Problem about "Chap-Password" and "User-Password"

Kun Niu haoniukun at gmail.com
Fri Jun 30 09:37:44 CEST 2006


Dear all,

I've just installed freeradius 1.0.2 on my debian3.1 system.
I've got two radius clients.
One can be authorized normally and the other one failed to be authorized.

Here's my log.
Would anyone be kind enough to analyze it for me?
Thanks in advance and any help would be appreciated.

The failing one:

rad_recv: Access-Request packet from host 192.168.1.2:1026, id=199, length=239
	User-Name = "abc"
	Service-Type = Login-User
	NAS-Port-Type = Ethernet
	NAS-IP-Address = 192.168.1.2
	WISPr-Logoff-URL = "https://10.10.10.1/logout.user"
	WISPr-Location-Name = "GEMTEK_SYSTEMS,Terminal_Worldwide"
	WISPr-Location-ID = "isocc=us,cc=1,ac=408,network=GEMTEK_SYSTEMS"
	Framed-IP-Address = 10.10.10.10
	Calling-Station-Id = "0060B325AB48"
	Called-Station-Id = "00904BBDFAD0"
	Acct-Session-Id = "44A4C9148546"
	User-Password = "Ye~\2409"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "abc", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 1
radius_xlat:  'abc'
rlm_sql (sql): sql_set_user escaped user --> 'abc'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'abc' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'abc' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): No matching entry in the database for request from user [abc]
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns notfound for request 1
modcall: group authorize returns ok for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  modcall[authenticate]: module "unix" returns notfound for request 1
modcall: group authenticate returns notfound for request 1
auth: Failed to validate the user.
  WARNING: Unprintable characters in the password. ?  Double-check the
shared secret on the server and the NAS!
Delaying request 1 for 1 seconds
Finished request 1

The successful one:

rad_recv: Access-Request packet from host 192.168.1.1:32812, id=0, length=84
	User-Name = "abc"
	CHAP-Password = 0x04f97271e7e12220a7f6397cc15a62f7e2
	NAS-IP-Address = 192.168.1.1
	Acct-Session-Id = "5b010000"
	NAS-Port = 3
	CHAP-Challenge = 0x00ac45bdd7e79c6af29ee0b413c874a8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "abc", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 2
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 2
radius_xlat:  'abc'
rlm_sql (sql): sql_set_user escaped user --> 'abc'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'abc' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'abc' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 2
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'abc'
rlm_sql (sql): sql_set_user escaped user --> 'abc'
radius_xlat:  'INSERT into radpostauth (id, user, pass, reply, date)
values ('', 'abc', 'Chap-Password', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id,
user, pass, reply, date) values ('', 'abc', 'Chap-Password',
'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
  modcall[post-auth]: module "sql" returns ok for request 2
modcall: group post-auth returns ok for request 2
Sending Access-Accept of id 0 to 192.168.1.1:32812
	NAS-IP-Address := 255.255.255.255
Finished request 2

Sincerely,
Kun



More information about the Freeradius-Users mailing list