HELP ME: FAILED: MS-CHAP2-Response is incorrect

hyunok jinjusi at Kornet.net
Sat Sep 1 14:31:33 CEST 2007 

Hello,

I have a freeradius 1.1.7 server setup with ppp and pptp using a mysql 
DB for user authentication.

--with-mysql-lib-dir=/usr/lib/mysql 
--with-mysql-include-dir=/usr/include/mysql 

rpmbuild -bb redhat/freeradius.spec
rpm -Uvh freeradius-1.1.7-0.i386.rpm
rpm -Uvh freeradius-debuginfo-1.1.7-0.i386.rpm
-------------------------------------------------------------
options.pptpd
refuse-pap
refuse-chap
refuse-mschap
#require-mppe-128  <==disable
require-mschap-v2

plugin radius.so
radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
plugin radattr.so

-------------------------------------------------------------
radiusd.conf 

use_mppe = no  

authorize {
    preprocess
    chap
     mschap
     suffix
    eap
    files
    sql
     pap
   }

accounting {
   unix
   radutmp
   sql
   }

-------------------------------------------------------------

Here is my debug output:


Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32981, id=154, length=151
--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "testuser"
        MS-CHAP-Challenge = 0x46dec3e9097bc536b786971f662d900d
        MS-CHAP2-Response = 0xf80040b7092f930cb6002b55b7e1d2e1998900000000000000009c17dfe89020dea63a8232e83dffe3600e77bc95a87b1918
        Calling-Station-Id = "12x.xx.xx.xx"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
  modcall[authorize]: module "mschap" returns ok for request 0
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
    users: Matched entry DEFAULT at line 184
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'testuser'
rlm_sql (sql): sql_set_user escaped user --> 'testuser'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = 'testuser'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'testuser'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
  rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 0
modcall: leaving group MS-CHAP (returns reject) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 127.0.0.1:32981, id=154, length=151
Sending Access-Reject of id 154 to 127.0.0.1 port 32981
--- Walking the entire request list ---
Cleaning up request 0 ID 154 with timestamp 46d95613
Nothing to do.  Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070901/095f0516/attachment.html>

More information about the Freeradius-Users mailing list