rlm_perl with WinXP MS-CHAP clients ?
Michael Gale
michael.gale at pason.com
Wed Sep 20 21:38:00 CEST 2006
Hello,
I have a freeradius 1.0.X server setup with ppp and pptp using a mysql
DB for user authentication.
Here I assign static IP's and users to groups. We wish to use rlm_perl
instead of the sql module so we can authenticate the users against a in
house application.
I have build freeradius 1.1.3 from source and it seems to work however
since the client is WinXP and the auth type is MS-CHAP it seems to be
calling the mschap section under authentication and then exiting.
Here is my debug output:
rad_recv: Access-Request packet from host 127.0.0.1:32768, id=51, length=141
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "baduser"
MS-CHAP-Challenge = 0x0c09ad640ce7275613b8a0dd51d2f4c6
MS-CHAP2-Response =
0x630065cbdfea16f542fbda8cdc65d7fd30930000000000000000ca32eebf6779cfb34001c39530a93ea7f5aebd54eea79f2b
Calling-Station-Id = ".271"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 0
rlm_realm: No '@' in User-Name = "baduser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 155
users: Matched entry DEFAULT at line 173
users: Matched entry DEFAULT at line 185
modcall[authorize]: module "files" returns ok for request 0
perl_pool: item 0x9d5ad20 asigned new request. Handled so far: 1
found interpetator at address 0x9d5ad20
rlm_perl: MG RAD_REQUEST: Service-Type = Framed-User
rlm_perl: MG RAD_REQUEST: Calling-Station-Id = .271
rlm_perl: MG RAD_REQUEST: MS-CHAP-Challenge =
0x0c09ad640ce7275613b8a0dd51d2f4c6
rlm_perl: MG RAD_REQUEST: Client-IP-Address = 127.0.0.1
rlm_perl: MG RAD_REQUEST: Framed-Protocol = PPP
rlm_perl: MG RAD_REQUEST: User-Name = baduser
rlm_perl: MG RAD_REQUEST: MS-CHAP2-Response =
0x630065cbdfea16f542fbda8cdc65d7fd30930000000000000000ca32eebf6779cfb34001c39530a93ea7f5aebd54eea79f2b
rlm_perl: MG RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: MG RAD_REQUEST: NAS-Port = 0
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = MS-CHAP
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9d5ad20
modcall[authorize]: module "perl" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for baduser with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 0
modcall: leaving group MS-CHAP (returns reject) for request 0
auth: Failed to validate the user.
Login incorrect: [baduser/<no User-Password attribute>] (from client
localhost port 0 cli .271)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 51 to 127.0.0.1 port 32768
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 51 with timestamp 451194b6
Nothing to do. Sleeping until we see a request.
--
Michael Gale
Red Hat Certified Engineer
Network Administrator
Pason Systems Corp.
More information about the Freeradius-Users
mailing list