chap rlm_sql authentication problem

Andrew Long along at escapewire.com
Thu Mar 29 18:28:23 CEST 2007 

I am adding a new MSC to our list of clients and trying to verify the config with -X and ntradping.
I keep getting rejected. 

I have the following in clients.conf:
 client 192.168.10.100 (MY LAPTOP IP FOR NOW) {
	secret = HIEg at l1er1a
	shortname = cn3200_hiegalleria
	nastype = other

In NTRADPING, I am using:
 username: bufhiegall_cn3200
 secret: HIEg at l1er1a
 password: password1 (same as in radius.radcheck)

I note the "could not find clear text password" at bottom of reply, but am not sure why this is so;
The password is present in radcheck.

The -X out put is as follows:

rad_recv: Access-Request packet from host 192.168.10.100:49424, id=11, length=58
        User-Name = "bufhiegall_cn3200"
        CHAP-Password = 0x8f98ab538676182e04964979e34fbc0580
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "bufhiegall_cn3200", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
radius_xlat:  'bufhiegall_cn3200'
rlm_sql (sql): sql_set_user escaped user --> 'bufhiegall_cn3200'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = 'bufhiegall_cn3200'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'bufhiegall_cn3200' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'bufhiegall_cn3200'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'bufhiegall_cn3200' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): No matching entry in the database for request from user [bufhiegall_cn3200]
  modcall[authorize]: module "sql" returns notfound for request 0
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "noresetcounter" returns noop for request 0
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "dailycounter" returns noop for request 0
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 0
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "daypasscounter" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
  rlm_chap: login attempt by "bufhiegall_cn3200" with CHAP password
  rlm_chap: Could not find clear text password for user bufhiegall_cn3200
  modcall[authenticate]: module "chap" returns invalid for request 0
modcall: leaving group CHAP (returns invalid) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 11 to 1

I have run all the queries manually on the server, and they all return results as 
expected (except the query to radgroupreply, as there is nothing configured there).


Regards,

Andrew Long


****** CONFIDENTIALITY NOTICE ******
NOTICE: This e-mail message and all attachments transmitted with it may contain legally 
privileged and confidential information intended solely for the use of the addressee. If the 
reader of this message is not the intended recipient, you are hereby notified that any reading, 
dissemination, distribution, copying, or other use of this message or its attachments is strictly 
prohibited. If you have received this message in error, please notify the sender immediately 
and delete this message from your system. Thank you.

More information about the Freeradius-Users mailing list