Calling-Station-Id problem
Alan DeKok
aland at deployingradius.com
Tue Mar 4 07:15:39 CET 2008
Rob wrote:
> While I am using Calling-Station-Id freeradius does not authenicate
> user. Without calling-station-id (user Rob) works Ok. Can anybody
> point me where is the problem?
> Checkval exists in radiusd.conf.
Checkval isn't needed. I have no idea why you would use it here.
> Freeradius 1.1.7
> user file:
> "Alan" User-Password == "12345", Calling-Station-Id == "000d88b7c2de"
You don't need quotes around the user name. The examples in the
"users" file show this. You need to use Cleartext-Password := ..., too.
This is in the FAQ.
> "Rob" User-Password == "123456"
> DEFAULT Auth-Type = EAP,EAP-Type == PEAP, Proxy-To-Realm = LOCAL
Delete that last line. I have no idea why so many people insist on
setting Auth-Type.
Can you please explain why you added it, and which documentation said
it was a good idea? All of the documentation that is shipped with the
server says that you are NOT supposed to add it.
> Log from radius -X:
...
> peap: copy_request_to_tunnel = no
The Calling-Station-Id is *not* present in the tunneled request.
So... unless you set this to "yes", the entry above in the "users" file
will NOT match!
And the debug log shows this:
...
> modcall[authorize]: module "files" returns notfound for request 6
See? No match.
> modcall: leaving group authorize (returns updated) for request 6
...
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for Alan with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
And then authentication fails.
Alan DeKok.
More information about the Freeradius-Users
mailing list