NM posted to quickly, secrets were wrong, fiddling around with 

Unsupported protocol 'IPv6 Control Protovol' (0x8057) received

after that it should work, will definitively post it up in a howto.

Regards

On Wed, May 23, 2012 at 3:31 PM, Ali Jawad <ali.jawad@splendor.net> wrote:
Hi again
I did do some more reading and finally got radius to authenticate mschap, I am using the users file to add users for the time being and no SQL. A user can authenticate properly 

See

Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 3 ID 100 with timestamp +136
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 57868, id=101, length=132
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "test"
        MS-CHAP-Challenge = 0x65c4689b30c27f604fcca7ba1370fdba
        MS-CHAP2-Response = 0x31004bfca25ae57e8617e1e2d3cebde289040000000000000000c4cd490b424b34bfa53ad8b65fb786d994c6f647dbdd001a
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry test at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: test
[mschap] Told to do MS-CHAPv2 for test with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 101 to 127.0.0.1 port 57868
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 172.16.3.33
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = Broadcast-Listen
        Framed-Filter-Id = "std.ppp"
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP
        MS-CHAP2-Success = 0x31533d43303035333346323444353031324334354144323433334634334344343931374636363944453733
        MS-MPPE-Recv-Key = 0x494fa970f9bb475a70b1b37179089b1d
        MS-MPPE-Send-Key = 0x546cdc52da0bf3818284fe5e6c48332d
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-MPPE-Encryption-Types = 0x00000004
Finished request 4.

but I get the following error on the pptpd side 


May 23 13:30:01 pptp-test-100-13 pppd[7512]: rc_check_reply: received invalid reply digest from RADIUS server

Any input please ?

Regards

On Wed, May 23, 2012 at 3:17 PM, Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Wed, May 23, 2012 at 02:02:02PM +0200, Alan DeKok wrote:
> Matthew Newton wrote:
> > I'm not sure who looks after them now, or if they are maintained.
> > I've just found radiusclient-ng, which looks more recent, but have
> > no experience of it.
> >
> > But this is all mildly off-topic for FreeRADIUS...
>
>   radiusclient-ng is no longer developed.
>
>   It has become freeradius-client. :)  See http://freeradius.org

Ah - thanks. I had it on my list to hack at the radiusclient code
to try and update it. 30 minutes ago, that list entry changed to
radiusclient-ng.

Looks like I'll be looking at the freeradius-client code instead
now... if I ever get time!

Cheers,

Matthew


--
Matthew Newton, Ph.D. <mcn4@le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Ali Jawad
Information Systems Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554




--
Ali Jawad
Information Systems Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554