chap rlm_sql authentication problem

Andrew Long along at escapewire.com
Fri Mar 30 16:22:09 CEST 2007


> > Now we're taking a step back because I tried changing the 
> username on 
> > the NAS and in the SQL and can no longer authenticate with 
> :( NTRADPING.
> 
>   Why use ntradping?  Use radclient.

I will in the future, but I'm in mid-stream here...

>   And you're using CHAP... which is why it doesn't match.
> 
> > --------------------------------------------------------------
> > 1176	hiegalleria_cn3200	password	
> PASSWORD_HERE	==
> > --------------------------------------------------------------
> 
>   Change the attribute name to Cleartext-Password, and the 
> operator to ":=".

I have about 20 other NAS's using this identical configuration and they all
authenticate...

>   See "man users" for an explanation of the operators.  
> You're comparing the value to the User-Password in the 
> request (which doesn't exist).
> So... the comparison fails.

Just for giggles, I restored the username to the old one in
radcheck/radreply and
in my ntradping request... and it authenticated properly. Can you explain
this?
This was done without making any changes to the operator or attribute.

Andrew





More information about the Freeradius-Users mailing list