Hi
I got it to work "at least half way", I did change pptpd options from 


-chap
-mschap
+mschap-v2
require-mppe

TO

+chap
+mschap
+mschap-v2
#require-mppe

And in MS Win 7 VPN settings I did set encryption to optional. This way I can connect, see 

++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "4FBCBB330F5000",User-Name = "test"'
[acct_unique] Acct-Unique-Session-ID = "6bbdd9f2f808f872".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 127.0.0.1
[detail]        expand: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radius/radacct/127.0.0.1/detail-20120523
[detail] /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20120523
[detail]        expand: %t -> Wed May 23 11:25:55 2012
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> test
++[radutmp] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 27 to 127.0.0.1 port 50177
Finished request 2.
Cleaning up request 2 ID 27 with timestamp +15
Going to the next request
Waking up in 4.7 seconds.


However when I do try to use MSCHAPV2 in VPN settings or if I do require encryption with appropriate settings in pptpd it fails.

Test example :

Set in VPN client in Win 7 to require encryption and MSCHAPV2 - "default options"
Set pptpd options to :
-chap
-mschap
+mschap-v2
require-mppe

I get the following in radius

++[sql] returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'Al0800-1200'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 1200
++[logintime] returns ok
[pap] No clear-text password in the request.  Not performing PAP.
++[pap] returns noop
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No User-Password or CHAP-Password attribute in the request.
Cannot perform authentication.
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 12 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 12
Sending Access-Reject of id 45 to 127.0.0.1 port 60652
Waking up in 4.9 seconds.
Cleaning up request 12 ID 45 with timestamp +591
Ready to process requests.

In short it works for chap but not mschap, any input please ?

Regards




On Wed, May 23, 2012 at 1:13 PM, Ali Jawad <ali.jawad@splendor.net> wrote:
Hi
Thanks again

I did remove Auth-Type entry from DB and error says now 

rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds

I am using a pptpd server, it has plugin radius.so plugin radattr.so loaded. The radius client is :

rpm -qa | grep radiusclient
radiusclient-ng-utils-0.5.6-3.el5
radiusclient-ng-0.5.6-3.el5

It's radiusclient config is :

auth_order      radius
login_tries     4
login_timeout   60
nologin         /etc/nologin
issue           /etc/radiusclient/issue
authserver      localhost:1812
acctserver      localhost:1813
servers         /etc/radiusclient/servers
#dictionary      /etc/raddb/dictionary
dictionary      /usr/share/radiusclient-ng/dictionary
login_radius    /usr/sbin/login.radius
seqfile         /var/run/radius.seq
mapfile         /etc/radiusclient/port-id-map
default_realm
radius_timeout  10
radius_retries  3
login_local     /bin/login

On Wed, May 23, 2012 at 12:54 PM, Alan DeKok <aland@deployingradius.com> wrote:
Ali Jawad wrote:
> Thanks for your patience so far.
>
> I did edit include sql.conf and only edited authorize to uncomment sql line.
>
> Now I am getting the below.
>
> [chap] ERROR: You set 'Auth-Type = CHAP' for a request that does not
> contain a CHAP-Password attribute!

 Because you forced Auth-Type := CHAP.  Don't do that.

> I did try as LOCAL and it says set CHAP, I also tried mschap

 It's MUCH better to *understand* what's going on.  Trying random
changes is terrible.

> Listening on proxy address * port 1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 36343, id=0,
> length=67
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         User-Name = "test"
>         Calling-Station-Id = "xxxxxxxx"
>         NAS-IP-Address = 127.0.0.1
>         NAS-Port = 0

 There's no password in this request.  Use a RADIUS client that sends a
password!

 Whatever RADIUS client you're using is broken.  Don't use it.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Ali Jawad
Information Systems Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554




--
Ali Jawad
Information Systems Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554