Dear Gonzalez, Pedro,
You have Password attribute configures for user. It means you need to
have mschap in authorize{}. You have to configure NT-Password and
LM-Password if you want to use MS-crypted passwords.
--Tuesday, June 4, 2002, 6:53:01 PM, you wrote to [EMAIL PROTECTED]:
GP> This is what I have now. Still not working but I think we have made some
GP> progress.
GP> rad_recv: Access-Request packet from host 10.16.3.98:1331, id=16, length=145
GP> User-Name = "pptp"
GP> NAS-Port = 3789
GP> Service-Type = Framed-User
GP> Framed-Protocol = PPP
GP> Tunnel-Client-Endpoint:0 = "64.218.189.47"
GP> MS-CHAP-Response =
GP> 0x0201000000000000000000000000000000000000000000000000194aab92ae3a1eaa9e281a
GP> 9640a207ec802943af2ade44f8
GP> MS-CHAP-Challenge = 0xa91b47b2c20a4b44
GP> NAS-IP-Address = 10.16.3.98
GP> NAS-Port-Type = Virtual
GP> ......
GP> rlm_sql: Released sql socket id: 4
GP> modcall[authorize]: module "sql" returns ok
GP> modcall[authorize]: module "mschap" returns ok
GP> modcall: group authorize returns ok
GP> rad_check_password: Found Auth-Type MS-CHAP
GP> auth: type "MS-CHAP"
GP> modcall: entering group authenticate
GP> modcall[authenticate]: module "mschap" returns reject
GP> modcall: group authenticate returns reject
GP> auth: Failed to validate the user.
GP> Database:
GP> mysql> select * from radcheck where username = 'pptp';
GP> +-----+----------+-----------+---------------+------+
GP> | id | UserName | Attribute | Value | op |
GP> +-----+----------+-----------+---------------+------+
GP> | 730 | pptp | Password | ctBFfcBOu1j4g | := |
GP> +-----+----------+-----------+---------------+------+
GP> 1 row in set (0.00 sec)
GP> mysql> select * from radgroupcheck where groupname = 'pptp';
GP> +----+-----------+-------------------+-------------+------+
GP> | id | GroupName | Attribute | Value | op |
GP> +----+-----------+-------------------+-------------+------+
GP> | 21 | pptp | Auth-Type | MS-CHAP | := |
GP> | 22 | pptp | Framed-Protocol | PPP | := |
GP> | 23 | pptp | Service-Type | Framed-User | := |
GP> | 24 | pptp | MS-Acct-Auth-Type | MS-CHAP-2 | := |
GP> +----+-----------+-------------------+-------------+------+
GP> 4 rows in set (0.00 sec)
>> -----Original Message-----
>> From: Gonzalez, Pedro [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, June 04, 2002 9:13 AM
>> To: '[EMAIL PROTECTED]'
>> Subject: RE: Re[2]: PPTP
>>
>>
>> Dear 3APA3A,
>>
>> What's the dictionary's attribute entry for Auth-Type MS-CHAP?
>>
>> Thanks
>> Pedro
>>
>> > -----Original Message-----
>> > From: 3APA3A [mailto:[EMAIL PROTECTED]]
>> > Sent: Tuesday, June 04, 2002 7:42 AM
>> > To: Gonzalez, Pedro
>> > Subject: Re[2]: PPTP
>> >
>> >
>> > Dear Gonzalez, Pedro,
>> >
>> >
>> > --Tuesday, June 4, 2002, 4:27:00 PM, you wrote to
>> > [EMAIL PROTECTED]:
>> >
>> > GP> 3APA3A
>> >
>> > GP> I had mschap in the authentication {} section. I did not
>> > have mschap in
>> > GP> authorize {} section though. From your recomendation you
>> > are saying that if
>> > GP> I have clear text passwords I have to enable mschap in
>> > authorize {} section?
>> > GP> and if I want to use encrypted passwords I don't?
>> >
>> > Yes, mschap in authorize{} may be required for one of 2 purposes:
>> >
>> > 1. Convert cleartext password to NT/LM passwords
>> > 2. Autodetect MS-CHAP authentication (in a case user
>> > allowed to use
>> > different authentication type).
>> >
>> > GP> The point is I am using encrypted password for most of my
>> > users. I was
>> > GP> testing this one that is clear text password but I am
>> > converting all my
>> > GP> users to encrypted password so they feel better about
>> > their privacy.
>> >
>> > GP> I'll do the testing this afternoon.
>> >
>> > GP> Thanks
>> > GP> Pedro
>> >
>> > >> -----Original Message-----
>> > >> From: 3APA3A [mailto:[EMAIL PROTECTED]]
>> > >> Sent: Tuesday, June 04, 2002 4:12 AM
>> > >> To: Gonzalez, Pedro
>> > >> Subject: Re: PPTP
>> > >>
>> > >>
>> > >> Dear Gonzalez, Pedro,
>> > >>
>> > >> Add mschap to authorize{} section (if you store cleartext
>> > >> password) and
>> > >> to authenticate{} section, set Auth-Type to MS-CHAP instead
>> > >> of Local or
>> > >> add authtype = MS-CHAP to mschap module configuration.
>> > >>
>> > >> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
>> > >> [EMAIL PROTECTED]:
>> > >>
>> > >> GP> Could you tell me how to activate MS-CHAP authentication?
>> > >>
>> > >> GP> This is the request:
>> > >>
>> > >> GP> rad_recv: Access-Request packet from host
>> > >> 10.16.3.98:1331, id=11, length=154
>> > >> GP> User-Name = "shicks"
>> > >> GP> NAS-Port = 3753
>> > >> GP> Service-Type = Framed-User
>> > >> GP> Framed-Protocol = PPP
>> > >> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
>> > >> GP> MS-CHAP-Challenge =
>> 0x425bf34f5b693a8420d8416da4c333d6
>> > >> GP> MS-CHAP2-Response =
>> > >> GP>
>> > >> 0x020087aa098db1d035629ac54738288a0fef00000000000000009b2efc6e
>> > >> c56f127ec72e10
>> > >> GP> 5a50c3c706c899c3d133c8d5db
>> > >> GP> NAS-IP-Address = 10.16.3.98
>> > >> GP> NAS-Port-Type = Virtual.....
>> > >>
>> > >> GP> This is the result:
>> > >>
>> > >> GP> ....
>> > >> GP> rlm_sql: Released sql socket id: 4
>> > >> GP> rlm_sql_authorize: no rows returned from query (no such user)
>> > >> GP> modcall[authorize]: module "sql" returns ok
>> > >> GP> modcall: group authorize returns ok
>> > >> GP> rad_check_password: Found Auth-Type Local
>> > >> GP> auth: type Local
>> > >> GP> auth: No User-Password or CHAP-Password attribute in
>> > the request
>> > >> GP> auth: Failed to validate the user.
>> > >>
>> > >> GP> These are user's attributes
>> > >>
>> > >> GP> +-----+----------+-------------------+-----------+------+
>> > >> GP> | id | UserName | Attribute | Value | op |
>> > >> GP> +-----+----------+-------------------+-----------+------+
>> > >> GP> | 727 | shicks | MS-CHAP-Challenge | password | := |
>> > >> GP> | 728 | shicks | Auth-Type | Local | := |
>> > >> GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := |
>> > >> GP> +-----+----------+-------------------+-----------+------+
>> > >>
>> > >> GP> Thanks
>> > >> GP> Pedro
>> > >>
>> > >>
>> > >> --
>> > >> ~/ZARAZA
>> > >> ����, � ���� ������. (����)
>> > >>
>> > >>
>> > >> -
>> > >> List info/subscribe/unsubscribe? See
>> > >> http://www.freeradius.org/list/users.html
>> > >>
>> >
>> > GP> -
>> > GP> List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>> >
>> > --
>> > ~/ZARAZA
>> > ������ �������� ���������� ����������. (���)
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
GP> -
GP> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
������� ��� �����... � ��������� ���� ������ ����� ���� ���������. (�����������)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
