CHAP auth failure
Strong, Mark
mstrong at tnsi.com
Wed Jun 5 09:38:15 CEST 2013
Guys,
Having a problem with CHAP and freeradius (PAP works ok, and I'm using clear text passwords, I have this in the check table "Cleartext-Password := password").
I get this in the debug
[chap] login attempt by "xxxxxxxxxx" with CHAP password
[chap] Using clear text password "password" for user xxxxxxxxxx authentication.
[chap] Password check failed
I've tried with radtest using type chap, and it works fine, I'm thinking there's a problem with the access-request (but I don't control that end, it's a large Telco in AU).
My radius box is a CentOS box with freeradius2-2.1.12-5.el5 installed.
What I want to know is, do I have enough attributes in this access-request for CHAP to work?
User-Name = "xxxxxxxxxx"
CHAP-Password = 0x01345dcc75b35990d8b99bb0d0b0be3593
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 1821857408
Service-Type = Framed-User
Framed-Protocol = GPRS-PDP-Context
3GPP-IMSI = "50501xxxxxxxxxx"
3GPP-PDP-Type = 0
3GPP-GGSN-Address = xxx.xxx.xxx.xxx
3GPP-NSAPI = "5"
Called-Station-Id = "apn"
Calling-Station-Id = "xxxxxxxxxx"
NAS-Identifier = "SFL9"
Acct-Session-Id = "0A380612[]xxxxxxxxxxxxxxxx"
NAS-Port-Type = Virtual
I don't see one of these "CHAP-Challenge" from the NAS
I'm not sure what pieces freeradius needs to munge together to come up with the same password hash that rolls in from the Telco.
I didn't post the full debug just so I didn't have to redact so much. If this access request turns out to be ok, I can post the full debug.
Mark.
More information about the Freeradius-Users
mailing list