<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000066">
<font size="-1"><font face="Helvetica, Arial, sans-serif">Hello Ajitabh,<br>
<br>
Does PAP work? If it does, then your overall configuration is correct.
Whenever doing a new setup, always begin with PAP Password from PPTP
and Clear-text password in Mysql, and if it works then go ahead and
change the setting on either side to suit your needs.<br>
<br>
I think the issue is that you are storing the password encrypted - the
radius server either expects a Cleartext-Password or Chap-Password for
MSCHAPv2, and you have Crypt - something the radius server cannot
really derive anything for comparison on basis of any conversion
between them.<br>
<br>
IMO you have these options :<br>
<br>
1. MSCHAPv2 + Clear-Text Password<br>
2. MSCHAPv2 + NT-LM hashes<br>
3. PAP + Crypt Password<br>
4. PAP + Clear-Text Password<br>
<br>
Padam<br>
<br>
</font></font><br>
Ajitabh Pandey wrote:
<blockquote
cite="mid:f97ae15f0907032202qc4c260l66297d15ffd94506@mail.gmail.com"
type="cite">
<pre wrap="">Hello,
I am trying to setup the poptop authentication through freeradius with
mysql backend. Freeradius server as of now will only authenticate
users and do accounting. IP delegation will be done by poptop.
The radtest for a test user is successful.
# radtest myuser testpassword localhost 1812 'testing123'
Sending Access-Request of id 13 to 127.0.0.1 port 1812
User-Name = "myuser"
User-Password = "mypassword"
NAS-IP-Address = A.B.C.D
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=20
Here are three insert I made in the mysql tables, may be they are of use:
insert into radcheck (username,attribute,op,value) values
('myuser','Crypt-Password',':=',encrypt('mypassword'));
insert into radgroupcheck (groupname,attribute,op,value) values
('dynamic','Auth-Type',':=','Crypt-Local');
insert into radgroupreply (groupname,attribute,op,value) values
('dynamic','Acct-Interim-Interval','=',60);
Here is the freeradius -X output snippet for authentication:
rad_recv: Access-Request packet from host 127.0.0.1 port 40483, id=65,
length=153
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "myuser"
MS-CHAP-Challenge = 0x47359b9f4e6e11824858fd4b2a4a67c8
MS-CHAP2-Response =
0x7700234d5c8cd2388b66dd01a736d817a8070000000000000000629ab9bb7a480528165b51e15fb04b5293cc5b2ed0d5d272
Calling-Station-Id = "A.B.C.D"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
expand: %{User-Name} -> myuser
rlm_sql (sql): sql_set_user escaped user --> 'myuser'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'myuser' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'myuser' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'myuser' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [myuser/<no User-Password attribute>] (from client
localhost port 0 cli A.B.C.D)
Found Post-Auth-Type Reject
WARNING: Unknown value specified for Post-Auth-Type. Cannot perform
requested action.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 1.0 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 65 to 127.0.0.1 port 40483
The radiusd.conf file is more or less the default except I have added
the sql lines to it.
It will be great if someone can provide any help regarding this.
Please let me know if you need further information from my side.
Regards.
</pre>
</blockquote>
</body>
</html>