I see PAP supports them all, So how do i utilize this? Does windows, android, and ios not support PAP?
So how do we secure the user accounts in the database?On Sun, Nov 4, 2012 at 4:11 PM, Blake Covarrubias <blake@covarrubi.as> wrote:
md5 passwords are not compatible with MS-CHAP.
--Blake CovarrubiasBelow is the log. I am able to connect using clear-text passwords but not encrypted passwords... What is confusing me is if i do a radtest it works fine using the users credentials that are encrypted... But as you can see below ths is me trying to connecting from my phone using the account i created in the databse with the password md5. Again this works when i do a radtest but not in a real world test. Only clear-text pw work in the realworld test.Thank you for your time.freeradius -XFreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Sep 11 2012 at 22:27:08Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR APARTICULAR PURPOSE.You may redistribute copies of FreeRADIUS under the terms of theGNU General Public License v2.Starting - reading configuration files ...including configuration file /etc/freeradius/radiusd.confincluding configuration file /etc/freeradius/proxy.confincluding configuration file /etc/freeradius/clients.confincluding files in directory /etc/freeradius/modules/including configuration file /etc/freeradius/modules/alwaysincluding configuration file /etc/freeradius/modules/mac2ipincluding configuration file /etc/freeradius/modules/sql_logincluding configuration file /etc/freeradius/modules/smbpasswdincluding configuration file /etc/freeradius/modules/detailincluding configuration file /etc/freeradius/modules/smsotpincluding configuration file /etc/freeradius/modules/cuiincluding configuration file /etc/freeradius/modules/wimaxincluding configuration file /etc/freeradius/modules/replicateincluding configuration file /etc/freeradius/modules/sqlcounter_expire_on_loginincluding configuration file /etc/freeradius/modules/sradutmpincluding configuration file /etc/freeradius/modules/papincluding configuration file /etc/freeradius/modules/echoincluding configuration file /etc/freeradius/modules/expirationincluding configuration file /etc/freeradius/modules/filesincluding configuration file /etc/freeradius/modules/mac2vlanincluding configuration file /etc/freeradius/modules/acct_uniqueincluding configuration file /etc/freeradius/modules/krb5including configuration file /etc/freeradius/modules/mschapincluding configuration file /etc/freeradius/modules/checkvalincluding configuration file /etc/freeradius/modules/preprocessincluding configuration file /etc/freeradius/modules/logintimeincluding configuration file /etc/freeradius/modules/pamincluding configuration file /etc/freeradius/modules/passwdincluding configuration file /etc/freeradius/modules/etc_groupincluding configuration file /etc/freeradius/modules/opendirectoryincluding configuration file /etc/freeradius/modules/attr_filterincluding configuration file /etc/freeradius/modules/linelogincluding configuration file /etc/freeradius/modules/sohincluding configuration file /etc/freeradius/modules/attr_rewriteincluding configuration file /etc/freeradius/modules/chapincluding configuration file /etc/freeradius/modules/rediswhoincluding configuration file /etc/freeradius/modules/counterincluding configuration file /etc/freeradius/modules/digestincluding configuration file /etc/freeradius/modules/policyincluding configuration file /etc/freeradius/modules/unixincluding configuration file /etc/freeradius/modules/ldapincluding configuration file /etc/freeradius/modules/otpincluding configuration file /etc/freeradius/modules/radutmpincluding configuration file /etc/freeradius/modules/perlincluding configuration file /etc/freeradius/modules/dynamic_clientsincluding configuration file /etc/freeradius/modules/detail.example.comincluding configuration file /etc/freeradius/modules/redisincluding configuration file /etc/freeradius/modules/ntlm_authincluding configuration file /etc/freeradius/modules/inner-eapincluding configuration file /etc/freeradius/modules/ippoolincluding configuration file /etc/freeradius/modules/realmincluding configuration file /etc/freeradius/modules/detail.logincluding configuration file /etc/freeradius/modules/execincluding configuration file /etc/freeradius/modules/exprincluding configuration file /etc/freeradius/eap.confincluding configuration file /etc/freeradius/sql.confincluding configuration file /etc/freeradius/sql/mysql/dialup.confincluding configuration file /etc/freeradius/policy.confincluding files in directory /etc/freeradius/sites-enabled/including configuration file /etc/freeradius/sites-enabled/defaultincluding configuration file /etc/freeradius/sites-enabled/inner-tunnelmain {user = "freerad"group = "freerad"allow_core_dumps = no}including dictionary file /etc/freeradius/dictionarymain {name = "freeradius"prefix = "/usr"localstatedir = "/var"sbindir = "/usr/sbin"logdir = "/var/log/freeradius"run_dir = "/var/run/freeradius"libdir = "/usr/lib/freeradius"radacctdir = "/var/log/freeradius/radacct"hostname_lookups = nomax_request_time = 30cleanup_delay = 5max_requests = 1024pidfile = "/var/run/freeradius/freeradius.pid"checkrad = "/usr/sbin/checkrad"debug_level = 0proxy_requests = yeslog {stripped_names = noauth = noauth_badpass = noauth_goodpass = no}security {max_attributes = 200reject_delay = 1status_server = yes}}radiusd: #### Loading Realms and Home Servers ####proxy server {retry_delay = 5retry_count = 3default_fallback = nodead_time = 120wake_all_if_all_dead = no}home_server localhost {ipaddr = 127.0.0.1port = 1812type = "auth"secret = "testing123"response_window = 20max_outstanding = 65536require_message_authenticator = yeszombie_period = 40status_check = "status-server"ping_interval = 30check_interval = 30num_answers_to_alive = 3num_pings_to_alive = 3revive_interval = 120status_check_timeout = 4coa {irt = 2mrt = 16mrc = 5mrd = 30}}home_server_pool my_auth_failover {type = fail-overhome_server = localhost}realm example.com {auth_pool = my_auth_failover}realm LOCAL {}radiusd: #### Loading Clients ####client localhost {ipaddr = 127.0.0.1require_message_authenticator = nosecret = "testsecret"nastype = "other"}client 192.168.2.24 {require_message_authenticator = nosecret = "testsecret"shortname = "cvpn-pptp"nastype = "other"}radiusd: #### Instantiating modules ####instantiate {Module: Linked to module rlm_execModule: Instantiating module "exec" from file /etc/freeradius/modules/execexec {wait = noinput_pairs = "request"shell_escape = yes}Module: Linked to module rlm_exprModule: Instantiating module "expr" from file /etc/freeradius/modules/exprModule: Linked to module rlm_expirationModule: Instantiating module "expiration" from file /etc/freeradius/modules/expirationexpiration {reply-message = "Password Has Expired "}Module: Linked to module rlm_logintimeModule: Instantiating module "logintime" from file /etc/freeradius/modules/logintimelogintime {reply-message = "You are calling outside your allowed timespan "minimum-timeout = 60}}radiusd: #### Loading Virtual Servers ####server { # from file /etc/freeradius/radiusd.confmodules {Module: Creating Auth-Type = digestModule: Creating Post-Auth-Type = REJECTModule: Checking authenticate {...} for more modules to loadModule: Linked to module rlm_papModule: Instantiating module "pap" from file /etc/freeradius/modules/pappap {encryption_scheme = "auto"auto_header = no}Module: Linked to module rlm_chapModule: Instantiating module "chap" from file /etc/freeradius/modules/chapModule: Linked to module rlm_mschapModule: Instantiating module "mschap" from file /etc/freeradius/modules/mschapmschap {use_mppe = yesrequire_encryption = yesrequire_strong = yeswith_ntdomain_hack = noallow_retry = yes}Module: Linked to module rlm_digestModule: Instantiating module "digest" from file /etc/freeradius/modules/digestModule: Linked to module rlm_unixModule: Instantiating module "unix" from file /etc/freeradius/modules/unixunix {radwtmp = "/var/log/freeradius/radwtmp"}Module: Linked to module rlm_eapModule: Instantiating module "eap" from file /etc/freeradius/eap.confeap {default_eap_type = "md5"timer_expire = 60ignore_unknown_eap_types = nocisco_accounting_username_bug = nomax_sessions = 4096}Module: Linked to sub-module rlm_eap_md5Module: Instantiating eap-md5Module: Linked to sub-module rlm_eap_leapModule: Instantiating eap-leapModule: Linked to sub-module rlm_eap_gtcModule: Instantiating eap-gtcgtc {challenge = "Password: "auth_type = "PAP"}Module: Linked to sub-module rlm_eap_tlsModule: Instantiating eap-tlstls {rsa_key_exchange = nodh_key_exchange = yesrsa_key_length = 512dh_key_length = 512verify_depth = 0CA_path = "/etc/freeradius/certs"pem_file_type = yesprivate_key_file = "/etc/freeradius/certs/server.key"certificate_file = "/etc/freeradius/certs/server.pem"CA_file = "/etc/freeradius/certs/ca.pem"private_key_password = "whatever"dh_file = "/etc/freeradius/certs/dh"random_file = "/dev/urandom"fragment_size = 1024include_length = yescheck_crl = nocipher_list = "DEFAULT"make_cert_command = "/etc/freeradius/certs/bootstrap"ecdh_curve = "prime256v1"cache {enable = nolifetime = 24max_entries = 255}verify {}ocsp {enable = nooverride_cert_url = yesurl = "http://127.0.0.1/ocsp/"}}Module: Linked to sub-module rlm_eap_ttlsModule: Instantiating eap-ttlsttls {default_eap_type = "md5"copy_request_to_tunnel = nouse_tunneled_reply = novirtual_server = "inner-tunnel"include_length = yes}Module: Linked to sub-module rlm_eap_peapModule: Instantiating eap-peappeap {default_eap_type = "mschapv2"copy_request_to_tunnel = nouse_tunneled_reply = noproxy_tunneled_request_as_eap = yesvirtual_server = "inner-tunnel"soh = no}Module: Linked to sub-module rlm_eap_mschapv2Module: Instantiating eap-mschapv2mschapv2 {with_ntdomain_hack = nosend_error = no}Module: Checking authorize {...} for more modules to loadModule: Linked to module rlm_preprocessModule: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocesspreprocess {huntgroups = "/etc/freeradius/huntgroups"hints = "/etc/freeradius/hints"with_ascend_hack = noascend_channels_per_line = 23with_ntdomain_hack = nowith_specialix_jetstream_hack = nowith_cisco_vsa_hack = nowith_alvarion_vsa_hack = no}Module: Linked to module rlm_realmModule: Instantiating module "suffix" from file /etc/freeradius/modules/realmrealm suffix {format = "suffix"delimiter = "@"ignore_default = noignore_null = no}Module: Linked to module rlm_filesModule: Instantiating module "files" from file /etc/freeradius/modules/filesfiles {usersfile = "/etc/freeradius/users"acctusersfile = "/etc/freeradius/acct_users"preproxy_usersfile = "/etc/freeradius/preproxy_users"compat = "no"}Module: Linked to module rlm_sqlModule: Instantiating module "sql" from file /etc/freeradius/sql.confsql {driver = "rlm_sql_mysql"server = "mysql.claravpn.com"port = "3306"login = "cvpnadmin"password = "106westwhiteoakstreet"radius_db = "cvpnradiusdb"read_groups = yessqltrace = nosqltracefile = "/var/log/freeradius/sqltrace.sql"readclients = nodeletestalesessions = yesnum_sql_socks = 5lifetime = 0max_queries = 0sql_user_name = "%{User-Name}"default_user_profile = ""nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"connect_failure_retry_delay = 60simul_count_query = "SELECT COUNT(*) #FROM radacct #WHERE username = '%{SQL-User-Name}' #AND acctstoptime IS NULL"simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"}rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linkedrlm_sql (sql): Attempting to connect to cvpnadmin@mysql.claravpn.com:3306/cvpnradiusdbrlm_sql (sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_mysql #0rlm_sql_mysql: Starting connect to MySQL server for #0rlm_sql (sql): Connected new DB handle, #0rlm_sql (sql): starting 1rlm_sql (sql): Attempting to connect rlm_sql_mysql #1rlm_sql_mysql: Starting connect to MySQL server for #1rlm_sql (sql): Connected new DB handle, #1rlm_sql (sql): starting 2rlm_sql (sql): Attempting to connect rlm_sql_mysql #2rlm_sql_mysql: Starting connect to MySQL server for #2rlm_sql (sql): Connected new DB handle, #2rlm_sql (sql): starting 3rlm_sql (sql): Attempting to connect rlm_sql_mysql #3rlm_sql_mysql: Starting connect to MySQL server for #3rlm_sql (sql): Connected new DB handle, #3rlm_sql (sql): starting 4rlm_sql (sql): Attempting to connect rlm_sql_mysql #4rlm_sql_mysql: Starting connect to MySQL server for #4rlm_sql (sql): Connected new DB handle, #4Module: Checking preacct {...} for more modules to loadModule: Linked to module rlm_acct_uniqueModule: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_uniqueacct_unique {key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"}Module: Checking accounting {...} for more modules to loadModule: Linked to module rlm_detailModule: Instantiating module "detail" from file /etc/freeradius/modules/detaildetail {detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"header = "%t"detailperm = 384dirperm = 493locking = nolog_packet_header = no}Module: Linked to module rlm_radutmpModule: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmpradutmp {filename = "/var/log/freeradius/radutmp"username = "%{User-Name}"case_sensitive = yescheck_with_nas = yesperm = 384callerid = yes}Module: Linked to module rlm_attr_filterModule: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filterattr_filter attr_filter.accounting_response {attrsfile = "/etc/freeradius/attrs.accounting_response"key = "%{User-Name}"relaxed = no}Module: Checking session {...} for more modules to loadModule: Checking post-proxy {...} for more modules to loadModule: Checking post-auth {...} for more modules to loadModule: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filterattr_filter attr_filter.access_reject {attrsfile = "/etc/freeradius/attrs.access_reject"key = "%{User-Name}"relaxed = no}} # modules} # serverserver inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnelmodules {Module: Checking authenticate {...} for more modules to loadModule: Checking authorize {...} for more modules to loadModule: Checking session {...} for more modules to loadModule: Checking post-proxy {...} for more modules to loadModule: Checking post-auth {...} for more modules to load} # modules} # serverradiusd: #### Opening IP addresses and Ports ####listen {type = "auth"ipaddr = *port = 0}listen {type = "acct"ipaddr = *port = 0}listen {type = "auth"ipaddr = 127.0.0.1port = 18120}... adding new socket proxy address * port 48747Listening on authentication address * port 1812Listening on accounting address * port 1813Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnelListening on proxy address * port 1814Ready to process requests.rad_recv: Access-Request packet from host 192.168.2.24 port 37360, id=33, length=151Service-Type = Framed-UserFramed-Protocol = PPPUser-Name = "md5sonder"MS-CHAP-Challenge = 0x0450cfc169281de4596f775878e83202MS-CHAP2-Response = 0x50002036d573a3f3f443f0adaaf52b1557b300000000000000004fab1da0b14e7e7827768b24019d9c9e41dec2d11872bbadCalling-Station-Id = "97.218.49.75"NAS-IP-Address = 127.0.0.1NAS-Port = 0# Executing section authorize from file /etc/freeradius/sites-enabled/default+- entering group authorize {...}++[preprocess] returns ok++[chap] returns noop[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'++[mschap] returns ok++[digest] returns noop[suffix] No '@' in User-Name = "md5sonder", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No EAP-Message, not doing EAP++[eap] returns noop[files] users: Matched entry DEFAULT at line 172++[files] returns ok[sql] expand: %{User-Name} -> md5sonder[sql] sql_set_user escaped user --> 'md5sonder'rlm_sql (sql): Reserving sql socket id: 4[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'md5sonder' ORDER BY id[sql] User found in radcheck table[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'md5sonder' ORDER BY id[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'md5sonder' ORDER BY priorityrlm_sql (sql): Released sql socket id: 4++[sql] returns ok++[expiration] returns noop++[logintime] returns noop[pap] Normalizing MD5-Password from hex encoding[pap] WARNING: Auth-Type already set. Not setting to PAP++[pap] returns noopFound Auth-Type = MSCHAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group MS-CHAP {...}[mschap] No Cleartext-Password configured. Cannot create LM-Password.[mschap] No Cleartext-Password configured. Cannot create NT-Password.[mschap] Creating challenge hash with username: md5sonder[mschap] Told to do MS-CHAPv2 for md5sonder with NT-Password[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.[mschap] FAILED: MS-CHAP2-Response is incorrect++[mschap] returns rejectFailed to authenticate the user.Using Post-Auth-Type Reject# Executing group from file /etc/freeradius/sites-enabled/default+- entering group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} -> md5sonderattr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject] returns updatedDelaying reject of request 0 for 1 secondsGoing to the next requestWaking up in 0.6 seconds.Sending delayed reject for request 0Sending Access-Reject of id 33 to 192.168.2.24 port 37360MS-CHAP-Error = "PE=691 R=1"Waking up in 4.9 seconds.Cleaning up request 0 ID 33 with timestamp +121Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html