Strange CHAP/PAP issue (Version 1.1.6)[sic!]

Wojciech Ziniewicz wojtek at cebit.com.pl
Wed Sep 26 01:51:54 CEST 2007 

Hello all,

I have a small (about 400 users) network based on pppoe with freeradius
authentication.
For the last few days I am trying to switch to CHAP authentication.
I've made proper changes to radiusd.conf and pppoe-server to demand CHAP
auth from users and here's what I get.

Here's what we've got in the database :

RADCHECK :

TEST  	Cleartext-password  	:=  	TEST987
TEST 	Auth-Type 	:= 	CHAP
TEST 	Password 	== 	TEST987

READREPLY:

TEST  	Service-Type  	=  	Framed
TEST 	Framed-Compression 	= 	Van-Jacobson-TCP-IP
TEST 	Framed-MTU 	= 	1492
TEST 	Framed-IP-Netmask 	= 	255.255.255.0
TEST 	Framed-IP-Address 	= 	10.100.2.156
TEST 	Framed-Protocol 	= 	ppp
TEST 	Auth-Type 	:= 	CHAP
TEST 	Password 	== 	TEST987

And the error is :

a) here's the fragment from the syslog :

Sep 26 01:34:37 beta pppd[5311]: Connect: ppp44 <--> eth2
Sep 26 01:34:37 beta pppd[5311]: rc_avpair_new: unknown attribute 60
Sep 26 01:34:47 beta pppd[5311]: Peer TEST failed CHAP authentication

b) And fragment from the radius debug mode :

rad_recv: Access-Request packet from host 127.0.0.1:3458, id=144, length=88
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "TEST"
        CHAP-Password = 0xdf6fe5d7a573bff814452731ef01f044df
        Calling-Station-Id = "00:E0:91:14:52:C3"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "attr_filter" returns noop for request 3
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 3
radius_xlat:  'TEST'
rlm_sql (sql): sql_set_user escaped user --> 'TEST'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'TEST' and access=1 ?  ORDER BY id '
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  ''
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'TEST'           ORDER BY id '
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 1
  modcall[authorize]: module "sql" returns ok for request 3
modcall: leaving group authorize (returns ok) for request 3
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 3
  rlm_chap: login attempt by "TEST" with CHAP password
  rlm_chap: Using clear text password "TEST987" for user TEST authentication.
  rlm_chap: Password check failed
  modcall[authenticate]: module "chap" returns reject for request 3
modcall: leaving group CHAP (returns reject) for request 3
auth: Failed to validate the user.
Login incorrect (rlm_chap: Wrong user password): [TEST/<CHAP-Password>]
(from client localhost port 8 cli 00:E0:91:14:52:C3)
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request

--------------
Any ideas ?

Thanks a lot for your time and HELP!

regards
WZ

-- 
Pozdrawiam,
Wojciech Ziniewicz
Administrator Cebit

More information about the Freeradius-Users mailing list