PPTP + FreeRadius + LDAP
Alexandre Chapellon
alexandre.chapellon at mana.pf
Thu Nov 27 19:06:06 CET 2008
Le 27.11.2008 07:17, Douglas Macedo a écrit :
> Hey TNT,
>
> On Thu, Nov 27, 2008 at 2:54 PM, <tnt at kalik.net
> <mailto:tnt at kalik.net>> wrote:
>
> >i force in WIndows Client to use only mschap2, but the problem
> continue:
> >
> >-
> >Module: Instantiated radutmp (radutmp)
> >Listening on authentication *:1812
> >Listening on accounting *:1813
> >Ready to process requests.
> >rad_recv: Access-Request packet from host 150.162.67.254:32858
> <http://150.162.67.254:32858>, id=109,
> >length=53
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > User-Name = "douglas"
> > NAS-IP-Address = 1.1.1.1 <http://1.1.1.1>
> > NAS-Port = 0
>
> This is nothing to do with freeradius. I don't see your NAS sending
> mschap attributes.
>
>
> How I can fix that? Where i configure that?
>
>
>
> >In PPTP debug show:
> >
> ..
> >Nov 27 11:35:39 epiderme pppd[12254]: rc_avpair_new: unknown
> attribute 11
> >Nov 27 11:35:39 epiderme pppd[12254]: rc_avpair_new: unknown
> attribute 25
>
> Has your radius client got mschap dictionary?
>
>
> I'm using the RadiusClient1 of Debian.
>
> --
> epiderme:/etc/radiusclient# ls -l
> total 52
> -rw-r--r-- 1 root root 6502 2008-11-26 13:10 dictionary
> -rw-r--r-- 1 root root 12388 2006-10-29 08:54 dictionary.ascend
> -rw-r--r-- 1 root root 1517 2006-10-29 08:54 dictionary.compat
> -rw-r--r-- 1 root root 599 2006-10-29 08:54 dictionary.merit
> -rw-r--r-- 1 root root 135 2006-10-29 08:54 issue
> -rw-r--r-- 1 root root 410 2006-10-29 08:54 port-id-map
> -rw-r--r-- 1 root root 2630 2008-11-24 15:24 radiusclient.conf
> -rwxr-xr-x 1 root root 2621 2008-11-24 13:33 radiusclient.conf.EPI
> -rw------- 1 root root 272 2008-11-24 13:12 servers
> --
Copy microsoft dictionnary from your freeradius install to your pptp
server, and add it to the dictionnary list.
Additionnaly (this may not be related to your problem) having multiple
require-<protocols> in pptpd config is a non-sense, if you want to
enable multiples protocols for authentications, use +pap, +chap,
+mschap.... instead of require-...
>
> --
> epiderme:/etc/radiusclient# cat radiusclient.conf
> auth_order radius,local
> login_tries 4
> login_timeout 60
> nologin /etc/nologin
> issue /etc/radiusclient/issue
> authserver ldap.telemedicina.ufsc.br
> <http://ldap.telemedicina.ufsc.br>
> acctserver ldap.telemedicina.ufsc.br
> <http://ldap.telemedicina.ufsc.br>
> servers /etc/radiusclient/servers
> dictionary /etc/radiusclient/dictionary
> login_radius /usr/sbin/login.radius
> seqfile /var/run/radius.seq
> mapfile /etc/radiusclient/port-id-map
> default_realm
> radius_timeout 10
> radius_retries 3
> login_local /bin/login
> --
>
>
> But I don't found the attributes to MS-CHAP:
>
> --
> epiderme:/etc/radiusclient# cat dictionary | grep MS-CHAP
> epiderme:/etc/radiusclient# cat dictionary | grep MSCHAP
> epiderme:/etc/radiusclient# cat dictionary | grep mschap
> --
>
> Just to CHAP:
>
> --
> epiderme:/etc/radiusclient# cat dictionary | grep -i chap
> ATTRIBUTE CHAP-Password 3 string
> ATTRIBUTE Chap-Challenge 60 string
> --
>
> That's correct?
No you need MS-CHAP Attributes
>
> Thanks a lot in advanced,
> Douglas
>
>
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
> --
> Douglas Macedo
> dmacedo at gmail.com <mailto:dmacedo at gmail.com>
> --
> Avalia-se a inteligência de um indivíduo pela quantidade de incertezas
> que ele é capaz de suportar.
> (Immanuel Kant)
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081127/acb0eb9d/attachment.html>
More information about the Freeradius-Users
mailing list