poptop + radius + mysql

Alessandro Agostini a.agostini at ifac.cnr.it
Wed Dec 23 16:15:16 CET 2009 

Hi to all,
I have completed reinstalled all suite on a new Linux box (Centos) for VPN Server.
I have installed:
- freeradius      v.1.1.3
- pptpd           v.1.3.4
- radiusclient-ng v.0.5.6.3

freeradius configured with sql backend; with radtest all is ok.
pptpd and radiusclient configured as in your guide: 
http://wiki.freeradius.org/PopTop

I try to create tunnel VPN from PC with XP Pro and I see this on pptpd log:

Dec 23 16:03:01 ns pptpd[24224]: CTRL: Starting call (launching pppd, opening GR  E)
Dec 23 16:03:01 ns pppd[24225]: Plugin radius.so loaded.
Dec 23 16:03:01 ns pppd[24225]: RADIUS plugin initialized.
Dec 23 16:03:01 ns pppd[24225]: Plugin radattr.so loaded.
Dec 23 16:03:01 ns pppd[24225]: RADATTR plugin initialized.
Dec 23 16:03:01 ns pppd[24225]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Dec 23 16:03:01 ns pppd[24225]: pptpd-logwtmp: $Version$
Dec 23 16:03:01 ns pppd[24225]: pppd 2.4.4 started by root, uid 0
Dec 23 16:03:01 ns pppd[24225]: Using interface ppp0
Dec 23 16:03:01 ns pppd[24225]: Connect: ppp0 <--> /dev/pts/3
Dec 23 16:03:04 ns pptpd[24224]: CTRL: Ignored a SET LINK INFO packet with real 
   ACCMs!
Dec 23 16:03:04 ns pppd[24225]: rc_avpair_new: unknown attribute 11
Dec 23 16:03:04 ns pppd[24225]: rc_avpair_new: unknown attribute 25
Dec 23 16:03:14 ns pppd[24225]: Peer agostini failed CHAP authentication
Dec 23 16:03:14 ns pppd[24225]: Connection terminated.
Dec 23 16:03:14 ns pppd[24225]: Exit.
Dec 23 16:03:14 ns pptpd[24224]: CTRL: Client 149.xxx.xxx.xxx control connection 
   finished

and this in radiusd -X log:

rad_recv: Access-Request packet from host 127.0.0.1:59350, id=41, length=70
         Service-Type = Framed-User
         Framed-Protocol = PPP
         User-Name = "agostini"
         Calling-Station-Id = "149.xxx.xxx.xxx"
         NAS-IP-Address = 149.xxx.yyy.yyy
         NAS-Port = 0
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   modcall[authorize]: module "chap" returns noop for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
     rlm_realm: No '@' in User-Name = "agostini", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 0
   rlm_eap: No EAP-Message, not doing EAP
   modcall[authorize]: module "eap" returns noop for request 0
     users: Matched entry DEFAULT at line 171
     users: Matched entry DEFAULT at line 183
   modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'agostini'
rlm_sql (sql): sql_set_user escaped user --> 'agostini'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck 
           WHERE Username = 'agostini'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply 
           WHERE Username = 'agostini'           ORDER BY id'
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
   modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 41 to 127.0.0.1 port 59350
Waking up in 4 seconds...

The dictionary.microsoft is generated from schema in your site 
http://wiki.freeradius.org/PopTop

I see onluy User-Name attribute but no the other MS-CHAP....

Can you help me?
Have you any idea if there are tools to deep diagnostic for this problem?

Thank you in advance and Merry Christmas!
Alessandro
-- 
Servizio informatica e comunicazioni
CNR - Istituto Fisica Applicata "N.Carrara"
Via Madonna del Piano,10 Sesto Fiorentino (FI)
---------------------------------------------
http://www.ifac.cnr.it - tel. 055 5226406

More information about the Freeradius-Users mailing list