Alan DeKok wrote:
Why have you massively edited the debug output?
I haven't - I just censored the password, that's all! But in fact, it seems that I forgot one occurance :( ...
The password is displayed in plain text.
Which password? Could you explain which part of the edited output you refer to?
The "XXX" above.
In any case, what little you've posted shows that the client is sending a PAP authentication request. Are you sure that you have configured the server to do PAP authentication using NT-hashed
I have tried PAP and CHAP - how do I tell him about NT-hashes? I think that's exactly where it fails.
passwords? The debug output you've posted conveniently deletes EVERY REFERENCE TO THE AUTHENTICATION PROCESS.
That's ll I get! But you're right ... I remember that there was much more output when I tried it the last time. Oops, I accidentally typed "-x" instead of "-X". Here we go again: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:63689, id=86, length=57 User-Name = "fwvpn" User-Password = "XXX" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/opt/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20071105' rlm_detail: /opt/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /opt/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20071105 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 100 modcall[authorize]: module "files" returns ok for request 0 try to find in file rlm_passwd: Added LM-Password: '624AAC413795CDC1AAD3B435B51404EE' to config_items rlm_passwd: Added NT-Password: 'C5A237B7E9D8E708D8436B6148A25FA1' to config_items try to find in file modcall[authorize]: module "radpasswd" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect: [fwvpn/XXX] (from client localhost port 10) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 86 to 127.0.0.1 port 63689 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 86 with timestamp 472ee8ce Nothing to do. Sleeping until we see a request. "Auth-Type System" sounds like the culprit ... but I can't find that in radiusd.conf. TIA fw