Request password missing or cleartext password not found

carl leopold carlbright772 at gmail.com
Fri Dec 12 01:21:25 CET 2014 

Hi,

I am new to freeradius and am trying to setup freeradius 2.1.12 with mysql
used by strongswan. Strongswan is talking to freeradius using eap-radius
using Ikev2.

I have been able to get Strongswan Ikev1 working talking to
freeradius/mysql using eap-Xauth. But i cant get it to work with Ikev2 and
eap-radius.

In my database table radcheck i have:

| id | username | attribute          | op | value    |
+----+----------+--------------------+----+----------+
|  1 | darwin   | Password           | == | mypass   |
|  3 | frodo    | Password           | == | baggins  |
|  4 | carl     | Cleartext-Password | := | connect1 |

I am using username 'carl' and have changed the DB attribute from Password
to Cleartext-Password and updated the op to := from == but this did not
make any difference.

I am finding that i get these errors and authentication fails. More
detailed logs are further below.

Logs:

[pap] No clear-text password in the request.  Not performing PAP.
++[pap] returns noop
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.

Is it possible either the password is not being passed in as its not show
in the logs ?

I looked in my config files and dont see any Auth-Type=Local

I am not sure what to do next. Advice is much needed.

Many Thanks
Carl

My config :

authorize {
        filter_username
preprocess
auth_log
chap
mschap
digest
suffix
eap {
                ok = return
        }
files
sql
expiration
        logintime
pap
}

authenticate {
        Auth-Type PAP {
                pap
        }

        Auth-Type CHAP {
                chap
        }

        Auth-Type MS-CHAP {
                mschap
        }

        digest

#       pam
        unix
eap
}

preacct {
        preprocess

        acct_unique

        suffix

        files
}

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 44311, id=219,
length=133
User-Name = "carl"
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-Port = 6
NAS-Port-Id = "win7"
NAS-IP-Address = 178.62.119.121
Called-Station-Id = "178.62.119.121[4500]"
Calling-Station-Id = "191.101.55.203[4500]"
NAS-Identifier = "strongSwan"
Message-Authenticator = 0xcf65b96f46f3e40a5066f6f4111c48fa
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]  expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20141211
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20141211
[auth_log]  expand: %t -> Thu Dec 11 18:35:52 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "carl", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry carl at line 1
++[files] returns ok
[sql]  expand: %{User-Name} -> carl
[sql] sql_set_user escaped user --> 'carl'
rlm_sql (sql): Reserving sql socket id: 4
[sql]  expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'carl'           ORDER BY id
[sql] User found in radcheck table
[sql]  expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radreply
      WHERE username = 'carl'           ORDER BY id
[sql]  expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'carl'
      ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] No clear-text password in the request.  Not performing PAP.
++[pap] returns noop
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No User-Password or CHAP-Password attribute in the request.
Cannot perform authentication.
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]  expand: %{User-Name} -> carl
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 219 to 127.0.0.1 port 44311
Waking up in 4.9 seconds.
Cleaning up request 0 ID 219 with timestamp +3
Ready to process requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141212/5a8bd233/attachment.html>

More information about the Freeradius-Users mailing list