mschap

[Alan DeKok]

On Feb 7, 2025, at 7:44 PM, Alan Batie <alan at batie.org> wrote:
> 
> I'm migrating an outdated system from centos 5/freeradius 1.1.7

  Oh boy, that is decades old.

> to ubuntu 24/freeradius 3.2.5; it authenticates ppp connections via mschap by mac address with an sql procedure call. It doesn't look like there's anything to configure in mschap, the old system has all the mschap stuff commented out by default and so does the new system, but mschap is failing and it looks like it's not even getting to the sql part. It really just needs to ignore the mschap since the only part of it getting used is one of a few static usernames. I can send the full debug output privately if need be...

  The debug log doesn't show it running sql, or getting the "known good' password from anywhere.

  Where are the static usernames defined?

> ...
> (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/peak
> (0)   authorize {
> (0)     [preprocess] = ok
> (0) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
> ...
> (0)     [auth_log] = ok
> (0)     [chap] = noop
> (0) mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
> (0)     [mschap] = fail
> (0)   } # authorize = fail

  OK, it runs preprocess, auth_log, chap, and mschap.  Where is it getting the usernames / passwords from?

  The default configuration has it run the "files" module, and possibly even "sql".  All of that has been deleted.

  Alan DeKok.