freeradius+freebsd

Konstantin Chekushin koch2 at inbox.lv
Thu Feb 4 08:02:02 CET 2010 

Try to define 
pap {
        auto_header = yes
}
 Quoting James Devine : I'm trying to setup a freeradius server on
freebsd7 to authenticate
 against the local passwd file and seem to be running into some
 problems.
 in sites-available/default I setup authorize/authenticate such as:
 authorize {
 preprocess
 chap
 mschap
 suffix
 unix
 files
 expiration
 logintime
 pap
 }
 authenticate {
 Auth-Type PAP {
 pap
 }
 Auth-Type CHAP {
 chap
 }
 Auth-Type MS-CHAP {
 mschap
 }
 unix
 }
 and /etc/pam.d/radiusd setup such as:
 # auth
 auth            required        pam_unix.so             no_warn
try_first_pass
 # account
 account         required        pam_nologin.so
 account         required        pam_login_access.so
 account         required        pam_unix.so
 # session
 session         required        pam_permit.so
 # password
 password        required        pam_unix.so             no_warn
try_first_pass
 And I get this output:
 rad_recv: Access-Request packet from host 10.10.10.231 port 57714,
 id=94, length=96
 User-Name = "testuser"
 Service-Type = Login-User
 NAS-IP-Address = 10.10.10.140
 NAS-Port = 4
 Calling-Station-Id = "10.10.10.140"
 NAS-Port-Type = Virtual
 User-Password = "testpass"
 NAS-Port-Id = "tty4"
 +- entering group authorize {...}
 [preprocess]   hints: Matched DEFAULT at 23
 [preprocess]    expand: %{Packet-Src-IP-Address} -> 10.10.10.231
 [preprocess]    expand: %{Packet-Type} -> Access-Request
 [preprocess]    expand: %{Packet-Src-IP-Address} -> 10.10.10.231
 [preprocess]    expand: %{Packet-Src-IP-Address} -> 10.10.10.231
 [preprocess]   hints: Matched DEFAULT at 87
 [preprocess]   hints: Matched DEFAULT at 76
 [preprocess]    expand: %{Packet-Src-IP-Address} -> 10.10.10.231
 [preprocess]    expand: %{Packet-Src-IP-Address} -> 10.10.10.231
 ++[preprocess] returns ok
 ++[chap] returns noop
 ++[mschap] returns noop
 [suffix] No '@' in User-Name = "testuser", looking up realm NULL
 [suffix] No such realm "NULL"
 ++[suffix] returns noop
 ++[unix] returns updated
 [files] users: Matched entry DEFAULT at line 2
 ++[files] returns ok
 ++[expiration] returns noop
 ++[logintime] returns noop
 ++[pap] returns updated
 Found Auth-Type = PAP
 +- entering group PAP {...}
 [pap] login attempt with password "testpass"
 [pap] Using CRYPT encryption.
 [pap] Passwords don't match
 ++[pap] returns reject
 Failed to authenticate the user.
 Login incorrect (rlm_pap: CRYPT password check failed):
 [testuser/testpass] (from client boss1_internal port 4 cli
 10.10.10.140)
 Using Post-Auth-Type Reject
 +- entering group REJECT {...}
 [attr_filter.access_reject]     expand: %{User-Name} -> testuser
 attr_filter: Matched entry DEFAULT at line 11
 ++[attr_filter.access_reject] returns updated
 Sending Access-Reject of id 94 to 10.10.10.231 port 57714
 Finished request 0.
 Going to the next request
 Waking up in 4.9 seconds.
 Cleaning up request 0 ID 94 with timestamp +10
 Ready to process requests.
 The password is correct, I'm not sure if the CRYPT encryption method
 is correct because I believe the passwords are stored as md5 hashes
in
 the passwd file, any idea where I may be going wrong?
 -
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
 

Links:
------
[1] mailto:fxmulder at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100204/caeb8c8a/attachment.html>

More information about the Freeradius-Users mailing list