Dear Phil,
By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also fails.
Authentication is what I'm doing wireless network.
Below is the result of debugging when I removed the Auth-Type PAP table radgroupcheck:
[sql_visitantes] expand: %{Stripped-User-Name} -> usql2
[sql_visitantes] sql_set_user escaped user --> 'usql2'
rlm_sql (sql_visitantes): Reserving sql socket id: 1
[sql_visitantes] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'usql2' ORDER BY id
[sql_visitantes] User found in radcheck table
[sql_visitantes] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'usql2' ORDER BY id
[sql_visitantes] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'usql2' ORDER BY priority
[sql_visitantes] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'visitantes' ORDER BY id
[sql_visitantes] User found in group visitantes
[sql_visitantes] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'visitantes' ORDER BY id
rlm_sql (sql_visitantes): Released sql socket id: 1
+++[sql_visitantes] returns ok
++- if (Realm == "visitantes" ) returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: usql2@visitantes
[mschap] Told to do MS-CHAPv2 for usql2@visitantes with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
2011/3/17 Phil Mayers
<p.mayers@imperial.ac.uk>
On 03/17/2011 08:01 PM, joaocdc@gmail.com wrote:
*[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not
contain a User-Password attribute!*
This is very clear:
mysql> select * from radgroupcheck;
+----+------------+-----------+----+-------+
| id | groupname | attribute | op | value |
+----+------------+-----------+----+-------+
| 1 | visitantes | Auth-Type | := | PAP |
+----+------------+-----------+----+-------+
1 row in set (0.00 sec)
This is wrong. Remove it.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
João Paulo de Lima Barbosa
Fone: (45) 9938-8399
Blog: http://joao.us
Twitter: @joaocdc
"O erro dos que tem poder é colocar barreiras para que ninguém os alcance, incentivando-nos a buscar todas as formas que encontramos para alcança-los."