chap-Password and Chap-Challenge attributes.
<br>
<br>
The new installation should use the users file for storing the
password. So i exctracted the data from mysql-db and created the users
file. The passwords are stored cleartext.
<br>
<br>
Did i somthing missing in the configuration (see log)?
<br>
Couldn't i use radclient this way to test real packets?
<br>
Did you need mor information?
<br>
<br>
Thank you for help
<br>
<br>
Andreas Engler
<br>
<br>
<br>
the users file entry:
<br>
<br>
hubba User-Password == "bubba", NAS-Port-Id == 1/0/0/8.32
<br>
<br>
the radius.log sequence:
<br>
<br>
Thread 1 handling request 0, (1 handled so far)
<br>
Framed-Protocol = PPP
<br>
User-Name = "hubba"
<br>
CHAP-Password = 0x2c98390c540135e0bbf1024d3dff4a71ef
<br>
NAS-Port-Type = Virtual
<br>
NAS-Port = 268959776
<br>
NAS-Port-Id = "1/0/0/8.32"
<br>
Connect-Info = "pppoe4atm"
<br>
Service-Type = Framed-User
<br>
NAS-IP-Address = xxx.xxx.xxx.xxx
<br>
CHAP-Challenge = 0x3fc1d8dc7b393459a292d664a9054a92
<br>
Processing the authorize section of radiusd.conf
<br>
modcall: entering group authorize for request 0
<br>
modcall[authorize]: module "preprocess" returns ok for request 0
<br>
rlm_passwd: Added Grp-Name: 'test##all##' to request_items
<br>
modcall[authorize]: module "etc_group" returns ok for request 0
<br>
radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20051220'
<br>
rlm_detail: <i class="moz-txt-slash"><span class="moz-txt-tag">/</span>var/log/radius/radacct<span
class="moz-txt-tag">/</span></i>%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20051220
<br>
modcall[authorize]: module "auth_log" returns ok for request 0
<br>
rlm_chap: Setting 'Auth-Type := CHAP'
<br>
modcall[authorize]: module "chap" returns ok for request 0
<br>
users: Matched entry DEFAULT at line 11
<br>
users: Matched entry hubba at line 31
<br>
modcall[authorize]: module "files" returns ok for request 0
<br>
modcall: group authorize returns ok for request 0
<br>
rad_check_password: Found Auth-Type CHAP
<br>
auth: type "CHAP"
<br>
Processing the authenticate section of radiusd.conf
<br>
modcall: entering group Auth-Type for request 0
<br>
rlm_chap: login attempt by "hubba" with CHAP password
<br>
rlm_chap: Using clear text password bubba for user hubba
authentication.
<br>
rlm_chap: Pasword check failed
<br>
modcall[authenticate]: module "chap" returns reject for request 0
<br>
modcall: group Auth-Type returns reject for request 0
<br>
auth: Failed to validate the user.
<br>
Login incorrect (rlm_chap: Wrong user password):
[hubba/<CHAP-Password>] (from client localhost port 268959776)
<br>
</body>
</html>