Need help

Frank Winkler frank at riess.de
Mon Nov 5 11:02:20 CET 2007 

Alan DeKok wrote:

  >Why have you massively edited the debug output?

I haven't - I just censored the password, that's all! But in fact, it seems 
that I forgot one occurance :( ...

  >> The password is displayed in plain text.
  >
  >Which password?  Could you explain which part of the edited output you
  >refer to?

The "XXX" above.

  >In any case, what little you've posted shows that the client is
  >sending a PAP authentication request.  Are you sure that you have
  >configured the server to do PAP authentication using NT-hashed

I have tried PAP and CHAP - how do I tell him about NT-hashes? I think 
that's exactly where it fails.

  >passwords?  The debug output you've posted conveniently deletes EVERY
  >REFERENCE TO THE AUTHENTICATION PROCESS.

That's ll I get! But you're right ... I remember that there was much more 
output when I tried it the last time. Oops, I accidentally typed "-x" 
instead of "-X".

Here we go again:


Ready to process requests.

rad_recv: Access-Request packet from host 127.0.0.1:63689, id=86, length=57
         User-Name = "fwvpn"
         User-Password = "XXX"
         NAS-IP-Address = 255.255.255.255
         NAS-Port = 10
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: 
'/opt/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20071105'
rlm_detail: 
/opt/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to 
/opt/freeradius/var/log/radius/radacct/127.0.0.1/auth-detail-20071105
   modcall[authorize]: module "auth_log" returns ok for request 0
   modcall[authorize]: module "chap" returns noop for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
   rlm_eap: No EAP-Message, not doing EAP
   modcall[authorize]: module "eap" returns noop for request 0
     users: Matched entry DEFAULT at line 100
   modcall[authorize]: module "files" returns ok for request 0
try to find in file
rlm_passwd: Added LM-Password: '624AAC413795CDC1AAD3B435B51404EE' to 
config_items
rlm_passwd: Added NT-Password: 'C5A237B7E9D8E708D8436B6148A25FA1' to 
config_items
try to find in file
   modcall[authorize]: module "radpasswd" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
   rad_check_password:  Found Auth-Type System
auth: type "System"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
   modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [fwvpn/XXX] (from client localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 86 to 127.0.0.1 port 63689
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 86 with timestamp 472ee8ce
Nothing to do.  Sleeping until we see a request.


"Auth-Type System" sounds like the culprit ... but I can't find that in 
radiusd.conf.

TIA

	fw

More information about the Freeradius-Users mailing list