PAP dont decrypt

Lionne Stangier lionne.stangier at
Fri Jul 23 08:38:41 CEST 2010

I need help with the pap module.
I set modules/pap auto_header = yes, but if I start a test connect pap say:

[pap] No clear-text password in the request. Not performing PAP.

The password is MD5. 

Lionne Stangier

Radius -X
Its looks like the pap module can't load.

    set_auth_type = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP userPassword mapped to RADIUS MD5-Password
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x825fe58
 Module: Checking authorize {...} for more modules to load
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
    filename = "/usr/local/var/log/radius/radutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    perm = 384
    callerid = yes
 } # modules
} # server
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
    huntgroups = "/usr/local/etc/raddb/huntgroups"
    hints = "/usr/local/etc/raddb/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
    key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
    usersfile = "/usr/local/etc/raddb/users"
    acctusersfile = "/usr/local/etc/raddb/acct_users"
    preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
    compat = "no"
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
    detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
    header = "%t"
    detailperm = 384
    dirperm = 493
    locking = no
    log_packet_header = no
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
    radwtmp = "/usr/local/var/log/radius/radwtmp"
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
    attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
    key = "%{User-Name}"
 Module: Checking session {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
    attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
    key = "%{User-Name}"
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = *
    port = 0
listen {
    type = "acct"
    ipaddr = *
    port = 0
listen {
    type = "control"
 listen {
    socket = "/usr/local/var/run/radiusd/radiusd.sock"
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host port 1220, id=0, length=143
    User-Name = "lionne.stangier"
    NAS-IP-Address =
    Called-Station-Id = "0016b61397d9"
    Calling-Station-Id = "00166f09d8c6"
    NAS-Identifier = "0016b61397d9"
    NAS-Port = 23
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x02000014016c696f6e6e652e7374616e67696572
    Message-Authenticator = 0x67e298801458a6efcc4a916db9d62383
+- entering group authorize {...}
++[chap] returns noop
[ldap] performing user authorization for lionne.stangier
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[ldap]     ... expanding second conditional
[ldap]     expand: %{User-Name} -> lionne.stangier
[ldap]     expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=lionne.stangier)
[ldap]     expand: dc=allesklar,dc=com -> dc=allesklar,dc=com
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] attempting LDAP reconnection
  [ldap] (re)connect to, authentication 0
  [ldap] bind as / to
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
  [ldap] performing search in dc=allesklar,dc=com, with filter (uid=lionne.stangier)
[ldap] looking for check items in directory...
  [ldap] userPassword -> MD5-Password == 0x7b4d44357d556f73777963326e6b556d48634d3773674f713755513d3d
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
[ldap] user lionne.stangier authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
[pap] No clear-text password in the request.  Not performing PAP.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> lionne.stangier
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to port 1220
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +22
Ready to process requests.

More information about the Freeradius-Users mailing list