pap always returns noop for windows dialup authentication
paul trader
fliptop at igolinux.com
Mon Sep 23 19:19:04 CEST 2013
eOn Mon, 23 Sep 2013 at 17:52, Phil Mayers opined:
PM:It's difficult to say, because the debug you sent has all the useful
PM:bits trimmed out - like the original packet, and the full module
PM:processing chain.
hi phil - ok, here's the full debug for a successful request:
rad_recv: Access-Request packet from host x.x.x.x port 1812, id=37,
length=133
User-Name = "test"
User-Password = "testing"
User-Password = "testing"
NAS-IP-Address = x.x.x.x
NAS-Identifier = "x.x.x.x"
NAS-Port = 2561
Acct-Session-Id = "167773864"
Service-Type = Login-User
Calling-Station-Id = "xxxxxxxxxx"
Called-Station-Id = "xxxxxxx"
NAS-Port-Type = Async
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry test at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testing"
[pap] Using clear text password "testing"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 37 to x.x.x.x port 1812
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 37 with timestamp +676
and here's the full output of a failed request:
Ready to process requests.
rad_recv: Access-Request packet from host x.x.x.x port 1812, id=35,
length=121
User-Name = "test"
User-Password = "testing"
NAS-IP-Address = x.x.x.x
NAS-Identifier = "x.x.x.x"
NAS-Port = 2561
Acct-Session-Id = "167773862"
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "xxxxxxxxxx"
Called-Station-Id = "xxxxxxx"
NAS-Port-Type = Async
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 35 to 64.214.93.3 port 1812
Waking up in 4.9 seconds.
Cleaning up request 0 ID 35 with timestamp +361
from what i can see, the successful request finds the user's entry in the
user table, but the failed request doesn't (and uses DEFAULT instead).
but the usernames passed in seem to be the same. i don't know, we've used
freeradius for years and this is the 1st time i'm having a problem.
weird.
regards, paul
More information about the Freeradius-Users
mailing list