Freeradius - Cisco L2TP Tunnel - Authentication problem.

Tony Spencer tony at games-master.co.uk
Fri Feb 17 21:55:50 CET 2006


Yes I'm beginning to think it is.

The Cisco just will not send Chap authentication to the radius server.
I'm wondering if that's because the Radius Proxy it's getting it's request
from is sending PAP and not Chap. Something I need to speak to them about,
on Monday now..

The radiusd -X looks like this:

###
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: Looking up realm "dsl.adslco.com" for User-Name =
"01543677236 at dsl.adslco.com"
    rlm_realm: No such realm "dsl.adslco.com"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 3
    users: Matched DEFAULT at 152
    users: Matched DEFAULT at 171
    users: Matched DEFAULT at 183
  modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns ok for request 3
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  modcall[authenticate]: module "unix" returns notfound for request 3
modcall: group authenticate returns notfound for request 3
auth: Failed to validate the user.
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request

###

This was before I started changing things.
But as I said since the Cisco won't send Chap, I think that's the cause of
my problem.
However I do have a work around, but making "Auth-Type = Accept" on each
user. Since it's mainly DSL traffic the only realm we're ever be sent is our
own, and we can easily disable uses with the Reject setting if needbe.

Thanks anyway.
Tony


-----Original Message-----
From: freeradius-users-bounces+tony=games-master.co.uk at lists.freeradius.org
[mailto:freeradius-users-bounces+tony=games-master.co.uk at lists.freeradius.or
g] On Behalf Of Lewis Bergman
Sent: 17 February 2006 13:44
To: FreeRadius users mailing list
Subject: Re: Freeradius - Cisco L2TP Tunnel - Authentication problem.

Tony Spencer wrote:
> No matter what we put into the Cisco config it still uses PAP, even 
> telling it to refuse PAP.
Sounds more like a cisco issue than freeradius. What does radius -X look 
like?

-- 
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-3301
Cell 325-439-0533
fax  325-695-6841
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list