Help needed with MS-CHAP
Charles Blake
charles at neutel.com
Thu Feb 23 02:49:57 CET 2006
Dear friends:
I am trying to set up a freeradius-1.1.0 server for authenticating users
using MS-CHAP passwords.
I pretend to authenticate users against shadow.
I am using the default radius.conf and users files. I have included the
microsoft dictionary in radiusclient.conf file.
radtest shows ok:
# radtest mts mypassowrd localhost 0 testing123
Sending Access-Request of id 160 to 127.0.0.1 port 1812
User-Name = "mts"
User-Password = "rfhs1229"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=160, length=20
But when I try to authenticate an user using MS-CHAP, I am getting this
output:
rad_recv: Access-Request packet from host 127.0.0.1:1027, id=5, length=146
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "mts"
MS-CHAP-Challenge = 0x6b61b1ed954a289c0fa3aebedc329ac6
MS-CHAP2-Response =
0x8f0001684e1d34295e1232edb0682bd04e6e00000000000000002caaa9579823e00501812d3e2dce9225b7dd251c02e1fd89
Calling-Station-Id = "172.16.255.11"
NAS-IP-Address = 192.168.181.254
NAS-Port = 0
Wed Feb 22 20:47:07 2006 : Debug: Processing the authorize section of
radiusd.conf
Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group authorize for
request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "chap"
returns noop for request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: Found MS-CHAP attributes.
Setting 'Auth-Type = MS-CHAP'
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "mschap"
returns ok for request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Wed Feb 22 20:47:07 2006 : Debug: rlm_realm: No '@' in User-Name =
"mts", looking up realm NULL
Wed Feb 22 20:47:07 2006 : Debug: rlm_realm: No such realm "NULL"
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "suffix"
returns noop for request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: rlm_eap: No EAP-Message, not doing EAP
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "eap" returns
noop for request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line
152
Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line
171
Wed Feb 22 20:47:07 2006 : Debug: users: Matched entry DEFAULT at line
183
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall[authorize]: module "files"
returns ok for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall: leaving group authorize (returns
ok) for request 0
Wed Feb 22 20:47:07 2006 : Debug: rad_check_password: Found Auth-Type
MS-CHAP
Wed Feb 22 20:47:07 2006 : Debug: auth: type "MS-CHAP"
Wed Feb 22 20:47:07 2006 : Debug: Processing the authenticate section of
radiusd.conf
Wed Feb 22 20:47:07 2006 : Debug: modcall: entering group MS-CHAP for
request 0
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authenticate]: calling mschap
(rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: No User-Password configured.
Cannot create LM-Password.
Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: No User-Password configured.
Cannot create NT-Password.
Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: Told to do MS-CHAPv2 for mts
with NT-Password
Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: FAILED: No NT/LM-Password.
Cannot perform authentication.
Wed Feb 22 20:47:07 2006 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response is
incorrect
Wed Feb 22 20:47:07 2006 : Debug: modsingle[authenticate]: returned from
mschap (rlm_mschap) for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall[authenticate]: module "mschap"
returns reject for request 0
Wed Feb 22 20:47:07 2006 : Debug: modcall: leaving group MS-CHAP (returns
reject) for request 0
Wed Feb 22 20:47:07 2006 : Debug: auth: Failed to validate the user.
Wed Feb 22 20:47:07 2006 : Debug: Delaying request 0 for 1 seconds
Wed Feb 22 20:47:07 2006 : Debug: Finished request 0
Wed Feb 22 20:47:07 2006 : Debug: Going to the next request
Wed Feb 22 20:47:07 2006 : Debug: --- Walking the entire request list ---
Wed Feb 22 20:47:07 2006 : Debug: Waking up in 1 seconds...
Wed Feb 22 20:47:08 2006 : Debug: --- Walking the entire request list ---
Wed Feb 22 20:47:08 2006 : Debug: Waking up in 1 seconds...
Wed Feb 22 20:47:09 2006 : Debug: --- Walking the entire request list ---
Sending Access-Reject of id 5 to 127.0.0.1 port 1027
Wed Feb 22 20:47:09 2006 : Debug: Waking up in 4 seconds...
Wed Feb 22 20:47:13 2006 : Debug: --- Walking the entire request list ---
Wed Feb 22 20:47:13 2006 : Debug: Cleaning up request 0 ID 5 with timestamp
43fd141b
Wed Feb 22 20:47:13 2006 : Debug: Nothing to do. Sleeping until we see a
request.
What I am doing wrong?
Thank you for your help,
Charles
More information about the Freeradius-Users
mailing list