Freeradius can't authenticate pptp users from Windows XP to LDAP
Edgard NDOUNA
legedgard at gmail.com
Thu Oct 8 17:23:35 CEST 2009
Hi Nelson ,
Thank you to you all, for your help. I've lost so much time trying to
find a solution for this.
Just by adding NT/LM pairs to each LDAP users object, everything works
fine now :)
How come couldn't I get this tip before ? That would have saved me a lot
of time.
Anyway, now everything is ok, I can move on.
Thanks so so much :) :)
Tede.
nf-vale a écrit :
> On Thursday 08 October 2009 15:05:24 Ivan Kalik wrote:
>
>> Just had a look at your ldap antries again. This doesn't look right:
>>
>> userPassword:: dGVzdGVy
>>
>> Shouldn't there be just one colon?
>>
>
> Two colons means that it's a BASE64 encoded field.
>
>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>>> You can add NT / LM pairs to each LDAP user object. You must include the
>>> samba.schema into the ldap server schemas.
>>>
>>> Ex:
>>>
>>> sambaNTPassword: CAF13D4F321E608B27FD75D2549BA53C
>>> sambaLMPassword: 02D093CE93038E2FAAD3B435B51404EE
>>>
>>>
>>> This way pptp MSCHAP auth will work.
>>>
>>>
>>> Nelson Vale
>>>
>>> On Thursday 08 October 2009 12:53:21 tede wrote:
>>>
>>>> Ivan Kalik wrote:
>>>>
>>>>>> Debug: rlm_ldap: performing search in ou=vpn,dc=home, with filter
>>>>>> (uid=light)
>>>>>> Debug: rlm_ldap: No default NMAS login sequence
>>>>>> Debug: rlm_ldap: looking for check items in directory...
>>>>>> Debug: rlm_ldap: looking for reply items in directory...
>>>>>> Debug: WARNING: No "known good" password was found in LDAP. Are you
>>>>>> sure that the user is configured correctly?
>>>>>>
>>>>> Hm, try adding mapping for Cleartext-Password as userPassword to
>>>>> ldap.attrmap.
>>>>>
>>>>> Ivan Kalik
>>>>> Kalik Informatika ISP
>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>>>
>>>> Hi Ivan, first of all, thanks for answering me :)
>>>>
>>>> So, here is the result after adding mapping for Cleartext-Password as
>>>> userPassword,
>>>> as we can see in the radius mapping part of the debug :
>>>>
>>>>
>>>> Info: FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Oct
>>>> 3
>>>> 2009 at 19:16:29
>>>> Info: Copyright (C) 1999-2008 The FreeRADIUS server project and
>>>> contributors.
>>>> Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR
>>>> A
>>>> Info: PARTICULAR PURPOSE.
>>>> Info: You may redistribute copies of FreeRADIUS under the terms of the
>>>> Info: GNU General Public License.
>>>> Info: Starting - reading configuration files ...
>>>> Debug: including configuration file /etc/freeradius/radiusd.conf
>>>> Debug: including configuration file /etc/freeradius/clients.conf
>>>> Debug: including configuration file /etc/freeradius/policy.conf
>>>> Debug: including files in directory /etc/freeradius/sites-enabled/
>>>> Debug: including configuration file
>>>> /etc/freeradius/sites-enabled/default
>>>> Debug: including configuration file
>>>> /etc/freeradius/sites-enabled/inner-tunnel
>>>> Debug: including dictionary file /etc/freeradius/dictionary
>>>> Debug: main {
>>>> Debug: prefix = "/usr"
>>>> Debug: localstatedir = "/var"
>>>> Debug: logdir = "/var/log/freeradius"
>>>> Debug: libdir = "/usr/lib/freeradius"
>>>> Debug: radacctdir = "/var/log/freeradius/radacct"
>>>> Debug: hostname_lookups = no
>>>> Debug: max_request_time = 30
>>>> Debug: cleanup_delay = 5
>>>> Debug: max_requests = 1024
>>>> Debug: allow_core_dumps = no
>>>> Debug: pidfile = "/var/run/freeradius/freeradius.pid"
>>>> Debug: user = "freerad"
>>>> Debug: group = "freerad"
>>>> Debug: checkrad = "/usr/sbin/checkrad"
>>>> Debug: debug_level = 0
>>>> Debug: proxy_requests = yes
>>>> Debug: security {
>>>> Debug: max_attributes = 200
>>>> Debug: reject_delay = 1
>>>> Debug: status_server = yes
>>>> Debug: }
>>>> Debug: }
>>>> Debug: client localhost {
>>>> Debug: ipaddr = 127.0.0.1
>>>> Debug: require_message_authenticator = no
>>>> Debug: secret = "hometest"
>>>> Debug: nastype = "other"
>>>> Debug: }
>>>> Debug: client 192.168.0.0/24 {
>>>> Debug: require_message_authenticator = no
>>>> Debug: secret = "hometest"
>>>> Debug: shortname = "private-network-1"
>>>> Debug: }
>>>> Debug: radiusd: #### Loading Realms and Home Servers ####
>>>> Debug: radiusd: #### Instantiating modules ####
>>>> Debug: instantiate {
>>>> Debug: (Loaded rlm_exec, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_exec
>>>> Debug: Module: Instantiating exec
>>>> Debug: exec {
>>>> Debug: wait = yes
>>>> Debug: input_pairs = "request"
>>>> Debug: shell_escape = yes
>>>> Debug: }
>>>> Debug: (Loaded rlm_expr, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_expr
>>>> Debug: Module: Instantiating expr
>>>> Debug: (Loaded rlm_expiration, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_expiration
>>>> Debug: Module: Instantiating expiration
>>>> Debug: expiration {
>>>> Debug: reply-message = "Password Has Expired "
>>>> Debug: }
>>>> Debug: (Loaded rlm_logintime, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_logintime
>>>> Debug: Module: Instantiating logintime
>>>> Debug: logintime {
>>>> Debug: reply-message = "You are calling outside your allowed timespan
>>>> "
>>>> Debug: minimum-timeout = 60
>>>> Debug: }
>>>> Debug: }
>>>> Debug: radiusd: #### Loading Virtual Servers ####
>>>> Debug: server inner-tunnel {
>>>> Debug: modules {
>>>> Debug: Module: Checking authenticate {...} for more modules to load
>>>> Debug: (Loaded rlm_pap, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_pap
>>>> Debug: Module: Instantiating pap
>>>> Debug: pap {
>>>> Debug: encryption_scheme = "auto"
>>>> Debug: auto_header = no
>>>> Debug: }
>>>> Debug: (Loaded rlm_chap, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_chap
>>>> Debug: Module: Instantiating chap
>>>> Debug: (Loaded rlm_mschap, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_mschap
>>>> Debug: Module: Instantiating mschap
>>>> Debug: mschap {
>>>> Debug: use_mppe = yes
>>>> Debug: require_encryption = no
>>>> Debug: require_strong = no
>>>> Debug: with_ntdomain_hack = no
>>>> Debug: }
>>>> Debug: (Loaded rlm_unix, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_unix
>>>> Debug: Module: Instantiating unix
>>>> Debug: unix {
>>>> Debug: radwtmp = "/var/log/freeradius/radwtmp"
>>>> Debug: }
>>>> Debug: (Loaded rlm_ldap, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_ldap
>>>> Debug: Module: Instantiating ldap
>>>> Debug: ldap {
>>>> Debug: server = "localhost"
>>>> Debug: port = 389
>>>> Debug: password = ""
>>>> Debug: identity = ""
>>>> Debug: net_timeout = 1
>>>> Debug: timeout = 4
>>>> Debug: timelimit = 3
>>>> Debug: tls_mode = no
>>>> Debug: start_tls = no
>>>> Debug: tls_require_cert = "allow"
>>>> Debug: tls {
>>>> Debug: start_tls = no
>>>> Debug: require_cert = "allow"
>>>> Debug: }
>>>> Debug: basedn = "ou=vpn,dc=home"
>>>> Debug: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>>>> Debug: base_filter = "(objectclass=radiusprofile)"
>>>> Debug: password_attribute = "userPassword"
>>>> Debug: auto_header = yes
>>>> Debug: access_attr_used_for_allow = yes
>>>> Debug: groupname_attribute = "cn"
>>>> Debug: groupmembership_filter =
>>>> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=Gr
>>>> oup OfUniqueNames)(uniquemember=%{Ldap-UserDn})))" Debug:
>>>> dictionary_mapping =
>>>> "/etc/freeradius/ldap.attrmap"
>>>> Debug: ldap_debug = 0
>>>> Debug: ldap_connections_number = 5
>>>> Debug: compare_check_items = no
>>>> Debug: do_xlat = yes
>>>> Debug: edir_account_policy_check = no
>>>> Debug: set_auth_type = no
>>>> Debug: }
>>>> Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group
>>>> Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap
>>>> Debug: rlm_ldap: reading ldap<->radius mappings from file
>>>> /etc/freeradius/ldap.attrmap
>>>> Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
>>>> Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
>>>> Debug: rlm_ldap: LDAP digestHA1 mapped to RADIUS Digest-HA1
>>>> Debug: rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
>>>> Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
>>>> Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
>>>> Simultaneous-Use
>>>> Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
>>>> Called-Station-Id
>>>> Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
>>>> Calling-Station-Id
>>>> Debug: rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
>>>> Debug: rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
>>>> Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
>>>> Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
>>>> Debug: rlm_ldap: LDAP ntHash mapped to RADIUS NT-Hash
>>>> Debug: rlm_ldap: LDAP lmHash mapped to RADIUS LM-Hash
>>>> Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
>>>> Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
>>>> Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
>>>> Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
>>>> Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS
>>>> Framed-Protocol
>>>> Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
>>>> Framed-IP-Address
>>>> Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
>>>> Framed-IP-Netmask
>>>> Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
>>>> Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS
>>>> Framed-Routing
>>>> Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
>>>> Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
>>>> Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
>>>> Framed-Compression
>>>> Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
>>>> Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
>>>> Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
>>>> Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS
>>>> Callback-Number
>>>> Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
>>>> Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
>>>> Framed-IPX-Network
>>>> Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class
>>>> Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS
>>>> Session-Timeout
>>>> Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
>>>> Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
>>>> Termination-Action
>>>> Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
>>>> Login-LAT-Service
>>>> Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
>>>> Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS
>>>> Login-LAT-Group
>>>> Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
>>>> Framed-AppleTalk-Link
>>>> Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
>>>> Framed-AppleTalk-Network
>>>> Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
>>>> Framed-AppleTalk-Zone
>>>> Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
>>>> Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
>>>> Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
>>>> Debug: conns: 0x85c8988
>>>> Debug: Module: Checking authorize {...} for more modules to load
>>>> Debug: (Loaded rlm_realm, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_realm
>>>> Debug: Module: Instantiating suffix
>>>> Debug: realm suffix {
>>>> Debug: format = "suffix"
>>>> Debug: delimiter = "@"
>>>> Debug: ignore_default = no
>>>> Debug: ignore_null = no
>>>> Debug: }
>>>> Debug: (Loaded rlm_files, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_files
>>>> Debug: Module: Instantiating files
>>>> Debug: files {
>>>> Debug: usersfile = "/etc/freeradius/users"
>>>> Debug: acctusersfile = "/etc/freeradius/acct_users"
>>>> Debug: preproxy_usersfile = "/etc/freeradius/preproxy_users"
>>>> Debug: compat = "no"
>>>> Debug: }
>>>> Debug: Module: Checking session {...} for more modules to load
>>>> Debug: (Loaded rlm_radutmp, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_radutmp
>>>> Debug: Module: Instantiating radutmp
>>>> Debug: radutmp {
>>>> Debug: filename = "/var/log/freeradius/radutmp"
>>>> Debug: username = "%{User-Name}"
>>>> Debug: case_sensitive = yes
>>>> Debug: check_with_nas = yes
>>>> Debug: perm = 384
>>>> Debug: callerid = yes
>>>> Debug: }
>>>> Debug: Module: Checking post-auth {...} for more modules to load
>>>> Debug: (Loaded rlm_attr_filter, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_attr_filter
>>>> Debug: Module: Instantiating attr_filter.access_reject
>>>> Debug: attr_filter attr_filter.access_reject {
>>>> Debug: attrsfile = "/etc/freeradius/attrs.access_reject"
>>>> Debug: key = "%{User-Name}"
>>>> Debug: }
>>>> Debug: }
>>>> Debug: }
>>>> Debug: server {
>>>> Debug: modules {
>>>> Debug: Module: Checking authenticate {...} for more modules to load
>>>> Debug: Module: Checking authorize {...} for more modules to load
>>>> Debug: (Loaded rlm_preprocess, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_preprocess
>>>> Debug: Module: Instantiating preprocess
>>>> Debug: preprocess {
>>>> Debug: huntgroups = "/etc/freeradius/huntgroups"
>>>> Debug: hints = "/etc/freeradius/hints"
>>>> Debug: with_ascend_hack = no
>>>> Debug: ascend_channels_per_line = 23
>>>> Debug: with_ntdomain_hack = no
>>>> Debug: with_specialix_jetstream_hack = no
>>>> Debug: with_cisco_vsa_hack = no
>>>> Debug: with_alvarion_vsa_hack = no
>>>> Debug: }
>>>> Debug: Module: Checking preacct {...} for more modules to load
>>>> Debug: (Loaded rlm_acct_unique, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_acct_unique
>>>> Debug: Module: Instantiating acct_unique
>>>> Debug: acct_unique {
>>>> Debug: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>>>> Client-IP-Address, NAS-Port"
>>>> Debug: }
>>>> Debug: Module: Checking accounting {...} for more modules to load
>>>> Debug: (Loaded rlm_detail, checking if it's valid)
>>>> Debug: Module: Linked to module rlm_detail
>>>> Debug: Module: Instantiating detail
>>>> Debug: detail {
>>>> Debug: detailfile =
>>>> "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>>>> Debug: header = "%t"
>>>> Debug: detailperm = 384
>>>> Debug: dirperm = 493
>>>> Debug: locking = no
>>>> Debug: log_packet_header = no
>>>> Debug: }
>>>> Debug: Module: Instantiating attr_filter.accounting_response
>>>> Debug: attr_filter attr_filter.accounting_response {
>>>> Debug: attrsfile = "/etc/freeradius/attrs.accounting_response"
>>>> Debug: key = "%{User-Name}"
>>>> Debug: }
>>>> Debug: Module: Checking session {...} for more modules to load
>>>> Debug: Module: Checking post-auth {...} for more modules to load
>>>> Debug: }
>>>> Debug: }
>>>> Debug: radiusd: #### Opening IP addresses and Ports ####
>>>> Debug: listen {
>>>> Debug: type = "auth"
>>>> Debug: ipaddr = *
>>>> Debug: port = 0
>>>> Debug: }
>>>> Debug: listen {
>>>> Debug: type = "acct"
>>>> Debug: ipaddr = *
>>>> Debug: port = 0
>>>> Debug: }
>>>> Debug: main {
>>>> Debug: snmp = no
>>>> Debug: smux_password = ""
>>>> Debug: snmp_write_access = no
>>>> Debug: }
>>>> Debug: Listening on authentication address * port 1812
>>>> Debug: Listening on accounting address * port 1813
>>>> Debug: Listening on proxy address * port 1814
>>>> Debug: Ready to process requests.
>>>> rad_recv: Access-Request packet from host 127.0.0.1 port 58943, id=90,
>>>> length=144
>>>> Service-Type = Framed-User
>>>> Framed-Protocol = PPP
>>>> User-Name = "light"
>>>> MS-CHAP-Challenge = 0x0478587b0fbb0f95a407ca180b2f8a37
>>>> MS-CHAP2-Response =
>>>> 0xd300647b6787cf9c9d95e042b5ba55d38d180000000000000000261560ec809d3c64ce
>>>> fc0 34d7af5be715a3570723e5dbe2f Calling-Station-Id = "192.168.0.1"
>>>> NAS-IP-Address = 0x0101
>>>> NAS-Port = 0
>>>> Debug: +- entering group authorize
>>>> Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for
>>>> request 0
>>>> Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess)
>>>> for request 0
>>>> Debug: ++[preprocess] returns ok
>>>> Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0
>>>> Debug: modsingle[authorize]: returned from chap (rlm_chap) for request
>>>> 0
>>>> Debug: ++[chap] returns noop
>>>> Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0
>>>> Debug: rlm_ldap: - authorize
>>>> Debug: rlm_ldap: performing user authorization for light
>>>> Debug: WARNING: Deprecated conditional expansion ":-". See "man unlang"
>>>> for details
>>>> Debug: expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=light)
>>>> Debug: expand: ou=vpn,dc=home -> ou=vpn,dc=home
>>>> Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
>>>> Debug: rlm_ldap: ldap_get_conn: Got Id: 0
>>>> Debug: rlm_ldap: attempting LDAP reconnection
>>>> Debug: rlm_ldap: (re)connect to localhost:389, authentication 0
>>>> Debug: rlm_ldap: bind as / to localhost:389
>>>> Debug: rlm_ldap: waiting for bind result ...
>>>> Debug: rlm_ldap: Bind was successful
>>>> Debug: rlm_ldap: performing search in ou=vpn,dc=home, with filter
>>>> (uid=light)
>>>> Debug: rlm_ldap: No default NMAS login sequence
>>>> Debug: rlm_ldap: looking for check items in directory...
>>>> Debug: rlm_ldap: looking for reply items in directory...
>>>> Debug: WARNING: No "known good" password was found in LDAP. Are you
>>>> sure
>>>> that the user is configured correctly?
>>>> Debug: rlm_ldap: user light authorized to use remote access
>>>> Debug: rlm_ldap: ldap_release_conn: Release Id: 0
>>>> Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request
>>>> 0
>>>> Debug: ++[ldap] returns ok
>>>> Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0
>>>> Debug: rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type =
>>>> mschap'
>>>> Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for
>>>> request 0
>>>> Debug: ++[mschap] returns ok
>>>> Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0
>>>> Debug: rlm_realm: No '@' in User-Name = "light", looking up realm
>>>> NULL
>>>> Debug: rlm_realm: No such realm "NULL"
>>>> Debug: modsingle[authorize]: returned from suffix (rlm_realm) for
>>>> request
>>>> 0
>>>> Debug: ++[suffix] returns noop
>>>> Debug: modsingle[authorize]: calling unix (rlm_unix) for request 0
>>>> Debug: modsingle[authorize]: returned from unix (rlm_unix) for request
>>>> 0
>>>> Debug: ++[unix] returns notfound
>>>> Debug: modsingle[authorize]: calling files (rlm_files) for request 0
>>>> Debug: modsingle[authorize]: returned from files (rlm_files) for
>>>> request
>>>> 0 Debug: ++[files] returns noop
>>>> Debug: modsingle[authorize]: calling expiration (rlm_expiration) for
>>>> request 0
>>>> Debug: modsingle[authorize]: returned from expiration (rlm_expiration)
>>>> for request 0
>>>> Debug: ++[expiration] returns noop
>>>> Debug: modsingle[authorize]: calling logintime (rlm_logintime) for
>>>> request 0
>>>> Debug: modsingle[authorize]: returned from logintime (rlm_logintime)
>>>> for
>>>> request 0
>>>> Debug: ++[logintime] returns noop
>>>> Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0
>>>> Debug: rlm_pap: WARNING! No "known good" password found for the user.
>>>> Authentication may fail because of this.
>>>> Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0
>>>>
>
>
>>>> Debug: ++[pap] returns noop
>>>> Debug: rad_check_password: Found Auth-Type mschap
>>>> Debug: auth: type "MSCHAP"
>>>> Debug: +- entering group MS-CHAP
>>>> Debug: modsingle[authenticate]: calling mschap (rlm_mschap) for
>>>> request 0
>>>> Debug: rlm_mschap: No Cleartext-Password configured. Cannot create
>>>> LM-Password.
>>>> Debug: rlm_mschap: No Cleartext-Password configured. Cannot create
>>>> NT-Password.
>>>> Debug: rlm_mschap: Told to do MS-CHAPv2 for light with NT-Password
>>>> Debug: rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
>>>> authentication.
>>>> Debug: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
>>>> Debug: modsingle[authenticate]: returned from mschap (rlm_mschap) for
>>>> request 0
>>>> Debug: ++[mschap] returns reject
>>>> Debug: auth: Failed to validate the user.
>>>> Auth: Login incorrect: [light/<via Auth-Type = mschap>] (from client
>>>> localhost port 0 cli 192.168.0.1)
>>>> Debug: Found Post-Auth-Type Reject
>>>> Debug: +- entering group REJECT
>>>> Debug: modsingle[post-auth]: calling attr_filter.access_reject
>>>> (rlm_attr_filter) for request 0
>>>> Debug: expand: %{User-Name} -> light
>>>> Debug: attr_filter: Matched entry DEFAULT at line 11
>>>> Debug: modsingle[post-auth]: returned from attr_filter.access_reject
>>>> (rlm_attr_filter) for request 0
>>>> Debug: ++[attr_filter.access_reject] returns updated
>>>> Debug: Delaying reject of request 0 for 1 seconds
>>>> Debug: Going to the next request
>>>> Debug: Waking up in 0.9 seconds.
>>>> Debug: Sending delayed reject for request 0
>>>> Sending Access-Reject of id 90 to 127.0.0.1 port 58943
>>>> Debug: Waking up in 4.9 seconds.
>>>> Debug: Cleaning up request 0 ID 90 with timestamp +7
>>>> Debug: Ready to process requests.
>>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091008/b0eb6a5d/attachment.html>
More information about the Freeradius-Users
mailing list