Problem ms-chapv2

Влад Власов vlasglass at mail.ru
Mon Feb 7 08:06:04 CET 2011


Hello.Please help me.I try to setup FreeRadius (FreeBSD 7.2-RELEASE amd64)to setup as proxy.Windows clients can`t connect this default settings in pppoe connection (on tab security enabled all auth protocols) server send 691 error.If i disable all protocols except mschapv1 everything works fine without errors.
Please tell me what I am doing wrong.All settings in the conf files by default, changed only proxy.conf and client.conf.
I tried 2.1.10 ,2.1.9 versions.

----------------------------------------Auth Fail ---------------------------------------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1 port 61233, id=68, length=277
        NAS-Identifier = "PPPoE.mk.loc"
        NAS-IP-Address = 172.20.192.4
        Message-Authenticator = 0x33297e1e26330d6c0df04a4b015b446c
        Acct-Session-Id = "7056520-TA233-3766-144"
        NAS-Port = 144
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0022687293f7"
        NAS-Port-Id = "vlan3766"
        Vendor-12341-Attr-12 = 0x54413233332d333736362d313434
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Client-Endpoint:0 = "00:22:68:72:93:f7"
        User-Name = "test-user at moco"
        MS-CHAP-Challenge = 0xbb1e68bfac6b679afbba56b6670fde86
        MS-CHAP2-Response = 0x0100a945a3ba1dad2b9d2e95511c58f8464a0000000000000000aab387818928b6f430030d50fc68517c64c578458737b561
Mon Feb  7 10:28:40 2011 : Info: +- entering group authorize {...}
Mon Feb  7 10:28:40 2011 : Info: ++[preprocess] returns ok
Mon Feb  7 10:28:40 2011 : Info: ++[chap] returns noop
Mon Feb  7 10:28:40 2011 : Info: [mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
Mon Feb  7 10:28:40 2011 : Info: ++[mschap] returns ok
Mon Feb  7 10:28:40 2011 : Info: ++[digest] returns noop
Mon Feb  7 10:28:40 2011 : Info: [suffix] Looking up realm "moco" for User-Name = "test-user at moco"
Mon Feb  7 10:28:40 2011 : Info: [suffix] Found realm "moco"
Mon Feb  7 10:28:40 2011 : Info: [suffix] Adding Stripped-User-Name = "test-user"
Mon Feb  7 10:28:40 2011 : Info: [suffix] Adding Realm = "moco"
Mon Feb  7 10:28:40 2011 : Info: [suffix] Proxying request from user test-user to realm moco
Mon Feb  7 10:28:40 2011 : Info: [suffix] Preparing to proxy authentication request to realm "moco"
Mon Feb  7 10:28:40 2011 : Info: ++[suffix] returns updated
Mon Feb  7 10:28:40 2011 : Info: [eap] No EAP-Message, not doing EAP
Mon Feb  7 10:28:40 2011 : Info: ++[eap] returns noop
Mon Feb  7 10:28:40 2011 : Info: [files] users: Matched entry DEFAULT at line 172
Mon Feb  7 10:28:40 2011 : Info: ++[files] returns ok
Mon Feb  7 10:28:40 2011 : Info: ++[expiration] returns noop
Mon Feb  7 10:28:40 2011 : Info: ++[logintime] returns noop
Mon Feb  7 10:28:40 2011 : Info: ++[pap] returns noop
Mon Feb  7 10:28:40 2011 : Info:   WARNING: Empty pre-proxy section.  Using default return values.
Sending Access-Request of id 255 to 172.20.192.19 port 1812
        NAS-Identifier = "PPPoE.mk.loc"
        NAS-IP-Address = 172.20.192.4
        Message-Authenticator = 0x00000000000000000000000000000000
        Acct-Session-Id = "7056520-TA233-3766-144"
        NAS-Port = 144
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0022687293f7"
        NAS-Port-Id = "vlan3766"
        Vendor-12341-Attr-12 = 0x54413233332d333736362d313434
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Client-Endpoint:0 = "00:22:68:72:93:f7"
        User-Name = "test-user"
        MS-CHAP-Challenge = 0xbb1e68bfac6b679afbba56b6670fde86
        MS-CHAP2-Response = 0x0100a945a3ba1dad2b9d2e95511c58f8464a0000000000000000aab387818928b6f430030d50fc68517c64c578458737b561
        Proxy-State = 0x3638
Mon Feb  7 10:28:40 2011 : Info: Proxying request 65 to home server 172.20.192.19 port 1812
Sending Access-Request of id 255 to 172.20.192.19 port 1812
        NAS-Identifier = "PPPoE.mk.loc"
        NAS-IP-Address = 172.20.192.4
        Message-Authenticator = 0x00000000000000000000000000000000
        Acct-Session-Id = "7056520-TA233-3766-144"
        NAS-Port = 144
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0022687293f7"
        NAS-Port-Id = "vlan3766"
        Vendor-12341-Attr-12 = 0x54413233332d333736362d313434
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Client-Endpoint:0 = "00:22:68:72:93:f7"
        User-Name = "test-user"
        MS-CHAP-Challenge = 0xbb1e68bfac6b679afbba56b6670fde86
        MS-CHAP2-Response = 0x0100a945a3ba1dad2b9d2e95511c58f8464a0000000000000000aab387818928b6f430030d50fc68517c64c578458737b561
        Proxy-State = 0x3638
Mon Feb  7 10:28:40 2011 : Debug: Going to the next request
Mon Feb  7 10:28:40 2011 : Debug: Waking up in 0.4 seconds.
rad_recv: Access-Reject packet from host 172.20.192.19 port 1812, id=255, length=43
        Reply-Message = "Authorization failed."
Mon Feb  7 10:28:40 2011 : Info: +- entering group post-proxy {...}
Mon Feb  7 10:28:40 2011 : Info: [eap] No pre-existing handler found
Mon Feb  7 10:28:40 2011 : Info: ++[eap] returns noop
Mon Feb  7 10:28:40 2011 : Auth: Login incorrect (Home Server says so): [test-user/<via Auth-Type = mschap>] (from client localhost port 144 cli 0022687293f7)
Mon Feb  7 10:28:40 2011 : Info: Using Post-Auth-Type Reject
Mon Feb  7 10:28:40 2011 : Info: +- entering group REJECT {...}
Mon Feb  7 10:28:40 2011 : Info: [attr_filter.access_reject]    expand: %{User-Name} -> test-user at moco
Mon Feb  7 10:28:40 2011 : Debug:  attr_filter: Matched entry DEFAULT at line 11
Mon Feb  7 10:28:40 2011 : Info: ++[attr_filter.access_reject] returns updated
Mon Feb  7 10:28:40 2011 : Info: Delaying reject of request 65 for 1 seconds
Mon Feb  7 10:28:40 2011 : Debug: Going to the next request
Mon Feb  7 10:28:40 2011 : Debug: Waking up in 0.4 seconds.
---------------------------------------------------------------------------Auth OK---------------------------------------------------------------------------------------------- 

rad_recv: Access-Request packet from host 127.0.0.1 port 51279, id=215, length=269
        NAS-Identifier = "PPPoE.mk.loc"
        NAS-IP-Address = 172.20.192.4
        Message-Authenticator = 0x539b02bddfa871d7d243e10a9f9a5446
        Acct-Session-Id = "7057178-TA233-3766-393"
        NAS-Port = 393
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0022687293f7"
        NAS-Port-Id = "vlan3766"
        Vendor-12341-Attr-12 = 0x54413233332d333736362d333933
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Client-Endpoint:0 = "00:22:68:72:93:f7"
        User-Name = "test-user at moco"
        MS-CHAP-Challenge = 0xbb1e68f8719180f3
        MS-CHAP-Response = 0x0101000000000000000000000000000000000000000000000000d31328621ef9a79e6c1967d3fe23b98a82f34c9603465d55
Mon Feb  7 10:39:38 2011 : Info: +- entering group authorize {...}
Mon Feb  7 10:39:38 2011 : Info: ++[preprocess] returns ok
Mon Feb  7 10:39:38 2011 : Info: ++[chap] returns noop
Mon Feb  7 10:39:38 2011 : Info: [mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
Mon Feb  7 10:39:38 2011 : Info: ++[mschap] returns ok
Mon Feb  7 10:39:38 2011 : Info: ++[digest] returns noop
Mon Feb  7 10:39:38 2011 : Info: [suffix] Looking up realm "moco" for User-Name = "test-user at moco"
Mon Feb  7 10:39:38 2011 : Info: [suffix] Found realm "moco"
Mon Feb  7 10:39:38 2011 : Info: [suffix] Adding Stripped-User-Name = "test-user"
Mon Feb  7 10:39:38 2011 : Info: [suffix] Adding Realm = "moco"
Mon Feb  7 10:39:38 2011 : Info: [suffix] Proxying request from user test-user to realm moco
Mon Feb  7 10:39:38 2011 : Info: [suffix] Preparing to proxy authentication request to realm "moco"
Mon Feb  7 10:39:38 2011 : Info: ++[suffix] returns updated
Mon Feb  7 10:39:38 2011 : Info: [eap] No EAP-Message, not doing EAP
Mon Feb  7 10:39:38 2011 : Info: ++[eap] returns noop
Mon Feb  7 10:39:38 2011 : Info: [files] users: Matched entry DEFAULT at line 172
Mon Feb  7 10:39:38 2011 : Info: ++[files] returns ok
Mon Feb  7 10:39:38 2011 : Info: ++[expiration] returns noop
Mon Feb  7 10:39:38 2011 : Info: ++[logintime] returns noop
Mon Feb  7 10:39:38 2011 : Info: ++[pap] returns noop
Mon Feb  7 10:39:38 2011 : Info:   WARNING: Empty pre-proxy section.  Using default return values.
Sending Access-Request of id 132 to 172.20.192.19 port 1812
        NAS-Identifier = "PPPoE.mk.loc"
        NAS-IP-Address = 172.20.192.4
        Message-Authenticator = 0x00000000000000000000000000000000
        Acct-Session-Id = "7057178-TA233-3766-393"
        NAS-Port = 393
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0022687293f7"
        NAS-Port-Id = "vlan3766"
        Vendor-12341-Attr-12 = 0x54413233332d333736362d333933
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Client-Endpoint:0 = "00:22:68:72:93:f7"
        User-Name = "test-user"
        MS-CHAP-Challenge = 0xbb1e68f8719180f3
        MS-CHAP-Response = 0x0101000000000000000000000000000000000000000000000000d31328621ef9a79e6c1967d3fe23b98a82f34c9603465d55
        Proxy-State = 0x323135
Mon Feb  7 10:39:38 2011 : Info: Proxying request 24 to home server 172.20.192.19 port 1812
Sending Access-Request of id 132 to 172.20.192.19 port 1812
        NAS-Identifier = "PPPoE.mk.loc"
        NAS-IP-Address = 172.20.192.4
        Message-Authenticator = 0x00000000000000000000000000000000
        Acct-Session-Id = "7057178-TA233-3766-393"
        NAS-Port = 393
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0022687293f7"
        NAS-Port-Id = "vlan3766"
        Vendor-12341-Attr-12 = 0x54413233332d333736362d333933
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Client-Endpoint:0 = "00:22:68:72:93:f7"
        User-Name = "test-user"
        MS-CHAP-Challenge = 0xbb1e68f8719180f3
        MS-CHAP-Response = 0x0101000000000000000000000000000000000000000000000000d31328621ef9a79e6c1967d3fe23b98a82f34c9603465d55
        Proxy-State = 0x323135
Mon Feb  7 10:39:38 2011 : Debug: Going to the next request
Mon Feb  7 10:39:38 2011 : Debug: Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 172.20.192.19 port 1812, id=132, length=703
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 864000
        Acct-Interim-Interval = 180
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-CHAP-MPPE-Keys = 0x2e6b0d1ca7472bb173f893b5365eb36218b1a3efe287dd370000000000000000
        Vendor-12341-Attr-6 = 0x38392e3233362e3139322e302f3138
        Vendor-12341-Attr-6 = 0x38312e39352e3232342e302f3230
        Vendor-12341-Attr-6 = 0x38392e3134362e36342e302f3138
        Vendor-12341-Attr-6 = 0x38322e3231352e36342e302f3138
        Vendor-12341-Attr-6 = 0x38332e36392e3132382e302f3139
        Vendor-12341-Attr-6 = 0x38332e3232312e3136312e302f3234
        Vendor-12341-Attr-6 = 0x38332e3232312e3136302e302f3139
        Vendor-12341-Attr-6 = 0x3231372e32392e3131322e302f3230
        Vendor-12341-Attr-6 = 0x38342e35342e36342e302f3138
        Vendor-12341-Attr-6 = 0x38352e3131372e3232342e302f3139
        Vendor-12341-Attr-6 = 0x38372e3233372e3233322e302f3231
        Vendor-12341-Attr-6 = 0x39312e3138382e3132382e302f3139
        Vendor-12341-Attr-6 = 0x39312e3139362e37362e302f3232
        Vendor-12341-Attr-6 = 0x3231332e3230362e33322e302f3139
        Vendor-12341-Attr-6 = 0x3231372e31322e38302e302f3230
        Vendor-12341-Attr-6 = 0x3139352e3135382e302e302f3139
        Vendor-12341-Attr-6 = 0x3139332e32372e3230362e302f3233
        Vendor-12341-Attr-6 = 0x37372e3232302e3139322e302f3139
        Vendor-12341-Attr-6 = 0x38302e38302e3230382e302f3230
        Vendor-12341-Attr-6 = 0x3231332e3233302e36342e302f3138
        Vendor-12341-Attr-6 = 0x39312e3230342e3233362e302f3232
        Vendor-12341-Attr-6 = 0x36322e3230392e3132382e302f3230
        Vendor-12341-Attr-7 = 0x696e23313d616c6c20726174652d6c696d697420313032343030302031323830303020313238303030
        Vendor-12341-Attr-7 = 0x6f757423313d616c6c20726174652d6c696d697420313032343030302031323830303020313238303030
Mon Feb  7 10:39:38 2011 : Info: +- entering group post-proxy {...}
Mon Feb  7 10:39:38 2011 : Info: [eap] No pre-existing handler found
Mon Feb  7 10:39:38 2011 : Info: ++[eap] returns noop
Mon Feb  7 10:39:38 2011 : Info: Found Auth-Type = MSCHAP
Mon Feb  7 10:39:38 2011 : Info: Found Auth-Type = Accept
Mon Feb  7 10:39:38 2011 : Error: Warning:  Found 2 auth-types on request for user 'test-user'
Mon Feb  7 10:39:38 2011 : Info: Auth-Type = Accept, accepting the user
Mon Feb  7 10:39:38 2011 : Auth: Login OK: [test-user/<via Auth-Type = mschap>] (from client localhost port 393 cli 0022687293f7)
Mon Feb  7 10:39:38 2011 : Info: +- entering group post-auth {...}
Mon Feb  7 10:39:38 2011 : Info: ++[exec] returns noop
Sending Access-Accept of id 215 to 127.0.0.1 port 51279
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 864000
        Acct-Interim-Interval = 180
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-CHAP-MPPE-Keys = 0x2e6b0d1ca7472bb173f893b5365eb36218b1a3efe287dd370000000000000000
        Vendor-12341-Attr-6 = 0x38392e3233362e3139322e302f3138
        Vendor-12341-Attr-6 = 0x38312e39352e3232342e302f3230
        Vendor-12341-Attr-6 = 0x38392e3134362e36342e302f3138
        Vendor-12341-Attr-6 = 0x38322e3231352e36342e302f3138
        Vendor-12341-Attr-6 = 0x38332e36392e3132382e302f3139
        Vendor-12341-Attr-6 = 0x38332e3232312e3136312e302f3234
        Vendor-12341-Attr-6 = 0x38332e3232312e3136302e302f3139
        Vendor-12341-Attr-6 = 0x3231372e32392e3131322e302f3230
        Vendor-12341-Attr-6 = 0x38342e35342e36342e302f3138
        Vendor-12341-Attr-6 = 0x38352e3131372e3232342e302f3139
        Vendor-12341-Attr-6 = 0x38372e3233372e3233322e302f3231
        Vendor-12341-Attr-6 = 0x39312e3138382e3132382e302f3139
        Vendor-12341-Attr-6 = 0x39312e3139362e37362e302f3232
        Vendor-12341-Attr-6 = 0x3231332e3230362e33322e302f3139
        Vendor-12341-Attr-6 = 0x3231372e31322e38302e302f3230
        Vendor-12341-Attr-6 = 0x3139352e3135382e302e302f3139
        Vendor-12341-Attr-6 = 0x3139332e32372e3230362e302f3233
        Vendor-12341-Attr-6 = 0x37372e3232302e3139322e302f3139
        Vendor-12341-Attr-6 = 0x38302e38302e3230382e302f3230
        Vendor-12341-Attr-6 = 0x3231332e3233302e36342e302f3138
        Vendor-12341-Attr-6 = 0x39312e3230342e3233362e302f3232
        Vendor-12341-Attr-6 = 0x36322e3230392e3132382e302f3230
        Vendor-12341-Attr-7 = 0x696e23313d616c6c20726174652d6c696d697420313032343030302031323830303020313238303030
        Vendor-12341-Attr-7 = 0x6f757423313d616c6c20726174652d6c696d697420313032343030302031323830303020313238303030
Mon Feb  7 10:39:38 2011 : Info: Finished request 24.
Mon Feb  7 10:39:38 2011 : Debug: Going to the next request


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110207/7b5e6896/attachment.html>


More information about the Freeradius-Users mailing list