Hi again, I'm coming back with this problem. When I change "User-Password" for "Cleartext-Password", my NAS can't connect with the Radius because NAS is sendig in CHAP mode rad_recv: Access-Request packet from host 192.168.1.39 port 2050, id=0, length=228 User-Name = "belen@host.com" CHAP-Challenge = 0x53a8429597c9b905cbab17b209bf294 CHAP-Password = 0x005fe19cab42985d294e73e48156dd4ce0 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.10.2 Calling-Station-Id = "xx-xx-xx-xx-xx-xx" Called-Station-Id = "xx-xx-xx-xx-xx-xx" NAS-Identifier = "nas01" Acct-Session-Id = "4900b86200000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x9a651id7eab7ded29008bf6c18244954 WISPr-Logoff-URL = "http://192.168.10.1:3990/logoff" +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [sql] expand: %{User-Name} -> belen@host.com [sql] sql_set_user escaped user --> 'belen@host.com' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'belen@host.com' ORDER BY id [sql] User found in radcheck table rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "belen@host.com" with CHAP password [chap] Using clear text password "pass" for user belen@host.com authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Login incorrect (rlm_chap: Wrong user password): [belen@host.com/<CHAP-Password>] (from client malditonas port 0 cli xx-xx-xx-xx-xx-xx) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> belen@host.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 0 to 192.168.1.39 port 2050 Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +1313 Ready to process requests. When I set "User-Password" in the data base, again, I can connect but with the "mistake": Found Auth-Type = CHAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group CHAP {...} [chap] login attempt by "belen@host.com" with CHAP password [chap] Using clear text password "pass" for user belen@hostcom authentication. [chap] chap user belen@seasuntel.com authenticated succesfully ++[chap] returns ok It is really wrong???? Besides, this could be affecting to my SQL query in radgroupreply? I remember my dicctionary doesn't send attributes to the NAS and query about radgroupreply is being ignored Thanks tnt@kalik.net escribió:
On the other hand, I don't know how I can fix this fail and why is produced
WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information.
Because you should be using Cleartext-Password in user entry.
http://wiki.freeradius.org/SQL_HOWTO#Populating_SQL
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--