Hi again, I run into trouble again. I want to authenticate with chap and radius failed with: rad_recv: Access-Request packet from host 127.0.0.1:32769, id=110, length=70 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "test1" CHAP-Password = 0xfaf5457967797fc6264e6925d24689d299 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 14 modcall[authorize]: module "mschap" returns noop for request 14 rlm_realm: No '@' in User-Name = "test1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 14 radius_xlat: 'test1' rlm_sql (sql): sql_set_user escaped user --> 'test1' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test1' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test1' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test1' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test1' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test1' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test1' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test1' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test1' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 14 modcall: leaving group authorize (returns ok) for request 14 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 14 rlm_chap: login attempt by "test1" with CHAP password rlm_chap: Using clear text password password for user test1 authentication. rlm_chap: Pasword check failed modcall[authenticate]: module "chap" returns reject for request 14 modcall: leaving group CHAP (returns reject) for request 14 auth: Failed to validate the user. I don't undrestand why in "rlm_chap: login attempt by "test1" with CHAP password" the password isn't listed, altough the freeradius is in debug mode. Alex Alexandru Matei wrote:
Thank you, that was it! Still, I'll be gratefull if somebody can point me into right direction with some documentation describing what Attributes -Type -Values are more usually used. That's besides the dictionaries... One last tought: I think Freeradius could de improved if in debug mode caould say what is the sql result it doesn't like.
Regards, Alex Stefan Winter wrote: