freeradius + pptp + mysql
Michael Gale
michael.gale at pason.com
Tue May 2 05:59:15 CEST 2006
Hello,
I have it working I believe, more testing is required but so far
everything seems good.
Most of the docs I have come across say to set Auth-Type to Local or
something in the mysql database.
I came across the following post by Alan DeKok:
http://lists.cistron.nl/pipermail/freeradius-users/2004-September/036643.html
Where he suggest removing the entry - once I did that everything worked.
Michael
Michael Gale wrote:
> Hello,
>
> Ok, I removed freeradius and re-installed the package. The only
> configuration changes I made where:
>
> username and password in sql.conf
> Uncommented sql options in radius.conf
>
> I also add the dictionary.mirosoft file to the /etc/radiusclient/
> directory as I came across a document that said to do so.
>
> I am still receiving the same error as before, in the mysql database I
> have:
> mysql> select * from radcheck;
> +----+----------+-----------+----+----------+
> | id | UserName | Attribute | op | Value |
> +----+----------+-----------+----+----------+
> | 1 | testuser | Password | == | testpass |
> +----+----------+-----------+----+----------+
> 1 row in set (0.00 sec)
>
> mysql> select * from radgroupcheck;
> +----+-----------+-----------+----+-------+
> | id | GroupName | Attribute | op | Value |
> +----+-----------+-----------+----+-------+
> | 1 | static | Auth-Type | := | Local |
> +----+-----------+-----------+----+-------+
> 1 row in set (0.00 sec)
>
> mysql> select * from usergroup;
> +----+----------+-----------+
> | id | UserName | GroupName |
> +----+----------+-----------+
> | 1 | testuser | static |
> +----+----------+-----------+
>
> Any hints would be appreciated, thanks.
>
> Michael
>
>
>
> Alan DeKok wrote:
>
>> Michael Gale <michael.gale at pason.com> wrote:
>>
>>> My client is a XP Pro laptop using MS-CHAP v2 I believe
>>
>>
>>
>> Nope. It's not sending MS-CHAP in the request packet.
>>
>>
>>> I have followed the documents from the following locations:
>>> http://poptop.sourceforge.net/dox/radius_mysql.html
>>> http://www.frontios.com/freeradius.html
>>
>>
>>
>> And heavily edited the standard configurations files, probably.
>>
>> Please don't. The standard configuration is there for a reason: it
>> works.
>>
>>
>>> modcall[authorize]: module "mschap" returns noop for request 0
>>
>>
>>
>> That works, at least. The server isn't trying to do MS-CHAP.
>>
>>
>>> modcall: entering group Auth-Type for request 0
>>> rlm_mschap: No MS-CHAP-Challenge in the request
>>
>>
>>
>> This only happens if you force MS-CHAP authentication. Don't.
>> You've probably added entries in SQL to force "Auth-Type = MS-CHAP".
>> Don't.
>>
>> And the request is unhelpful:
>>
>>
>>> rad_recv: Access-Request packet from host 127.0.0.1:32804, id=83,
>>> length=65
>>> Service-Type = Framed-User
>>> Framed-Protocol = PPP
>>> User-Name = "testuser"
>>> Calling-Station-Id = "10.10.0.3"
>>> NAS-IP-Address = 127.0.0.1
>>> NAS-Port = 0
>>
>>
>>
>> There's no password or MS-CHAP attributes in it. The request cannot
>> be authenticated.
>>
>> Use the standard FreeRADIUS config files. They work. Make pptp
>> send MS-CHAP attributes.
>>
>> Alan DeKok.
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list