Dear 3APA3A, What's the dictionary's attribute entry for Auth-Type MS-CHAP?
Thanks Pedro > -----Original Message----- > From: 3APA3A [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 7:42 AM > To: Gonzalez, Pedro > Subject: Re[2]: PPTP > > > Dear Gonzalez, Pedro, > > > --Tuesday, June 4, 2002, 4:27:00 PM, you wrote to > [EMAIL PROTECTED]: > > GP> 3APA3A > > GP> I had mschap in the authentication {} section. I did not > have mschap in > GP> authorize {} section though. From your recomendation you > are saying that if > GP> I have clear text passwords I have to enable mschap in > authorize {} section? > GP> and if I want to use encrypted passwords I don't? > > Yes, mschap in authorize{} may be required for one of 2 purposes: > > 1. Convert cleartext password to NT/LM passwords > 2. Autodetect MS-CHAP authentication (in a case user > allowed to use > different authentication type). > > GP> The point is I am using encrypted password for most of my > users. I was > GP> testing this one that is clear text password but I am > converting all my > GP> users to encrypted password so they feel better about > their privacy. > > GP> I'll do the testing this afternoon. > > GP> Thanks > GP> Pedro > > >> -----Original Message----- > >> From: 3APA3A [mailto:[EMAIL PROTECTED]] > >> Sent: Tuesday, June 04, 2002 4:12 AM > >> To: Gonzalez, Pedro > >> Subject: Re: PPTP > >> > >> > >> Dear Gonzalez, Pedro, > >> > >> Add mschap to authorize{} section (if you store cleartext > >> password) and > >> to authenticate{} section, set Auth-Type to MS-CHAP instead > >> of Local or > >> add authtype = MS-CHAP to mschap module configuration. > >> > >> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to > >> [EMAIL PROTECTED]: > >> > >> GP> Could you tell me how to activate MS-CHAP authentication? > >> > >> GP> This is the request: > >> > >> GP> rad_recv: Access-Request packet from host > >> 10.16.3.98:1331, id=11, length=154 > >> GP> User-Name = "shicks" > >> GP> NAS-Port = 3753 > >> GP> Service-Type = Framed-User > >> GP> Framed-Protocol = PPP > >> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39" > >> GP> MS-CHAP-Challenge = 0x425bf34f5b693a8420d8416da4c333d6 > >> GP> MS-CHAP2-Response = > >> GP> > >> 0x020087aa098db1d035629ac54738288a0fef00000000000000009b2efc6e > >> c56f127ec72e10 > >> GP> 5a50c3c706c899c3d133c8d5db > >> GP> NAS-IP-Address = 10.16.3.98 > >> GP> NAS-Port-Type = Virtual..... > >> > >> GP> This is the result: > >> > >> GP> .... > >> GP> rlm_sql: Released sql socket id: 4 > >> GP> rlm_sql_authorize: no rows returned from query (no such user) > >> GP> modcall[authorize]: module "sql" returns ok > >> GP> modcall: group authorize returns ok > >> GP> rad_check_password: Found Auth-Type Local > >> GP> auth: type Local > >> GP> auth: No User-Password or CHAP-Password attribute in > the request > >> GP> auth: Failed to validate the user. > >> > >> GP> These are user's attributes > >> > >> GP> +-----+----------+-------------------+-----------+------+ > >> GP> | id | UserName | Attribute | Value | op | > >> GP> +-----+----------+-------------------+-----------+------+ > >> GP> | 727 | shicks | MS-CHAP-Challenge | password | := | > >> GP> | 728 | shicks | Auth-Type | Local | := | > >> GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := | > >> GP> +-----+----------+-------------------+-----------+------+ > >> > >> GP> Thanks > >> GP> Pedro > >> > >> > >> -- > >> ~/ZARAZA > >> ����, � ���� ������. (����) > >> > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > > GP> - > GP> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- > ~/ZARAZA > ������ �������� ���������� ����������. (���) > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
