NatureHi,
I got freeradius-0.4 installed on linux. And tried to make pptp user login
authenticate by the radius server. When using chap protocol, everything
works great, execept mschap failed. So I wrote a test program sending
MS-CHAP or
MS-CHAPv2 request to radius server. It looks like I miss something in the
server conf file. But I don't know what it is.
First, in radiusd.conf, in the 'modules' section, added mschap like any
other any other module.
modules{..
mschap {
authtype = MS-CHAP
}
}
authorize{
...
files
mschap
}
authenticate{
unix
mschap
}
Then, in my 'users' file, I added:
tester Auth-Type := MS-CHAP, Password == test
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.100.21,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
Reply-Message = "Hello, carol"
According to the error msg "module mschap returns invalid", I traced into
the "rlm_mschap.c". It failed to find a password in the function
"mschap_authenticate". Can anybody tell me how to make radius server support
MS-CHAP. Thank you in advance.
After started radiusd -X, I got the following msg
....
HASH: Stored 33 entries from /etc/passwd
HASH: Stored 36 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded MS-CHAP
mschap: ignore_password = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
Here is the result after I ran the test program to send an MS-CHAPv2
request:
rad_recv: Access-Request packet from host 127.0.0.1:1052, id=246, length=86
User-Name = "tester"
MS-CHAP2-Response =
0x01010100000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched tester at 83
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
modcall[authenticate]: module "mschap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Sending Access-Reject of id 246 to 127.0.0.1:1052
Reply-Message = "Hello, carol"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 246 with timestamp 3c841148
Nothing to do. Sleeping until we see a request.
carol
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
