ntlm_auth is not used by mschap

robiwan at arcor.de robiwan at arcor.de
Thu May 4 15:13:51 CEST 2006 

----- Original Nachricht ----
Von:     Stefan Winter <stefan.winter at restena.lu>
An:      FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Datum:   04.05.2006 13:20
Betreff: Re: ntlm_auth is not used by mschap

> Hi,
> 
> you didn't state what problem you have right now. The logs send an Accept at
> 
> the end, so everything looks very fine.
> Was your mail just to let the world know that things work now, or do you
> have 
> a question?
>
Hi, 

Oh sorry, my Question is, that the Authenticator, a Cisco Catalyst 3750, do not map my XP-Client into the VLAN 40 as i defined it in the users file:

roka        Auth-Type := MS-CHAP
                 Tunnel-Type = VLAN,
                 Tunnel-Medium-Type = 6,
                 Tunnel-Private-Group-ID = 40

When the XP-Client will be authenticated via MS-CHAP, the Cisco Catalyst map my Client in VLAN 1, the default-VLAN, and NOT in VLAN 40.

When i authenticate with Auth-Type := Local

roka            Auth-Type := Local, User-Password = "Gerti1000"
                Tunnel-Type = VLAN,
                Tunnel-Medium-Type = 6,
                Tunnel-Private-Group-ID = 40

it works, as you can see the output from radtest:

Debian:~# radtest roka Gerti1000 localhost 1645 testing123
Sending Access-Request of id 0 to 127.0.0.1 port 1812
        User-Name = "roka"
        User-Password = "Gerti1000"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1645
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=0, length=36
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "40"

Here is the output from the radiusd:

rad_recv: Access-Request packet from host 127.0.0.1:1024, id=72, length=56
        User-Name = "roka"
        User-Password = "Gerti1000"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1645
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
  modcall[authorize]: module "preprocess" returns ok for request 13
  modcall[authorize]: module "chap" returns noop for request 13
  modcall[authorize]: module "mschap" returns noop for request 13
    rlm_realm: No '@' in User-Name = "roka", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 13
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 13
    users: Matched entry roka at line 82
  modcall[authorize]: module "files" returns ok for request 13
modcall: leaving group authorize (returns ok) for request 13
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [roka/Gerti1000] (from client localhost port 1645)
Sending Access-Accept of id 72 to 127.0.0.1 port 1024
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "40"
Finished request 13
Going to the next request


Thanks in advance...

Robert



Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur  44,85 €  inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2

More information about the Freeradius-Users mailing list