I'm assisting a local school to add an SMC EliteConnect to an existing
Freeradius system. This school has used Freeradius for uears but this
seems to be the first time they've needed MS-CHAP.
Before posting this we spent several hours going over the configuration,
documentation and the archives of the mailing list.
Perhaps we have overlooked something in the wee hours trying to make this
work. Pehaps someone with some fresh eyes could be of assistance. Let me
know if there is any other information needed.
Thank you, Configs and dump below:
------------------------
Applicable parts of the config:
mschap {
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
}
authorize {
mschap
}
authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
authtype MS-CHAP {
mschap
}
}
preacct {
preprocess
suffix
files
}
------------------------
Test user file:
test11 Auth-Type := Local, User-Password := "test"
test12 Auth-Type := MS-CHAP, User-Password := "test"
------------------------
Radius dump:
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread 1 handling request 0, (1 handled so far)
User-Name = "test12"
MS-CHAP-Challenge = 0x6227301276f8a2625c5e1b17f5cf8c4b
MS-CHAP2-Response =
0x00005e2f83723e193f82d54c210d15bab67400000000000000004a1ee29726edf3a348188e0d4c5c4a59c6542ff9637ec90d
rad_lowerpair: User-Name now 'test12'
rad_rmspace_pair: User-Name now 'test12'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
users: Matched test12 at 1075
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authtype
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: Authentication failed
rlm_mschap: Nothing in the packet I recognise: Rejecting the user
modcall[authenticate]: module "mschap" returns reject
modcall: group authtype returns reject
auth: Failed to validate the user.
Login incorrect: [test12] (from client smc port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Sending Access-Reject of id 56 to 192.168.16.3:1102
MS-CHAP-Error = "\000E=691 R=1"
Waking up in 1 seconds...
Error receiving packet: Connection refused
rl_next: returning NULL
Cleaning up request 0 ID 56 with timestamp 3e3b09ec
Waking up in 1 seconds...
--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.16.3:1103, id=57, length=108
Thread 2 assigned request 1
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread 2 handling request 1, (1 handled so far)
User-Name = "test"
MS-CHAP-Challenge = 0x2d5f1b2d90c48f6a10ba7ad82f35f112
MS-CHAP2-Response =
0x00000d7a82815a89d94839f84769a5cc0248000000000000000017d8f0d9859c2a026da1aff4d70347ba910af0c109f932c5
rad_lowerpair: User-Name now 'test'
rad_rmspace_pair: User-Name now 'test'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "files" returns notfound
modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [test] (from client smc port 0)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Sending Access-Reject of id 57 to 192.168.16.3:1103
MS-CHAP-Error = "\000E=691 R=1"
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 57 with timestamp 3e3b0a2a
Nothing to do. Sleeping until we see a request.
jethro:/usr/local/etc/raddb#
Script done on Fri Jan 31 15:44:55 2003
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
