CHAP Problems

Radius radius at kingmanaz.net
Mon Nov 21 23:13:06 CET 2005 

I have tried to hire someone to help with my Radius over the last 6 month's
but have not been able to get it
working correctly.

I seem to be getting answers from my MySql database but when a CHAP request
comes in, it will not authorize and ells us Auth-Type already set. The 
database
seems to be answering fine from local dialup, but when one comes in from 
over
our Level3 network it errors out and won't allow them to connect.

I can provide a major city access number if that will help anyone for
testing also.

I'm also getting the run time error that it's using my realms file, but
there is nothing in that file as instructed.

I went to 1.0.5 and things improved a little that we started seeing the
response from the MySql database
but still nothing in CHAP. I'm sure I'm missing a setting somewhere because
of the Auth-Type warning.

If someone can actually help get this running that is well versed with
FreeRadius please give me a cost or if I
need to send the config files I can also do that.

Here is my debug print out.

Thanks


Waking up in 1 seconds...
rad_recv: Access-Request packet from host 216.127.146.29:61336, id=16,
length=231
        User-Name = "awarren at surftheusa.com"
        CHAP-Password = 0x01d84611071bc09d90932c0cb55f287648
        NAS-IP-Address = 63.215.26.177
        NAS-Port = 404
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Ascend-Data-Rate = 31200
        Ascend-Calling-Id-Type-Of-Num = Unknown
        Ascend-Calling-Id-Number-Plan = Unknown
        Ascend-Xmit-Rate = 49333
        Called-Station-Id = "9283774011"
        Calling-Station-Id = "928-Deleted"
        NAS-Identifier = "nas3.2az1.Level3.net"
        Acct-Session-Id = "404029672"
        NAS-Port-Type = Async
        Ascend-NAS-Port-Format = 2_4_5_5
        Vendor-7005-Attr-12 = 0x4469616c7570555341
        Attr-102 = 0x6c33
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
  hints: Matched other at 63
  modcall[authorize]: module "preprocess" returns ok for request 14
radius_xlat:  'awarren'
rlm_sql (sql): sql_set_user escaped user --> 'awarren'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'awarren'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
FROM radcheck           WHERE Username = 'awarren'           ORDER BY id
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'awarren'           ORDER BY id'
rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
FROM radreply           WHERE Username = 'awarren'           ORDER BY id
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 14
  rlm_chap: WARNING: Auth-Type already set.  Not setting to CHAP
  modcall[authorize]: module "chap" returns noop for request 14
    rlm_realm: No '@' in User-Name = "awarren", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 14
    users: Matched entry DEFAULT at line 174
    users: Matched entry DEFAULT at line 205
  modcall[authorize]: module "files" returns ok for request 14
modcall: group authorize returns ok for request 14
  rad_check_password:  Found Auth-Type Local
  rad_check_password:  Found Auth-Type System
Warning:  Found 2 auth-types on request for user 'awarren'
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_unix: Attribute "User-Password" is required for authentication.  Cannot
use "CHAP-Password".
  modcall[authenticate]: module "unix" returns invalid for request 14
modcall: group authenticate returns invalid for request 14
auth: Failed to validate the user.
Login incorrect: [awarren/<CHAP-Password>] (from client usa1 port 404 cli
9287572602)
Delaying request 14 for 1 seconds
Finished request 14
Going to the next request



Sending Access-Reject of id 14 to 216.127.146.30:56516
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 216.127.146.30:56516, id=15,
length=231
        User-Name = "awarren at surftheusa.com"
        CHAP-Password = 0x0103a463bb5007b7eb6f49b6d4176c5386
        NAS-IP-Address = 63.215.26.177
        NAS-Port = 402
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Ascend-Data-Rate = 31200
        Ascend-Calling-Id-Type-Of-Num = Unknown
        Ascend-Calling-Id-Number-Plan = Unknown
        Ascend-Xmit-Rate = 49333
        Called-Station-Id = "9283774011"
        Calling-Station-Id = "928-deleted"
        NAS-Identifier = "nas3.2az1.Level3.net"
        Acct-Session-Id = "404029734"
        NAS-Port-Type = Async
        Ascend-NAS-Port-Format = 2_4_5_5
        Vendor-7005-Attr-12 = 0x4469616c7570555341
        Attr-102 = 0x6c33
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  hints: Matched other at 63
  modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat:  'awarren'
rlm_sql (sql): sql_set_user escaped user --> 'awarren'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'awarren'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
FROM radcheck           WHERE Username = 'awarren'           ORDER BY id
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'awarren'           ORDER BY id'
rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
FROM radreply           WHERE Username = 'awarren'           ORDER BY id
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'awarren' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 7
  rlm_chap: WARNING: Auth-Type already set.  Not setting to CHAP
  modcall[authorize]: module "chap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "awarren", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
    users: Matched entry DEFAULT at line 174
    users: Matched entry DEFAULT at line 205
  modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns ok for request 7
  rad_check_password:  Found Auth-Type Local
  rad_check_password:  Found Auth-Type System
Warning:  Found 2 auth-types on request for user 'awarren'
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_unix: Attribute "User-Password" is required for authentication.  Cannot
use "CHAP-Password".
  modcall[authenticate]: module "unix" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [awarren/<CHAP-Password>] (from client usa1 port 402 cli
9287572602)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 2 seconds...

More information about the Freeradius-Users mailing list