Freeradius+MySQL auth for PPTP (MSCHAP V2) failing

Ajitabh Pandey ajitabhpandey at gmail.com
Sat Jul 4 07:02:52 CEST 2009


Hello,

I am trying to setup the poptop authentication through freeradius with
mysql backend. Freeradius server as of now will only authenticate
users and do accounting. IP delegation will be done by poptop.

The radtest for a test user is successful.

# radtest myuser testpassword localhost 1812 'testing123'
Sending Access-Request of id 13 to 127.0.0.1 port 1812
	User-Name = "myuser"
	User-Password = "mypassword"
	NAS-IP-Address = A.B.C.D
	NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=20

Here are three insert I made in the mysql tables, may be they are of use:

insert into radcheck (username,attribute,op,value) values
('myuser','Crypt-Password',':=',encrypt('mypassword'));
insert into radgroupcheck (groupname,attribute,op,value) values
('dynamic','Auth-Type',':=','Crypt-Local');
insert into radgroupreply (groupname,attribute,op,value) values
('dynamic','Acct-Interim-Interval','=',60);

Here is the freeradius -X output snippet for authentication:

rad_recv: Access-Request packet from host 127.0.0.1 port 40483, id=65,
length=153
	Service-Type = Framed-User
	Framed-Protocol = PPP
	User-Name = "myuser"
	MS-CHAP-Challenge = 0x47359b9f4e6e11824858fd4b2a4a67c8
	MS-CHAP2-Response =
0x7700234d5c8cd2388b66dd01a736d817a8070000000000000000629ab9bb7a480528165b51e15fb04b5293cc5b2ed0d5d272
	Calling-Station-Id = "A.B.C.D"
	NAS-IP-Address = 127.0.0.1
	NAS-Port = 0
+- entering group authorize
	expand: %{User-Name} -> myuser
rlm_sql (sql): sql_set_user escaped user --> 'myuser'
rlm_sql (sql): Reserving sql socket id: 4
	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'myuser'           ORDER BY id
rlm_sql (sql): User found in radcheck table
	expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'myuser'           ORDER BY id
	expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'myuser'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [myuser/<no User-Password attribute>] (from client
localhost port 0 cli A.B.C.D)
  Found Post-Auth-Type Reject
  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform
requested action.
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 1.0 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 65 to 127.0.0.1 port 40483

The radiusd.conf file is more or less the default except I have added
the sql lines to it.

It will be great if someone can provide any help regarding this.
Please let me know if you need further information from my side.

Regards.
-- 
Ajitabh Pandey
http://ajitabhpandey.info/ | http://unixclinic.net/ |
http://buddingthoughts.info
ICQ - 150615062
Registered Linux User - 240748



More information about the Freeradius-Users mailing list