pap "Cleartext-Password", sql etc...

Andrew Long fursink at gmail.com
Wed Jan 30 21:31:51 CET 2008


When I have (radcheck) attribute `User-Password', authentication
succeeds but we see the following:

rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
  rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
  rlm_chap: Using clear text password "aromaescape" for user
elmaroma_cn3000 authentication.
  rlm_chap: chap user elmaroma_cn3000 authenticated succesfully
++[chap] returns ok

If I change the attribute to `Cleartext-Password', authentication
fails and I see:

rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
+- entering group CHAP
  rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
  rlm_chap: Cleartext-Password is required for authentication
++[chap] returns invalid
auth: Failed to validate the user.
Login incorrect (rlm_chap: Clear text password not available):
[elmaroma_cn3000/<CHAP-Password>] (from client cn3000_aroma port 0 cli
00-02-6F-xx-xx-92)

The "users" file
----------------------
DEFAULT	Fall-Through = 1
DEFAULT	Service-Type == Framed-User
	Framed-IP-Address = 255.255.255.254,
	Framed-MTU = 576,
	Service-Type = Framed-User,
	Fall-Through = Yes
DEFAULT	Framed-Protocol == PPP
	Framed-Protocol = PPP,
	Framed-Compression = Van-Jacobson-TCP-IP
---------------------
authorize {
	preprocess
	chap
	mschap
	suffix
	unix
	files
	sql
	expiration
	logintime
	noresetcounter
	dailycounter
	monthlycounter
	daypasscounter
	pap}
authenticate {
	pap
	chap
	mschap}

Thanks muchly,

Andrew Long
EWS



More information about the Freeradius-Users mailing list