Framed-Protocol PPP question

Jonas Fornander support at
Thu Aug 16 19:31:46 CEST 2012

Jonas Fornander wrote:
> [jonas] Below is the whole log for that connection attempt. 

  You either edited the debug log, or you edited the default configuration,
and broke it.

  Don't do that.
[jonas] I have not edited any configuration. I apologize if the debug log
was edited.

  There should be a LOT more modules being run in the "authorize"
section.  One of them reads the "users" file.

  If you don't know what the authorize section does, don't edit it.  You
will break the server.

[jonas] Here is the first connection request in the debug log. I have not
done any edits to any configurations. I have just added clients to the
clients.conf - I got the list from the vendor - and a user to the users
file. That's it.

Ready to process requests.
rad_recv: Access-Request packet from host port 1814, id=253,
        User-Name = "3108396020 at"
        CHAP-Password = 0x01365cef3e4c1cd1ea35f46d6535a9b23a
        CHAP-Challenge = 0xca4519d4ab276a48e4973b5b00dc43d6
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Identifier = "lsanca54-seb3"
        NAS-Port = 67371072
        NAS-Real-Port = 1140850918
        NAS-Port-Type = Virtual
        NAS-Port-Id = "4/4 vpi-vci 0 230 pppoe 343"
        Medium-Type = DSL
        Mac-Addr = "58-6d-8f-3e-7e-40"
        Connect-Info = "covad"
        Platform-Type = SmartEdge-800
        OS-Version = ""
        Acct-Session-Id = "0303003F28004E4F-502C6F25"
        Framed-IP-Address =
        NAS-IP-Address =
        Message-Authenticator = 0x1bf354e361c1dbfcefffeffac95d98e2
        Proxy-State = 0x313838
# Executing section authorize from file
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "" for User-Name =
"3108396020 at"
[suffix] No such realm ""
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "3108396020 at" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Login incorrect (rlm_chap: Clear text password not available):
[3108396020 at<CHAP-Password>] (from client LosAngeles port
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} ->
3108396020 at
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 253 to port 1814
        Proxy-State = 0x313838
Waking up in 4.9 seconds.
Cleaning up request 0 ID 253 with timestamp +9726
Ready to process requests.


More information about the Freeradius-Users mailing list