freeradius + pptp + mysql

Michael Gale michael.gale at pason.com
Tue May 2 05:17:22 CEST 2006 

Hello,

	Ok, I removed freeradius and re-installed the package. The only 
configuration changes I made where:

username and password in sql.conf
Uncommented sql options in radius.conf

I also add the dictionary.mirosoft file to the /etc/radiusclient/ 
directory as I came across a document that said to do so.

I am still receiving the same error as before, in the mysql database I have:
mysql> select * from radcheck;
+----+----------+-----------+----+----------+
| id | UserName | Attribute | op | Value    |
+----+----------+-----------+----+----------+
|  1 | testuser | Password  | == | testpass |
+----+----------+-----------+----+----------+
1 row in set (0.00 sec)

mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------+----+-------+
|  1 | static    | Auth-Type | := | Local |
+----+-----------+-----------+----+-------+
1 row in set (0.00 sec)

mysql> select * from usergroup;
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
|  1 | testuser | static    |
+----+----------+-----------+

Any hints would be appreciated, thanks.

Michael



Alan DeKok wrote:
> Michael Gale <michael.gale at pason.com> wrote:
> 
>>My client is a XP Pro laptop using MS-CHAP v2 I believe
> 
> 
>   Nope.  It's not sending MS-CHAP in the request packet.
> 
> 
>>I have followed the documents from the following locations:
>>http://poptop.sourceforge.net/dox/radius_mysql.html
>>http://www.frontios.com/freeradius.html
> 
> 
>   And heavily edited the standard configurations files, probably.
> 
>   Please don't. The standard configuration is there for a reason: it
> works.
> 
> 
>>   modcall[authorize]: module "mschap" returns noop for request 0
> 
> 
>   That works, at least.  The server isn't trying to do MS-CHAP.
> 
> 
>>modcall: entering group Auth-Type for request 0
>>   rlm_mschap: No MS-CHAP-Challenge in the request
> 
> 
>   This only happens if you force MS-CHAP authentication.  Don't.
> You've probably added entries in SQL to force "Auth-Type = MS-CHAP".
> Don't.
> 
>   And the request is unhelpful:
> 
> 
>>rad_recv: Access-Request packet from host 127.0.0.1:32804, id=83, length=65
>>         Service-Type = Framed-User
>>         Framed-Protocol = PPP
>>         User-Name = "testuser"
>>         Calling-Station-Id = "10.10.0.3"
>>         NAS-IP-Address = 127.0.0.1
>>         NAS-Port = 0
> 
> 
>   There's no password or MS-CHAP attributes in it.  The request cannot
> be authenticated.
> 
>     Use the standard FreeRADIUS config files.  They work.  Make pptp
> send MS-CHAP attributes.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list