This is what I have now. Still not working but I think we have made some
progress.
rad_recv: Access-Request packet from host 10.16.3.98:1331, id=16, length=145
User-Name = "pptp"
NAS-Port = 3789
Service-Type = Framed-User
Framed-Protocol = PPP
Tunnel-Client-Endpoint:0 = "64.218.189.47"
MS-CHAP-Response =
0x0201000000000000000000000000000000000000000000000000194aab92ae3a1eaa9e281a
9640a207ec802943af2ade44f8
MS-CHAP-Challenge = 0xa91b47b2c20a4b44
NAS-IP-Address = 10.16.3.98
NAS-Port-Type = Virtual
......
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall[authorize]: module "mschap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
modcall[authenticate]: module "mschap" returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
Database:
mysql> select * from radcheck where username = 'pptp';
+-----+----------+-----------+---------------+------+
| id | UserName | Attribute | Value | op |
+-----+----------+-----------+---------------+------+
| 730 | pptp | Password | ctBFfcBOu1j4g | := |
+-----+----------+-----------+---------------+------+
1 row in set (0.00 sec)
mysql> select * from radgroupcheck where groupname = 'pptp';
+----+-----------+-------------------+-------------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+-------------------+-------------+------+
| 21 | pptp | Auth-Type | MS-CHAP | := |
| 22 | pptp | Framed-Protocol | PPP | := |
| 23 | pptp | Service-Type | Framed-User | := |
| 24 | pptp | MS-Acct-Auth-Type | MS-CHAP-2 | := |
+----+-----------+-------------------+-------------+------+
4 rows in set (0.00 sec)
> -----Original Message-----
> From: Gonzalez, Pedro [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 9:13 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Re[2]: PPTP
>
>
> Dear 3APA3A,
>
> What's the dictionary's attribute entry for Auth-Type MS-CHAP?
>
> Thanks
> Pedro
>
> > -----Original Message-----
> > From: 3APA3A [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, June 04, 2002 7:42 AM
> > To: Gonzalez, Pedro
> > Subject: Re[2]: PPTP
> >
> >
> > Dear Gonzalez, Pedro,
> >
> >
> > --Tuesday, June 4, 2002, 4:27:00 PM, you wrote to
> > [EMAIL PROTECTED]:
> >
> > GP> 3APA3A
> >
> > GP> I had mschap in the authentication {} section. I did not
> > have mschap in
> > GP> authorize {} section though. From your recomendation you
> > are saying that if
> > GP> I have clear text passwords I have to enable mschap in
> > authorize {} section?
> > GP> and if I want to use encrypted passwords I don't?
> >
> > Yes, mschap in authorize{} may be required for one of 2 purposes:
> >
> > 1. Convert cleartext password to NT/LM passwords
> > 2. Autodetect MS-CHAP authentication (in a case user
> > allowed to use
> > different authentication type).
> >
> > GP> The point is I am using encrypted password for most of my
> > users. I was
> > GP> testing this one that is clear text password but I am
> > converting all my
> > GP> users to encrypted password so they feel better about
> > their privacy.
> >
> > GP> I'll do the testing this afternoon.
> >
> > GP> Thanks
> > GP> Pedro
> >
> > >> -----Original Message-----
> > >> From: 3APA3A [mailto:[EMAIL PROTECTED]]
> > >> Sent: Tuesday, June 04, 2002 4:12 AM
> > >> To: Gonzalez, Pedro
> > >> Subject: Re: PPTP
> > >>
> > >>
> > >> Dear Gonzalez, Pedro,
> > >>
> > >> Add mschap to authorize{} section (if you store cleartext
> > >> password) and
> > >> to authenticate{} section, set Auth-Type to MS-CHAP instead
> > >> of Local or
> > >> add authtype = MS-CHAP to mschap module configuration.
> > >>
> > >> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
> > >> [EMAIL PROTECTED]:
> > >>
> > >> GP> Could you tell me how to activate MS-CHAP authentication?
> > >>
> > >> GP> This is the request:
> > >>
> > >> GP> rad_recv: Access-Request packet from host
> > >> 10.16.3.98:1331, id=11, length=154
> > >> GP> User-Name = "shicks"
> > >> GP> NAS-Port = 3753
> > >> GP> Service-Type = Framed-User
> > >> GP> Framed-Protocol = PPP
> > >> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
> > >> GP> MS-CHAP-Challenge =
> 0x425bf34f5b693a8420d8416da4c333d6
> > >> GP> MS-CHAP2-Response =
> > >> GP>
> > >> 0x020087aa098db1d035629ac54738288a0fef00000000000000009b2efc6e
> > >> c56f127ec72e10
> > >> GP> 5a50c3c706c899c3d133c8d5db
> > >> GP> NAS-IP-Address = 10.16.3.98
> > >> GP> NAS-Port-Type = Virtual.....
> > >>
> > >> GP> This is the result:
> > >>
> > >> GP> ....
> > >> GP> rlm_sql: Released sql socket id: 4
> > >> GP> rlm_sql_authorize: no rows returned from query (no such user)
> > >> GP> modcall[authorize]: module "sql" returns ok
> > >> GP> modcall: group authorize returns ok
> > >> GP> rad_check_password: Found Auth-Type Local
> > >> GP> auth: type Local
> > >> GP> auth: No User-Password or CHAP-Password attribute in
> > the request
> > >> GP> auth: Failed to validate the user.
> > >>
> > >> GP> These are user's attributes
> > >>
> > >> GP> +-----+----------+-------------------+-----------+------+
> > >> GP> | id | UserName | Attribute | Value | op |
> > >> GP> +-----+----------+-------------------+-----------+------+
> > >> GP> | 727 | shicks | MS-CHAP-Challenge | password | := |
> > >> GP> | 728 | shicks | Auth-Type | Local | := |
> > >> GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := |
> > >> GP> +-----+----------+-------------------+-----------+------+
> > >>
> > >> GP> Thanks
> > >> GP> Pedro
> > >>
> > >>
> > >> --
> > >> ~/ZARAZA
> > >> ����, � ���� ������. (����)
> > >>
> > >>
> > >> -
> > >> List info/subscribe/unsubscribe? See
> > >> http://www.freeradius.org/list/users.html
> > >>
> >
> > GP> -
> > GP> List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > --
> > ~/ZARAZA
> > ������ �������� ���������� ����������. (���)
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
