Freeradius 2 + MySQL + MD5 hash don't work
joaocdc at gmail.com
joaocdc at gmail.com
Thu Mar 17 21:42:30 CET 2011
Dear Phil,
By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also
fails.
Authentication is what I'm doing wireless network.
Below is the result of debugging when I removed the Auth-Type PAP table
radgroupcheck:
[sql_visitantes] expand: %{Stripped-User-Name} -> usql2
[sql_visitantes] sql_set_user escaped user --> 'usql2'
rlm_sql (sql_visitantes): Reserving sql socket id: 1
[sql_visitantes] expand: SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute,
value, op FROM radcheck WHERE username =
'usql2' ORDER BY id
[sql_visitantes] User found in radcheck table
[sql_visitantes] expand: SELECT id, username, attribute, value,
op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute,
value, op FROM radreply WHERE username =
'usql2' ORDER BY id
[sql_visitantes] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority -> SELECT groupname FROM radusergroup WHERE
username = 'usql2' ORDER BY priority
[sql_visitantes] expand: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = 'visitantes' ORDER BY id
[sql_visitantes] User found in group visitantes
[sql_visitantes] expand: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE
groupname = 'visitantes' ORDER BY id
rlm_sql (sql_visitantes): Released sql socket id: 1
+++[sql_visitantes] returns ok
++- if (Realm == "visitantes" ) returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
*[eap] EAP/mschapv2*
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: usql2 at visitantes
[mschap] Told to do MS-CHAPv2 for usql2 at visitantes with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
2011/3/17 Phil Mayers <p.mayers at imperial.ac.uk>
> On 03/17/2011 08:01 PM, joaocdc at gmail.com wrote:
>
>
>> *[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not
>> contain a User-Password attribute!*
>>
>>
> This is very clear:
>
>
>
>
>> mysql> select * from radgroupcheck;
>> +----+------------+-----------+----+-------+
>> | id | groupname | attribute | op | value |
>> +----+------------+-----------+----+-------+
>> | 1 | visitantes | Auth-Type | := | PAP |
>> +----+------------+-----------+----+-------+
>> 1 row in set (0.00 sec)
>>
>
> This is wrong. Remove it.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
João Paulo de Lima Barbosa
Fone: (45) 9938-8399
Blog: http://joao.us
Twitter: @joaocdc
"O erro dos que tem poder é colocar barreiras para que ninguém os alcance,
incentivando-nos a buscar todas as formas que encontramos para alcança-los."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110317/0d555a96/attachment.html>
More information about the Freeradius-Users
mailing list