Re: Freeradius as Proxy and CHAP-Authentication

Wed, 20 Mar 2002 11:58:13 -0800 

On 18 Mar 02, at 11:20, Alan DeKok wrote:

> "Bernd Sontheimer" <[EMAIL PROTECTED]> wrote:
> > i'm using freeradius as a radiusd-proxy with NAS which are 
> > PAP/CHAP enabled. All works well as long as the authentication is 
> > tried by using PAP. With CHAP it is refused all the times. If i 
> > remove the proxy in between, CHAP-Authentication succeeds, so 
> > the problem should have to do with freeradius.
...
>   No.  CHAP should work fine.

It still doesn't work. As i told if i remove the proxy in between it 
works, and with the proxy it works also, as long as i use pap.

Here an extract of the log:

rad_recv: Access-Request packet from host 195.245.1.20:1025, 
id=207, length=109
        User-Name = "bsd"
        CHAP-Password = 
"\001%\261\337V3C\201\200z\230\376\323b\222\271\357"
        NAS-IP-Address = 195.245.1.20
        NAS-Port = 10118
        NAS-Port-Type = Sync
        Service-Type = Framed-User
        Framed-Protocol = PPP
        State = 0x
        Calling-Station-Id = "7361938190"
        Called-Station-Id = "480070"
        Acct-Session-Id = "372012637"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  rlm_realm: Proxying request from user bsd to realm NULL
  modcall[authorize]: module "suffix" returns updated
  modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
Sending Access-Request of id 1 to 194.88.160.4:7002
        User-Name = "bsd"
        CHAP-Password = 
"\001%\261\337V3C\201\200z\230\376\323b\222\271\357"
        NAS-IP-Address = 195.245.1.20
        NAS-Port = 17
        NAS-Port-Type = Sync
        Service-Type = Framed-User
        Framed-Protocol = PPP
        State = 0x
        Calling-Station-Id = "7361938190"
        Called-Station-Id = "480070"
        Acct-Session-Id = "372012637"
        Proxy-State = "207"
        CHAP-Challenge = 
"\203\270\245\364\r\212\372/\247\212X\277\006_\215\031"
        CHAP-Challenge = 
"\203\270\245\364\r\212\372/\247\212X\277\006_\215\031"
--- Walking the entire request list ---
Waking up in 8 seconds...
rad_recv: Access-Reject packet from host 194.88.160.4:7002, 
id=1, length=20
Home server says invalid user: [bsd/<CHAP-Password>] (from nas 
max60 port 17 cli
Home server says invalid user: [bsd/<CHAP-Password>] (from nas 
max60 port 17 cli
 7361938190)
Sending Access-Reject of id 207 to 195.245.1.20:1025

I'm using FreeRadius 0.4, but i also tried 0.5 without success. Any 
more ideas?

Thanks and regards,


Bernd

____________________________________________________________
Bernd Sontheimer                       phone  +49 7361 93810
Sontheimer Datentechnik GmbH           fax   +49 7361 938181
Ulmer Str. 130                       e-Mail [EMAIL PROTECTED]
73431 Aalen, Germany                      http://www.sdt.net

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to