Freeradius and eDirectory
Radius
radius at kingmanaz.net
Wed Jul 6 18:28:26 CEST 2005
I'm thinking that part of this below might be that I can only test locally
with radtest. Is there a way to tell radtest to simulate a chap password?
But when our provider was running a couple authentication tests for me
before I put the backup drive in place it would not authenticate chap.
The backup had version 0.9.3 and is running fine right now.
So to be able to use the newest version I figured I should try and fix
what I did/didn't do.
Dusty Doris wrote:
>>The only part the does not work is the chap authentication all other
>>authentication works as it should. Our wholesale provider says we are
>>doing PAP just fine but no chap. They had very old instructions for
>>Freeradius but decided to start out with a totally clean install.
>>
>>This user below is in mysql database, and the system passwd/shadow files.
>>
>>He will not authenticate with the mysql database when we include a realm
>>@domain
>>and chap password.
>>
>>It gets the slipstream false from the database so I'm not sure why it
>>won't authenticate
>>the rest.
>>
>>Thread 1 handling request 0, (1 handled so far)
>> User-Name = "rniclh at surftheusa.com"
>> User-Password = "test123"
>> NAS-IP-Address = 255.255.255.255
>> NAS-Port = 100
>>
>>
>
>I don't see a CHAP password in there.
>
>
>
>> Processing the authorize section of radiusd.conf
>>modcall: entering group authorize for request 0
>> hints: Matched other at 80
>>
>>
>
>You matched on the hints file on line 80 - what does your hints file say?
>
>
>
>> modcall[authorize]: module "preprocess" returns ok for request 0
>> modcall[authorize]: module "attr_filter" returns noop for request 0
>> modcall[authorize]: module "chap" returns noop for request 0
>> rlm_realm: No '@' in User-Name = "rniclh", skipping NULL due to config.
>> modcall[authorize]: module "suffix" returns noop for request 0
>> rlm_eap: No EAP-Message, not doing EAP
>> modcall[authorize]: module "eap" returns noop for request 0
>> users: Matched entry DEFAULT at line 159
>> users: Matched entry DEFAULT at line 178
>> users: Matched entry DEFAULT at line 190
>>
>>
>
>You matched the users file in three seperate lines, 159, 178, and 190.
>What does your users file say on each of those lines?
>
>
>
>> modcall[authorize]: module "files" returns ok for request 0
>>radius_xlat: 'rniclh'
>>rlm_sql (sql): sql_set_user escaped user --> 'rniclh'
>>
>>
>...
>
>
>> modcall[authorize]: module "sql" returns ok for request 0
>>modcall: group authorize returns ok for request 0
>>
>>
>
>Your sql call returned OK, that means the sql part worked.
>
>
>
>> rad_check_password: Found Auth-Type System
>>auth: type "System"
>>
>>
>
>Now it just got changed to Auth-Type System. Is this from your users
>file?
>
>
>
>> Processing the authenticate section of radiusd.conf
>>modcall: entering group authenticate for request 0
>>rlm_unix: [rniclh]: invalid password
>>
>>
>
>You authenticated with the unix module, is that what you want? The user
>failed because the password did not match your /etc/passwd file.
>
>
>
>> modcall[authenticate]: module "unix" returns reject for request 0
>>modcall: group authenticate returns reject for request 0
>>auth: Failed to validate the user.
>>
>>
>
>I would look at your hints file and your users file to the lines it
>matched at - post them here if you want us to take a look at it. Also, if
>you don't want to use /etc/passwd, then disable the unix module in the
>authentication section.
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
More information about the Freeradius-Users
mailing list