I also noticed that it is failing for PPP users as well:<div><br></div><div><div>prko Auth-Type := Local, User-Password == "xxxx"</div><div> Framed-Pool := "22",</div><div> Framed-IP-Netmask := 255.255.0.0,</div>
<div> Fall-Through = No</div><div><br></div><div><br></div><div><br></div><div>With this:</div><div><br></div><div><div>rad_recv: Access-Request packet from host 114.0.1.11 port 50633, id=63, length=146</div><div>
User-Name = "prko"</div><div> NAS-IP-Address = 2.2.2.2</div><div> Service-Type = Framed-User</div><div> Framed-Protocol = PPP</div><div> CHAP-Password = 0x019d64425b84c05b4dbef1cfc5d2665937</div>
<div> CHAP-Challenge = 0xe546ec9fc842c4fe4dbaaf0c23cb4724b5f8ab7bc3522ea4d1cc9a455d2437446a2463b26628b13363e0bf862d072b627fd6dd43a98be87b</div><div> NAS-Port-Type = 33</div><div> NAS-Port-Id = "1/1/5:2"</div>
<div> NAS-Identifier = "right-b4"</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>[chap] Setting 'Auth-Type := CHAP'</div><div>++[chap] returns ok</div><div>
++[mschap] returns noop</div><div>[suffix] No '@' in User-Name = "prko", looking up realm NULL</div><div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>[eap] No EAP-Message, not doing EAP</div>
<div>++[eap] returns noop</div><div>++[unix] returns notfound</div><div>[files] expand: %{User-Name} -> prko</div><div>[files] expand: %{User-Name} -> prko</div><div>[files] expand: %{User-Name} -> prko</div>
<div>[files] expand: %{User-Name} -> prko</div><div>WARNING: Found User-Password == "...".</div><div>WARNING: Are you sure you don't mean Cleartext-Password?</div><div>WARNING: See "man rlm_pap" for more information.</div>
<div>[files] users: Matched entry prko at line 244</div><div>[files] expand: %{NAS-Port-Id}-%{User-Name} -> 1/1/5:2-prko</div><div>++[files] returns ok</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div>
<div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div><div>++[pap] returns noop</div><div>Found Auth-Type = Local</div><div>WARNING: Please update your configuration, and remove 'Auth-Type = Local'</div>
<div>WARNING: Use the PAP or CHAP modules instead.</div><div>No "known good" password was configured for the user.</div><div>As a result, we cannot authenticate the user.</div><div>Failed to authenticate the user.</div>
<div>Using Post-Auth-Type Reject</div><div>+- entering group REJECT {...}</div><div>[attr_filter.access_reject] expand: %{User-Name} -> prko</div><div> attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div>
<div>Delaying reject of request 2 for 1 seconds</div><div>Going to the next request</div><div>Waking up in 0.9 seconds.</div><div>Sending delayed reject for request 2</div><div>Sending Access-Reject of id 63 to 114.0.1.11 port 50633</div>
<div>Waking up in 4.9 seconds.</div><div>Cleaning up request 2 ID 63 with timestamp +1009</div><div>Ready to process requests.</div></div><div><br></div><div><br></div><br><div class="gmail_quote">On Wed, Sep 22, 2010 at 2:59 PM, Marlon Duksa <span dir="ltr"><<a href="mailto:mduksa@gmail.com">mduksa@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi - we recently upgraded to version 2.1.8 (freeradius) and my authentication does not work any more.<div><br></div><div>
This used to work (configured in Radius):<br><div><br></div><div><div>basic-a User-Password == "csetestp"</div>
<div> User-Name =~ "^([aA-zZ]+)-([aA-zZ]+)$",</div><div> Framed-Pool := "21",</div><div> Class := 2,</div><div> Session-Timeout := 600,</div><div> Fall-Through = No</div>
</div></div><div><br></div><div><br></div><div>This is not pap/chap authentication - our NAS is sending auth-req for a DHCP user.</div><div><br></div><div>I also tried to change to cleartext-password. </div><div>Also I tried this: </div>
<div>basic-a Auth-Type := Local, User-Password == "csetestp" but no luck</div><div><br></div><div><br></div><div>This is what I'm getting on Radius:</div><div><br></div><div><div>rad_recv: Access-Request packet from host 114.0.1.11 port 50633, id=62, length=78</div>
<div> User-Name = "basic-a"</div><div> User-Password = "csetestp"</div><div> NAS-IP-Address = 2.2.2.2</div><div> NAS-Port-Type = Ethernet</div><div> NAS-Port-Id = "1/1/5:4"</div>
<div> NAS-Identifier = "right-b4"</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[suffix] No '@' in User-Name = "basic-a", looking up realm NULL</div>
<div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>[eap] No EAP-Message, not doing EAP</div><div>++[eap] returns noop</div><div>++[unix] returns notfound</div><div>[files] expand: %{User-Name} -> basic-a</div>
<div>[files] expand: %{User-Name} -> basic-a</div><div>[files] expand: %{User-Name} -> basic-a</div><div>[files] expand: %{User-Name} -> basic-a</div><div>WARNING: Found User-Password == "...".</div>
<div>WARNING: Are you sure you don't mean Cleartext-Password?</div><div>WARNING: See "man rlm_pap" for more information.</div><div>[files] users: Matched entry basic-a at line 106</div><div>++[files] returns ok</div>
<div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div><div>++[pap] returns noop</div>
<div>Found Auth-Type = Local</div><div>WARNING: Please update your configuration, and remove 'Auth-Type = Local'</div><div>WARNING: Use the PAP or CHAP modules instead.</div><div>No "known good" password was configured for the user.</div>
<div>As a result, we cannot authenticate the user.</div><div>Failed to authenticate the user.</div><div>Using Post-Auth-Type Reject</div><div>+- entering group REJECT {...}</div><div>[attr_filter.access_reject] expand: %{User-Name} -> basic-a</div>
<div> attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div><div>Delaying reject of request 1 for 1 seconds</div><div>Going to the next request</div><div>Waking up in 0.9 seconds.</div>
<div>Sending delayed reject for request 1</div><div>Sending Access-Reject of id 62 to 114.0.1.11 port 50633</div><div>Waking up in 4.9 seconds.</div><div>Cleaning up request 1 ID 62 with timestamp +37</div><div>Ready to process requests.</div>
</div><div><br></div>
</blockquote></div><br></div>