Strange CHAP/PAP issue (Version 1.1.6)[sic!]

Wojciech Ziniewicz wojtek at cebit.com.pl
Wed Sep 26 02:14:56 CEST 2007 

Hi again!

Now , after deleting theese lines :

(
>> TEST 	Auth-Type 	:= 	CHAP
>> TEST 	Password 	== 	TEST987
)

I've got the following :

rlm_sql (sql): No matching entry in the database for request from user [TEST]
  modcall[authorize]: module "sql" returns notfound for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
  rlm_chap: login attempt by "TEST" with CHAP password
  rlm_chap: Could not find clear text password for user TEST
  modcall[authenticate]: module "chap" returns invalid for request 0
modcall: leaving group CHAP (returns invalid) for request 0

Then after changing the operator to ":=" I've got again :

rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
  rlm_chap: login attempt by "TEST" with CHAP password
  rlm_chap: Using clear text password "TEST987" for user TEST authentication.
  rlm_chap: Password check failed
  modcall[authenticate]: module "chap" returns reject for request 0
modcall: leaving group CHAP (returns reject) for request 0
auth: Failed to validate the user.
Login incorrect (rlm_chap: Wrong user password): [TEST/<CHAP-Password>]
(from client localhost port 8 cli 00:E0:91:14:52:C3)
Delaying request 0 for 1 seconds


THe pppoe client's are mainly windows XP , windows Vista, linux, 3com,
cisco and netgear routers as well as the  pppoe-server is residing locally
on the same machine as freeradius  (that stores everything in mysql on the
other machine but that's not a clue) - none of them can authenticate so i
cant'believe it's th broken ppp client .

I've read FAQ,docs and list and have no other clues ...

MAYBE the  thing is that i have only TWO tables - racheck and radreply
(without ragroups etc...) and modified sql.conf to use queries for
radcheck and radreply ONLY... maybe this is the problem ? (but i cant see
the relevant error message )

Regards and thank You for Your time.
WZ


Dnia Śr Września 26 2007, 2:01 am, Alan DeKok napisał(a):
> Wojciech Ziniewicz wrote:
>> For the last few days I am trying to switch to CHAP authentication.
>> I've made proper changes to radiusd.conf and pppoe-server to demand CHAP
>> auth from users and here's what I get.
>>
>> Here's what we've got in the database :
>>
>> RADCHECK :
>>
>> TEST  	Cleartext-password  	:=  	TEST987
>> TEST 	Auth-Type 	:= 	CHAP
>> TEST 	Password 	== 	TEST987
>
>   Delete the last two entries.  They're wrong.
>
>
>> b) And fragment from the radius debug mode :
>>
>> rad_recv: Access-Request packet from host 127.0.0.1:3458, id=144,
>> length=88
> ...
>>         User-Name = "TEST"
>>         CHAP-Password = 0xdf6fe5d7a573bff814452731ef01f044df
> ...
>>   rlm_chap: Using clear text password "TEST987" for user TEST
>> authentication.
>>   rlm_chap: Password check failed
>
>   That should work.  If it doesn't, odds are that the PPP client is
> broken.
>
>   Alan DeKok.
>
>


-- 
Pozdrawiam,
Wojciech Ziniewicz
Administrator Cebit

More information about the Freeradius-Users mailing list