Auth All but only for those in my clients.conf

Dusty Doris freeradius at mail.doris.cc
Mon Dec 19 21:05:17 CET 2005 

> Again, I did want to mention that only CHAP request fail, others go through 
> fine with an Accept.
>
>
> #####################################################################
>
> Listening on authentication *:1812
> Listening on accounting *:1813
> Ready to process requests.
> rad_recv: Access-Request packet from host ##MyIPwasHere##:3457, id=0, 
> length=57
>       User-Name = "todd@##MyDomainWasHere##.com"
>       CHAP-Password = 0x7e842a573cd6363e06fe53a93a7b8d9e94
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> radius_xlat: 
> '/var/log/radius/radacct/##ClientIPwasHere##/auth-detail-20051219'
> rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
> expands to /var/log/radius/radacct/##ClientIPwasHere##/auth-detail-20051219
> modcall[authorize]: module "auth_log" returns ok for request 0

I think this is the problem.  Try commenting out chap in the authorize 
section.

> rlm_chap: Setting 'Auth-Type := CHAP'
> modcall[authorize]: module "chap" returns ok for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
>   rlm_realm: Looking up realm "##MyDomainWasHere##/" for User-Name = 
> "todd@##MyDomainWasHere##/.com"
>   rlm_realm: No such realm "##MyDomainWasHere##/.com"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
>   users: Matched entry DEFAULT at line 156

I'd have to assume this matches line (156) matches your Auth-Type := 
Accept.  However, for some reason its not overriding the Auth-Type := 
Chap, that was set earlier by the chap section of authorize.

> modcall[authorize]: module "files" returns ok for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password:  Found Auth-Type CHAP
> auth: type "CHAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> rlm_chap: login attempt by "todd@##MyDomainWasHere##.com" with CHAP password
> rlm_chap: Could not find clear text password for user 
> todd@##MyDomainWasHere##.com
> modcall[authenticate]: module "chap" returns invalid for request 0
> modcall: group Auth-Type returns invalid for request 0
> auth: Failed to validate the user.
> Login incorrect (rlm_chap: Clear text password not available): 
> [todd@##MyDomainWasHere##.com/<CHAP-Password>] (from client ToddHome port 0)
> Delaying request 0 for 1 seconds
> Finished request 0

Try commenting out chap in authorize and authenticate and see what 
happens.

More information about the Freeradius-Users mailing list