Alan, I am apparently using a old guide. Made the updates to this. Still expierencing same issue +-----+----------+--------------------+----+--------+-------+------------+ | id | username | attribute | op | value | PID | expires | +-----+----------+--------------------+----+--------+-------+------------+ | 462 | 10295 | Cleartext-Password | := | 912547 | 10295 | 2011-03-21 | | 463 | 10295 | Cleartext-Password | := | 659320 | 10295 | 2011-03-21 | | 464 | 10295 | Cleartext-Password | := | 322438 | 10295 | 2011-03-28 | When I try to authenticate with any of the above the chap still ends up using the wrong username pw to verify against. Ready to process requests. rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59, length=216 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00:13:E8:17:C9:09" Called-Station-Id = "test1" NAS-Port-Id = "ether2" User-Name = "10295" MS-CHAP-Domain = "test" NAS-Port = 2153775135 Acct-Session-Id = "8060001f" Framed-IP-Address = 10.0.100.251 Mikrotik-Host-IP = 10.0.100.251 CHAP-Challenge = 0x16869b7cab8761381fd3e2ea56fc674a CHAP-Password = 0xdb03b44fee89561ab0a0bfdbf383f19cd8 Service-Type = Login-User WISPr-Logoff-URL = "http://10.0.100.1/logout" NAS-Identifier = "a2dtest" NAS-IP-Address = 192.168.99.175 Mikrotik-Realm = "test" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "10295", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> 10295 [sql] sql_set_user escaped user --> '10295' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '10295' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '10295' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '10295' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = CHAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group CHAP {...} [chap] login attempt by "10295" with CHAP password [chap] Using clear text password "566703" for user 10295 authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 10295 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59, length=216 Waiting to send Access-Reject to client hotspot port 35587 - ID: 59 Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 192.168.99.175 port 35587, id=59, length=216 Waiting to send Access-Reject to client hotspot port 35587 - ID: 59 Waking up in 0.3 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 59 to 192.168.99.175 port 35587 Waking up in 4.9 seconds. Cleaning up request 1 ID 59 with timestamp +36 Ready to process requests. Thanks Brent Hi,
+-----+----------+-----------+----+--------+-------+------------+ | id | username | attribute | op | value | PID | expires | +-----+----------+-----------+----+--------+-------+------------+ | 462 | 10295 | password | == | 912547 | 10295 | 2011-03-21 | ^^^^^^^^^ ^^^
thats wrong so is that the attribute should be 'Cleartext-Password' the operator should be := wonder what Doc or guide you are following? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html