FreeRadius IRC...
Evan Vittitow
evan at terralab.com
Sat Jan 13 22:55:50 CET 2007
>
> I posted an idea and you decided not to reply to my questions !
>
> I suspect that your VPN server doesn't know Microsoft Radius
> attributes and refuses to send them to the radius server. I've tested
> a bad setup (lack of Microsoft radius dictionary), and I get the same
> radiusd -X debug log: no MS-CHAP Challenge in the request...
I've ensured thet /etc/radiusclient/ and /etc/raddb have the same
dictionary. (dictionary and dictionary.microsoft,.)
>
> I asked "have you checked possible error messages in /var/log/messages
> " on the vpn server ?
> To be more specific, look for the following lines in you log file:
> " rc_avpair_new: unknown attribute"
>
No such error messages appear on my Radius Server. I had them once when
I tried to change the dictionary to the one in /usr/share/freeradius,
but I imported the official dictionary.microsoft one and they went away.
> If you see such lines it might be that your radiusclient library (used
> by the PPPd plugin on your VPN server) doesn't understand the
> Microsoft attributes (for instance the MS-CHAP Challenge). Thus, the
> PPPd radius plugin doesn't send these attributes that are required for
> Freeradius to do MS-CHAP authentication.
>
> Could you really check that your dictionnary file on the VPN server
> side contains a line like:
> INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft
>
> and check the content of this file...
>
> HTH,
> Thibault
I found A possible culprit.
Jan 13 16:54:41 kurama pppd[11364]: rc_avpair_new: unknown attribute 11
Jan 13 16:54:41 kurama pppd[11364]: rc_avpair_new: unknown attribute 25
More information about the Freeradius-Users
mailing list