Dear Gonzalez, Pedro,
--Tuesday, June 4, 2002, 4:27:00 PM, you wrote to [EMAIL PROTECTED]:
GP> 3APA3A
GP> I had mschap in the authentication {} section. I did not have mschap in
GP> authorize {} section though. From your recomendation you are saying that if
GP> I have clear text passwords I have to enable mschap in authorize {} section?
GP> and if I want to use encrypted passwords I don't?
Yes, mschap in authorize{} may be required for one of 2 purposes:
1. Convert cleartext password to NT/LM passwords
2. Autodetect MS-CHAP authentication (in a case user allowed to use
different authentication type).
GP> The point is I am using encrypted password for most of my users. I was
GP> testing this one that is clear text password but I am converting all my
GP> users to encrypted password so they feel better about their privacy.
GP> I'll do the testing this afternoon.
GP> Thanks
GP> Pedro
>> -----Original Message-----
>> From: 3APA3A [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, June 04, 2002 4:12 AM
>> To: Gonzalez, Pedro
>> Subject: Re: PPTP
>>
>>
>> Dear Gonzalez, Pedro,
>>
>> Add mschap to authorize{} section (if you store cleartext
>> password) and
>> to authenticate{} section, set Auth-Type to MS-CHAP instead
>> of Local or
>> add authtype = MS-CHAP to mschap module configuration.
>>
>> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
>> [EMAIL PROTECTED]:
>>
>> GP> Could you tell me how to activate MS-CHAP authentication?
>>
>> GP> This is the request:
>>
>> GP> rad_recv: Access-Request packet from host
>> 10.16.3.98:1331, id=11, length=154
>> GP> User-Name = "shicks"
>> GP> NAS-Port = 3753
>> GP> Service-Type = Framed-User
>> GP> Framed-Protocol = PPP
>> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
>> GP> MS-CHAP-Challenge = 0x425bf34f5b693a8420d8416da4c333d6
>> GP> MS-CHAP2-Response =
>> GP>
>> 0x020087aa098db1d035629ac54738288a0fef00000000000000009b2efc6e
>> c56f127ec72e10
>> GP> 5a50c3c706c899c3d133c8d5db
>> GP> NAS-IP-Address = 10.16.3.98
>> GP> NAS-Port-Type = Virtual.....
>>
>> GP> This is the result:
>>
>> GP> ....
>> GP> rlm_sql: Released sql socket id: 4
>> GP> rlm_sql_authorize: no rows returned from query (no such user)
>> GP> modcall[authorize]: module "sql" returns ok
>> GP> modcall: group authorize returns ok
>> GP> rad_check_password: Found Auth-Type Local
>> GP> auth: type Local
>> GP> auth: No User-Password or CHAP-Password attribute in the request
>> GP> auth: Failed to validate the user.
>>
>> GP> These are user's attributes
>>
>> GP> +-----+----------+-------------------+-----------+------+
>> GP> | id | UserName | Attribute | Value | op |
>> GP> +-----+----------+-------------------+-----------+------+
>> GP> | 727 | shicks | MS-CHAP-Challenge | password | := |
>> GP> | 728 | shicks | Auth-Type | Local | := |
>> GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := |
>> GP> +-----+----------+-------------------+-----------+------+
>>
>> GP> Thanks
>> GP> Pedro
>>
>>
>> --
>> ~/ZARAZA
>> ����, � ���� ������. (����)
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
GP> -
GP> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
������ �������� ���������� ����������. (���)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
