Freeradius and eDirectory

Dusty Doris freeradius at mail.doris.cc
Wed Jul 6 14:55:14 CEST 2005 

> The only part the does not work is the chap authentication all other
> authentication works as it should. Our wholesale provider says we are
> doing PAP just fine but no chap. They had very old instructions for
> Freeradius but decided to start out with a totally clean install.
>
> This user below is in mysql database, and the system passwd/shadow files.
>
> He will not authenticate with the mysql database when we include a realm
> @domain
> and chap password.
>
> It gets the slipstream false from the database so I'm not sure why it
> won't authenticate
> the rest.
>
> Thread 1 handling request 0, (1 handled so far)
>     User-Name = "rniclh at surftheusa.com"
>     User-Password = "test123"
>     NAS-IP-Address = 255.255.255.255
>     NAS-Port = 100

I don't see a CHAP password in there.

>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   hints: Matched other at 80

You matched on the hints file on line 80 - what does your hints file say?

>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "attr_filter" returns noop for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "rniclh", skipping NULL due to config.
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched entry DEFAULT at line 159
>     users: Matched entry DEFAULT at line 178
>     users: Matched entry DEFAULT at line 190

You matched the users file in three seperate lines, 159, 178, and 190.
What does your users file say on each of those lines?

>   modcall[authorize]: module "files" returns ok for request 0
> radius_xlat:  'rniclh'
> rlm_sql (sql): sql_set_user escaped user --> 'rniclh'
...
>   modcall[authorize]: module "sql" returns ok for request 0
> modcall: group authorize returns ok for request 0

Your sql call returned OK, that means the sql part worked.

>   rad_check_password:  Found Auth-Type System
> auth: type "System"

Now it just got changed to Auth-Type System.  Is this from your users
file?

>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_unix: [rniclh]: invalid password

You authenticated with the unix module, is that what you want?  The user
failed because the password did not match your /etc/passwd file.

>   modcall[authenticate]: module "unix" returns reject for request 0
> modcall: group authenticate returns reject for request 0
> auth: Failed to validate the user.

I would look at your hints file and your users file to the lines it
matched at - post them here if you want us to take a look at it.  Also, if
you don't want to use /etc/passwd, then disable the unix module in the
authentication section.

More information about the Freeradius-Users mailing list