help on pppd chap authorize by freeradius

Alexandru Matei alex at qb.ro
Thu Nov 16 08:18:45 CET 2006


Yes,
The problem was only the dictionary. In the default dictionary there was 
no "atribute 60"
The problem is solved
Thank you
Alex

debik wrote:

> The problem is in atribute 60. Compare yor dictionarys.
>
> ----- Original Message ----- From: "Alexandru Matei" <alex at qb.ro>
> To: "FreeRadius users mailing list" 
> <freeradius-users at lists.freeradius.org>
> Sent: Wednesday, November 15, 2006 4:57 PM
> Subject: help on pppd chap authorize by freeradius
>
>
>> Hi,
>> I encounter an chap authorization problem using pppoe3.8, ppp 2.4.4b1 
>> and Freeradius 1.1.3.
>> The relevant logs are:
>>
>> PPP dump:
>>
>> Nov 15 17:43:29 localhost pppd[7486]: rcvd [LCP ConfReq id=0x2 <magic 
>> 0x1b31752> <pcomp> <accomp> <callback CBCP>] 00 00 00 00 00 00 00 00 
>> 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Nov 15 17:43:29 localhost pppd[7486]: sent [LCP ConfRej id=0x2 
>> <pcomp> <accomp> <callback CBCP>]
>> Nov 15 17:43:29 localhost pppd[7486]: rcvd [LCP ConfReq id=0x3 <magic 
>> 0x1b31752>] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
>> 00 00 00 00 00 00 00 00 00
>> Nov 15 17:43:29 localhost pppd[7486]: sent [LCP ConfAck id=0x3 <magic 
>> 0x1b31752>]
>> Nov 15 17:43:29 localhost pppd[7486]: sent [LCP EchoReq id=0x0 
>> magic=0xbe000118]
>> Nov 15 17:43:29 localhost pppd[7486]: sent [CHAP Challenge id=0x2 
>> <dd114655881b93c9111ba4122068632faa63f98d>, name = "localhost"]
>> Nov 15 17:43:29 localhost pppd[7486]: rcvd [CHAP Response id=0x2 
>> <3e7ffb922fcba977f3dc8c2418d7dec2>, name = "test1"] 00 00 00 00 00 00 
>> 00 00 00 00 00 00
>> Nov 15 17:43:29 localhost pppd[7486]: rc_avpair_new: unknown 
>> attribute 60
>> Nov 15 17:43:31 localhost pppd[7486]: Peer test1 failed CHAP 
>> authentication
>> Nov 15 17:43:31 localhost pppd[7486]: sent [CHAP Failure id=0x2 ""]
>> Nov 15 17:43:31 localhost pppd[7486]: sent [LCP TermReq id=0x2 
>> "Authentication failed"]
>> Nov 15 17:43:31 anton pppd[7486]: rcvd [LCP TermAck id=0x2] 00 00 00 
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
>> 00 00 00 00 00 00 ...
>> Nov 15 17:43:31 anton pppd[7486]: Connection terminated.
>> Nov 15 17:43:31 anton pppoe-server[7171]: Sent PADT
>>
>> Freeradius log
>>
>> rad_recv: Access-Request packet from host 127.0.0.1:32769, id=64, 
>> length=89
>>        Service-Type = Framed-User
>>        Framed-Protocol = PPP
>>        User-Name = "test1"
>>        CHAP-Password = 0x023e7ffb922fcba977f3dc8c2418d7dec2
>>        Calling-Station-Id = "00:20:18:8E:6C:0E"
>>        NAS-IP-Address = 127.0.0.1
>>        NAS-Port = 0
>>  Processing the authorize section of radiusd.conf
>> .....
>>  modcall[authorize]: module "sql" returns ok for request 1
>> modcall: leaving group authorize (returns ok) for request 1
>>  rad_check_password:  Found Auth-Type CHAP
>> auth: type "CHAP"
>>  Processing the authenticate section of radiusd.conf
>> modcall: entering group CHAP for request 1
>>  rlm_chap: login attempt by "test1" with CHAP password
>>  rlm_chap: Using clear text password password for user test1 
>> authentication.
>>  rlm_chap: Pasword check failed
>>  modcall[authenticate]: module "chap" returns reject for request 1
>> modcall: leaving group CHAP (returns reject) for request 1
>> auth: Failed to validate the user.
>>
>> Altough I can obtain authorization using:
>>
>> [root at localhost]# echo "User-Name = test1, CHAP-Password=password" | 
>> radclient localhost auth password
>> Received response ID 100, code 2, length = 62
>>        Framed-Compression = None
>>        Service-Type = Framed-User
>>        Framed-IP-Address = 193.226.57.105
>>        Framed-IP-Netmask = 255.255.255.0
>>        Framed-MTU = 1492
>>        Framed-Protocol = PPP
>>        Port-Limit = 1
>>
>> Do anyone encounter the same problem?
>>
>> I can add that chap fails with all ppp versions (>=2.4.2)
>> Thank you,
>>
>> Alex
>>
>>
>>
>>
>> - List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html 
>
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list