Values for MySQL tables for pptpd ?

Ali Jawad ali.jawad at splendor.net
Wed May 23 11:48:50 CEST 2012 

Thanks for your patience so far.

I did edit include sql.conf and only edited authorize to uncomment sql line.

Now I am getting the below.

[chap] ERROR: You set 'Auth-Type = CHAP' for a request that does not
contain a CHAP-Password attribute!

I did try as LOCAL and it says set CHAP, I also tried mschap


##########

Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 36343, id=0,
length=67
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "test"
        Calling-Station-Id = "xxxxxxxx"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql]   expand: %{User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'test'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'test'
      ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op
    FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
  FROM radgroupcheck           WHERE groupname = 'normalusers'
ORDER BY id
[sql] User found in group normalusers
[sql]   expand: SELECT id, groupname, attribute,           value, op
    FROM radgroupreply           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           value, op
  FROM radgroupreply           WHERE groupname = 'normalusers'
ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] ERROR: You set 'Auth-Type = CHAP' for a request that does not
contain a CHAP-Password attribute!
++[chap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 127.0.0.1 port 36343
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +8
Ready to process requests.


My DB entries are :

INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES
(1, 'test', 'Cleartext-Password', '==', '123456'),

INSERT INTO `radgroupcheck` (`id`, `groupname`, `attribute`, `op`, `value`)
VALUES
(1, 'normalusers', 'Auth-Type', '==', 'chap');

INSERT INTO `radgroupreply` (`id`, `groupname`, `attribute`, `op`, `value`)
VALUES
(1, 'normalusers', 'Framed-Compression', '=', 'Van-Jacobson-TCP-IP'),
(2, 'normalusers', 'Framed-Protocol', '=', 'PPP'),
(3, 'normalusers', 'Service-Type', '=', 'Framed-User');

INSERT INTO `radreply` (`id`, `username`, `attribute`, `op`, `value`) VALUES
(1, 'test', 'Framed-IP-Address', '=', '192.168.100.233');

INSERT INTO `radusergroup` (`username`, `groupname`, `priority`) VALUES
('test', 'normalusers', 1);

On Wed, May 23, 2012 at 12:17 PM, Fajar A. Nugraha <list at fajar.net> wrote:

> On Wed, May 23, 2012 at 4:16 PM, Fajar A. Nugraha <list at fajar.net> wrote:
> > On Wed, May 23, 2012 at 4:11 PM, Ali Jawad <ali.jawad at splendor.net>
> wrote:
> >
> >> is there something
> >> that needs to be done so FR checks in the database like adding sql
> entries
> >> to authorize{}
> >
> > exactly. sites-available/default should be enough for pptpd since it
> > doesn't use EAP.
> > The comments on that file should be clear enough. Just uncomment "sql"
> > on authorize section.
>
> ... and don't forget to read radiusd.conf as well. Read the commetns
> there, and uncomment the line that includes sql.conf (since you didn't
> mention it, you probably didn't do that either).
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120523/71c6bbea/attachment-0001.html>

More information about the Freeradius-Users mailing list