Hi, I just tried this on radiusd: FreeRADIUS Version 3.1.0 (git #b2d5a45), for host x86_64-unknown-linux-gnu, built on Mar 4 2014 at 11:31:20 but hitting the same error: rad_recv: Access-Request packet from host 10.x.x.100 port 65050, id=45, length=50 User-Name = 'adamjseed' CHAP-Password = 0x64173a8adfdfb68e273ea9add77fa0e984 (2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (2) authorize { (2) filter_username filter_username { (2) ? if (!User-Name) (2) ? if (!User-Name) -> FALSE (2) ? if (User-Name != "%{tolower:%{User-Name}}") (2) expand: "%{tolower:%{User-Name}}" -> 'adamjseed' (2) ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE (2) ? if (User-Name =~ / /) (2) ? if (User-Name =~ / /) -> FALSE (2) ? if (User-Name =~ /@.*@/ ) (2) ? if (User-Name =~ /@.*@/ ) -> FALSE (2) ? if (User-Name =~ /\\.\\./ ) (2) ? if (User-Name =~ /\\.\\./ ) -> FALSE (2) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) (2) ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (2) ? if (User-Name =~ /\\.$/) (2) ? if (User-Name =~ /\\.$/) -> FALSE (2) ? if (User-Name =~ /@\\./) (2) ? if (User-Name =~ /@\\./) -> FALSE (2) } # filter_username filter_username = notfound (2) [preprocess] = ok (2) chap : Setting 'Auth-Type := CHAP' (2) [chap] = ok (2) [mschap] = noop (2) [digest] = noop (2) suffix : No '@' in User-Name = "adamjseed", looking up realm NULL (2) suffix : No such realm "NULL" (2) [suffix] = noop (2) eap : No EAP-Message, not doing EAP (2) [eap] = noop (2) [files] = noop rlm_ldap (ldap): Reserved connection (4) (2) ldap : expand: "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" -> '(uid=adamjseed)' (2) ldap : expand: "dc=example,dc=com" -> 'dc=example,dc=com' (2) ldap : Performing search in 'dc=example,dc=com' with filter '(uid=adamjseed)', scope 'sub' (2) ldap : Waiting for search result... (2) ldap : User object found at DN "cn=adamjseed,ou=users,dc=example,dc=com" (2) ldap : Processing user attributes (2) ldap : control:Password-With-Header += 'Password01' rlm_ldap (ldap): Released connection (4) (2) [-ldap] = ok (2) [expiration] = noop (2) [logintime] = noop (2) WARNING: pap : Auth-Type already set. Not setting to PAP (2) [pap] = noop (2) } # authorize = ok (2) Found Auth-Type = CHAP (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (2) Auth-Type CHAP { (2) chap : Login attempt by "adamjseed" with CHAP password (2) ERROR: chap : Cleartext password is required for authentication (2) [chap] = invalid (2) } # Auth-Type CHAP = invalid (2) Failed to authenticate the user (2) Using Post-Auth-Type Reject (2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (2) Post-Auth-Type REJECT { (2) attr_filter.access_reject : expand: "%{User-Name}" -> 'adamjseed' (2) attr_filter.access_reject : Matched entry DEFAULT at line 11 (2) [attr_filter.access_reject] = updated (2) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure (2) [eap] = noop (2) remove_reply_message_if_eap remove_reply_message_if_eap { (2) ? if (reply:EAP-Message && reply:Reply-Message) (2) ? if (reply:EAP-Message && reply:Reply-Message) -> FALSE (2) else else { (2) [noop] = noop (2) } # else else = noop (2) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (2) } # Post-Auth-Type REJECT = update On Mon, Mar 3, 2014 at 10:01 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On 3 Mar 2014, at 20:15, Adam Seed <adamjseed@gmail.com> wrote:
Finally got that working - Thanks Alan. Are there any plans to put this assumption in version 3?
Done.
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html