mschapv2 problem

[Alan DeKok]

Cristian Novac wrote:
> The authentication is still not working
> I attached the log I got when running in debug mode;

  It's long and informative.  As was pointed out, it includes a lot of
issues that you should fix.

  In short, you configured "Auth-Type" somewhere, and broke the server.
 The debug log shows this clearly:

modcall: entering group authorize for request 10
  modcall[authorize]: module "preprocess" returns ok for request 10
  modcall[authorize]: module "chap" returns noop for request 10
  rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'

- So mschap should be used for authentication

  modcall[authorize]: module "mschap" returns ok for request 10
    rlm_realm: No '@' in User-Name = "BE2048", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 10
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 10
    users: Matched entry BE2048 at line 108

- Which is:

BE2048	Auth-Type := Local, User-Password == "mypass at wd"

  See?  All of the documentation and Wiki pages say don't set Auth-Type.
 Why?  Because ALMOST EVERYONE GETS IT WRONG.

  DELETE EVERY REFERENCE TO "Auth-Type := Local"

  You configured the server to prevent MS-CHAP authentication.  The
debug log shows this.  It's not hard to find:  look for the first
instance of the word "reject" while it's processing a request.  Then,
read the lines above that.

  Also, upgrade to 1.1.7.  There are many fixes, and more documentation
saying what to do, and what not to do.

  Alan DeKok.