Problem with CHAP, users file and radclient
Hello, i try to test a new freeradius (1.0.5) installation with radclient (Version 1.72.2.1)and an existing auth-log detailfile. The authentication failed in rlm_check_password. Please take a look at the radius.log sequence at bottom. In the auth-log file are accepted requests of a different server, wich gets the user-password via mysql. In the auth-log file are Chap-Password and Chap-Challenge attributes. The new installation should use the users file for storing the password. So i exctracted the data from mysql-db and created the users file. The passwords are stored cleartext. Did i somthing missing in the configuration (see log)? Couldn't i use radclient this way to test real packets? Did you need mor information? Thank you for help Andreas Engler the users file entry: hubba User-Password == "bubba", NAS-Port-Id == 1/0/0/8.32 the radius.log sequence: Thread 1 handling request 0, (1 handled so far) Framed-Protocol = PPP User-Name = "hubba" CHAP-Password = 0x2c98390c540135e0bbf1024d3dff4a71ef NAS-Port-Type = Virtual NAS-Port = 268959776 NAS-Port-Id = "1/0/0/8.32" Connect-Info = "pppoe4atm" Service-Type = Framed-User NAS-IP-Address = xxx.xxx.xxx.xxx CHAP-Challenge = 0x3fc1d8dc7b393459a292d664a9054a92 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_passwd: Added Grp-Name: 'test##all##' to request_items modcall[authorize]: module "etc_group" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20051220' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20051220 modcall[authorize]: module "auth_log" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 users: Matched entry DEFAULT at line 11 users: Matched entry hubba at line 31 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by "hubba" with CHAP password rlm_chap: Using clear text password bubba for user hubba authentication. rlm_chap: Pasword check failed modcall[authenticate]: module "chap" returns reject for request 0 modcall: group Auth-Type returns reject for request 0 auth: Failed to validate the user. Login incorrect (rlm_chap: Wrong user password): [hubba/<CHAP-Password>] (from client localhost port 268959776)
Andreas Engler <freeradius@arcor.de> wrote:
rlm_chap: login attempt by "hubba" with CHAP password rlm_chap: Using clear text password bubba for user hubba authentication. rlm_chap: Pasword check failed
The password entered in the client does not match the password you configured on the server. Nothing else will cause this error. Alan DeKok.
participants (2)
-
Alan DeKok -
Andreas Engler