newbie question basic passwd authentication

Ilia Chipitsine ilia at paramon.ru
Tue Jul 5 16:48:47 CEST 2005 

> Hi,
>
> I am a complete newbie with radius. I need to configure this for use with a 
> PPTP VPN. The end goal will be that radius is running on a fedora box, and 
> authenticates against a SMBPASSWD file. PPTPd needs chap.

I used to run it againts smbpasswd, now I'm running against LDAP :-)

samba and freeradius use the same password hashes. I can share 
configuration if You want.

>
> but I am getting ahead of myself, irst I need to get a basic system working. 
> I installed the freeradius rpm, and tried to configure some things:
>
> file clients.conf:
> client 127.0.0.1 {
> 	secret = testing123
> 	shortname = localhost
> 	nastype = other
> }
> client 192.168.1.0/24 {
> 	secret = testing123
> 	shortname = localnet
> }
>
> File naslist:
> localhost	local	other
>
> File users:
> nothing changed, all seemed oke to me.
>
> file radius.conf:
> cutted away some text
> unix {
> 	cache = no
> 	cache_reload = 600
> 	passwd = /etc/passwd
> 	shadow = /etc/shadow
> 	group = /etc/group
> }
>
> When I now start the daemon as root:
> # radiusd -sfxxyz -l stdout.
>
>
> When I tried to test it from the console again:
> radtest ramses "OfCourseThisShouldBeSomethingLessObvious" localhost 1 
> testing123
> I see this at my console:
>
> rad_recv: Access-Request packet from host 127.0.0.1:32769, id=122, length=58
>        User-Name = "ramses"
>        User-Password = "OfCourseThisShouldBeSomethingLessObvious"
>        NAS-IP-Address = 255.255.255.255
>        NAS-Port = 1
>  Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "ramses", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 0
>    users: Matched DEFAULT at 152
>  modcall[authorize]: module "files" returns ok for request 0
> modcall: group authorize returns ok for request 0
>  rad_check_password:  Found Auth-Type System
> auth: type "System"
>  Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_unix: [ramses]: invalid password
>  modcall[authenticate]: module "unix" returns reject for request 0
> modcall: group authenticate returns reject for request 0
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 122 to 127.0.0.1:32769
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 122 with timestamp 42ca3387
> Nothing to do.  Sleeping until we see a request.
>
>
> Ofcourse I tripple checked the typed in password, and I could find nothing 
> wrong with that one.
>
> Now I think all I can do is shoult: HELPPPPPPP adoes anyone have any ideas?
>
> kind regards,
>
> Ramses
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list