CHAP auth failure

Strong, Mark mstrong at
Wed Jun 5 09:38:15 CEST 2013

	Having a problem with CHAP and freeradius (PAP works ok, and I'm using clear text passwords, I have this in the check table "Cleartext-Password  :=  password").

I get this in the debug

[chap] login attempt by "xxxxxxxxxx" with CHAP password
[chap] Using clear text password "password" for user xxxxxxxxxx authentication.
[chap] Password check failed

I've tried with radtest using type chap, and it works fine, I'm thinking there's a problem with the access-request (but I don't control that end, it's a large Telco in AU).

My radius box is a CentOS box with freeradius2-2.1.12-5.el5 installed.

What I want to know is, do I have enough attributes in this access-request for CHAP to work?

	User-Name = "xxxxxxxxxx"
	CHAP-Password = 0x01345dcc75b35990d8b99bb0d0b0be3593
	NAS-IP-Address =
	NAS-Port = 1821857408
	Service-Type = Framed-User
	Framed-Protocol = GPRS-PDP-Context
	3GPP-IMSI = "50501xxxxxxxxxx"
	3GPP-PDP-Type = 0
	3GPP-GGSN-Address =
	3GPP-NSAPI = "5"
	Called-Station-Id = "apn"
	Calling-Station-Id = "xxxxxxxxxx"
	NAS-Identifier = "SFL9"
	Acct-Session-Id = "0A380612[]xxxxxxxxxxxxxxxx"
	NAS-Port-Type = Virtual

I don't see one of these "CHAP-Challenge" from the NAS

I'm not sure what pieces freeradius needs to munge together to come up with the same password hash that rolls in from the Telco.

I didn't post the full debug just so I didn't have to redact so much.  If this access request turns out to be ok, I can post the full debug.


More information about the Freeradius-Users mailing list