PAP ok No Chap new Installation. Dusty Here's the info requested......

Radius radius at kingmanaz.net
Thu Jul 7 09:31:09 CEST 2005


Dusty Doris wrote:

 >> The only part the does not work is the chap authentication all other
 >> authentication works as it should. Our wholesale provider says we are
 >> doing PAP just fine but no chap. They had very old instructions for
 >> Freeradius but decided to start out with a totally clean install.
 >>
 >> This user below is in mysql database, and the system passwd/shadow 
files.
 >>
 >> He will not authenticate with the mysql database when we include a realm
 >> @domain
 >> and chap password.
 >>
 >> It gets the slipstream false from the database so I'm not sure why it
 >> won't authenticate
 >> the rest.
 >>
 >> Thread 1 handling request 0, (1 handled so far)
 >>    User-Name = "rniclh at surftheusa.com"
 >>    User-Password = "test123"
 >>    NAS-IP-Address = 255.255.255.255
 >>    NAS-Port = 100
 >>  
 >
 >
 > I don't see a CHAP password in there.
 >
 > 
 >
 >>  Processing the authorize section of radiusd.conf
 >> modcall: entering group authorize for request 0
 >>  hints: Matched other at 80
 >>  
 >
 >
 > You matched on the hints file on line 80 - what does your hints file say?
 >
 > 
 >
DEFAULT    Suffix == ".ppp", Strip-User-Name = Yes
   Hint = "PPP",
   Service-Type = Framed-User,
   Framed-Protocol = PPP

DEFAULT    Suffix == ".slip", Strip-User-Name = Yes
   Hint = "SLIP",
   Service-Type = Framed-User,
   Framed-Protocol = SLIP

DEFAULT    Suffix == ".cslip", Strip-User-Name = Yes
   Hint = "CSLIP",
   Service-Type = Framed-User,
   Framed-Protocol = SLIP,
   Framed-Compression = Van-Jacobson-TCP-IP

other    Suffix == "@surftheusa.com", Strip-User-Name = Yes
   Hint = "PPP",
   Service-Type = Framed-User,
   Framed-Protocol = PPP
 

 >>  modcall[authorize]: module "preprocess" returns ok for request 0
 >>  modcall[authorize]: module "attr_filter" returns noop for request 0
 >>  modcall[authorize]: module "chap" returns noop for request 0
 >>    rlm_realm: No '@' in User-Name = "rniclh", skipping NULL due to 
config.
 >>  modcall[authorize]: module "suffix" returns noop for request 0
 >>  rlm_eap: No EAP-Message, not doing EAP
 >>  modcall[authorize]: module "eap" returns noop for request 0
 >>    users: Matched entry DEFAULT at line 159
 >>    users: Matched entry DEFAULT at line 178
 >>    users: Matched entry DEFAULT at line 190
 >>  
 >
 >
 > You matched the users file in three seperate lines, 159, 178, and 190.
 > What does your users file say on each of those lines?
 >
 > 
 >
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT    Auth-Type == System
   Fall-Through = 1

# Defaults for all framed connections.
#
DEFAULT    Service-Type == Framed-User
   Framed-IP-Address = 255.255.255.254,
   Framed-MTU = 576,
   Service-Type = Framed-User,
   Fall-Through = Yes

#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
#    by the terminal server in which case there may not be a "P" suffix.
#    The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT    Framed-Protocol == PPP
   Framed-Protocol = PPP,
   Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT    Hint == "CSLIP"
   Framed-Protocol = SLIP,
   Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT    Hint == "SLIP"
   Framed-Protocol = SLIP

 >>  modcall[authorize]: module "files" returns ok for request 0
 >> radius_xlat:  'rniclh'
 >> rlm_sql (sql): sql_set_user escaped user --> 'rniclh'
 >>  
 >
 > ...
 > 
 >
 >>  modcall[authorize]: module "sql" returns ok for request 0
 >> modcall: group authorize returns ok for request 0
 >>  
 >
 >
 > Your sql call returned OK, that means the sql part worked.
 >
 > 
 >
 >>  rad_check_password:  Found Auth-Type System
 >> auth: type "System"
 >>  
 >
 >
 > Now it just got changed to Auth-Type System.  Is this from your users
 > file?
 >
 > 
 >
 >>  Processing the authenticate section of radiusd.conf
 >> modcall: entering group authenticate for request 0
 >> rlm_unix: [rniclh]: invalid password
 >>  
 >
 >
 > You authenticated with the unix module, is that what you want?  The user
 > failed because the password did not match your /etc/passwd file.
 >
 > 
 >
 >>  modcall[authenticate]: module "unix" returns reject for request 0
 >> modcall: group authenticate returns reject for request 0
 >> auth: Failed to validate the user.
 >>  
 >
 >
 > I would look at your hints file and your users file to the lines it
 > matched at - post them here if you want us to take a look at it.  
Also, if
 > you don't want to use /etc/passwd, then disable the unix module in the
 > authentication section.
 >
 >
 > - List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
 >
 >
 > 
 >

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list