pap "Cleartext-Password", sql etc...
Andrew Long
fursink at gmail.com
Wed Jan 30 21:31:51 CET 2008
When I have (radcheck) attribute `User-Password', authentication
succeeds but we see the following:
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "CHAP"
+- entering group CHAP
rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
rlm_chap: Using clear text password "aromaescape" for user
elmaroma_cn3000 authentication.
rlm_chap: chap user elmaroma_cn3000 authenticated succesfully
++[chap] returns ok
If I change the attribute to `Cleartext-Password', authentication
fails and I see:
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
+- entering group CHAP
rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password
rlm_chap: Cleartext-Password is required for authentication
++[chap] returns invalid
auth: Failed to validate the user.
Login incorrect (rlm_chap: Clear text password not available):
[elmaroma_cn3000/<CHAP-Password>] (from client cn3000_aroma port 0 cli
00-02-6F-xx-xx-92)
The "users" file
----------------------
DEFAULT Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
---------------------
authorize {
preprocess
chap
mschap
suffix
unix
files
sql
expiration
logintime
noresetcounter
dailycounter
monthlycounter
daypasscounter
pap}
authenticate {
pap
chap
mschap}
Thanks muchly,
Andrew Long
EWS
More information about the Freeradius-Users
mailing list