I'm assisting a local school to add an SMC EliteConnect to an existing Freeradius system. This school has used Freeradius for uears but this seems to be the first time they've needed MS-CHAP.
Before posting this we spent several hours going over the configuration, documentation and the archives of the mailing list. Perhaps we have overlooked something in the wee hours trying to make this work. Pehaps someone with some fresh eyes could be of assistance. Let me know if there is any other information needed. Thank you, Configs and dump below: ------------------------ Applicable parts of the config: mschap { authtype = MS-CHAP use_mppe = yes require_encryption = yes } authorize { mschap } authenticate { authtype PAP { pap } authtype CHAP { chap } authtype MS-CHAP { mschap } } preacct { preprocess suffix files } ------------------------ Test user file: test11 Auth-Type := Local, User-Password := "test" test12 Auth-Type := MS-CHAP, User-Password := "test" ------------------------ Radius dump: --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) User-Name = "test12" MS-CHAP-Challenge = 0x6227301276f8a2625c5e1b17f5cf8c4b MS-CHAP2-Response = 0x00005e2f83723e193f82d54c210d15bab67400000000000000004a1ee29726edf3a348188e0d4c5c4a59c6542ff9637ec90d rad_lowerpair: User-Name now 'test12' rad_rmspace_pair: User-Name now 'test12' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop users: Matched test12 at 1075 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group authtype rlm_mschap: doing MS-CHAPv2 with NT-Password rlm_mschap: Authentication failed rlm_mschap: Nothing in the packet I recognise: Rejecting the user modcall[authenticate]: module "mschap" returns reject modcall: group authtype returns reject auth: Failed to validate the user. Login incorrect: [test12] (from client smc port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Sending Access-Reject of id 56 to 192.168.16.3:1102 MS-CHAP-Error = "\000E=691 R=1" Waking up in 1 seconds... Error receiving packet: Connection refused rl_next: returning NULL Cleaning up request 0 ID 56 with timestamp 3e3b09ec Waking up in 1 seconds... --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.16.3:1103, id=57, length=108 Thread 2 assigned request 1 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 2 handling request 1, (1 handled so far) User-Name = "test" MS-CHAP-Challenge = 0x2d5f1b2d90c48f6a10ba7ad82f35f112 MS-CHAP2-Response = 0x00000d7a82815a89d94839f84769a5cc0248000000000000000017d8f0d9859c2a026da1aff4d70347ba910af0c109f932c5 rad_lowerpair: User-Name now 'test' rad_rmspace_pair: User-Name now 'test' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "files" returns notfound modcall[authorize]: module "mschap" returns notfound modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [test] (from client smc port 0) Delaying request 1 for 1 seconds Finished request 1 Going to the next request Thread 2 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Sending Access-Reject of id 57 to 192.168.16.3:1103 MS-CHAP-Error = "\000E=691 R=1" Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 57 with timestamp 3e3b0a2a Nothing to do. Sleeping until we see a request. jethro:/usr/local/etc/raddb# Script done on Fri Jan 31 15:44:55 2003 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html