EAP/MD5,CHAP O.K - PAP Fails

[J�rgen Wei�]

High List

I have problem concerning freeradius 0.7 on an RedHat 7.3 Operating
system.
EAP/MD5 and Chap works fine in conjunction with LDAP. But PAT
authentification fails.
Any hints or suggestions where I make an mistake !

########################## Start: radiusd.conf #########################



modules {

 ...

 eap {
  md5 {
  }
 }

 chap {
 }

 mschap {
  authtype = MS-CHAP
 }

 pap {
  encryption_scheme = clear
 }

 ldap {
  server = "ldap.uni-oldenburg.de"
  identity = "cn=......................................."
  password = .......
  basedn = "ou=Radius,ou=Account,dc=uni-oldenburg,dc=de"
  filter = "(uid=%u)"
  start_tls = no
  dictionary_mapping = ${raddbdir}/ldap.attrmap
  ldap_connections_number = 15
  password_attribute = userPassword
  timeout = 4
  timelimit = 3
  net_timeout = 1
 }

 ...
}



authorize {
 preprocess
 chap
 ldap
 eap


}


authenticate {
 eap
 authtype CHAP {
  chap
 }
 authtype PAP {
  pap
 }

}

....

########################## End: radiusd.conf #########################
########################## Start: users      #########################

DEFAULT Auth-Type := Local
 Fall-Through = 1
DEFAULT Auth-Type := System
 Fall-Through = 1

########################## End:: users      #########################

rad_recv: Access-Request packet from host 213.20.240.250:56949, id=117,
length=73
 User-Name = "talktest"
 CHAP-Password = 0x7519249ac5d1bd628ef8e017015373a99b
 Service-Type = Framed-User
 Framed-Protocol = PPP
 NAS-IP-Address = 213.20.240.250
 NAS-Port = 1
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Adding Auth-Type = CHAP
  modcall[authorize]: module "chap" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for talktest
radius_xlat:  '(uid=talktest)'
radius_xlat:  'ou=Radius,ou=Account,dc=uni-oldenburg,dc=de'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=Radius,ou=Account,dc=uni-oldenburg,dc=de, with filter (uid=talktest)
rlm_ldap: Added password talktalk in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user talktest authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok
rlm_eap: EAP-Message not found
  modcall[authorize]: module "eap" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
modcall: entering group authtype
rlm_chap: login attempt by "talktest" with CHAP password
u?$?�ѽb?��??Ss�?
rlm_chap: Using clear text password talktalk for user talktest
authentication.
rlm_chap: chap user talktest authenticated succesfully
  modcall[authenticate]: module "chap" returns ok
modcall: group authtype returns ok
Login OK: [talktest/<CHAP-Password>] (from client MediaWays port 1)
Sending Access-Accept of id 117 to 213.20.240.250:56949
Finished request 706
--------------------------------------------------------------------
--------------------------------------------------------------------
rad_recv: Access-Request packet from host 213.20.240.250:56973, id=24,
length=72
 User-Name = "talktest"
 User-Password = "W\022R\351\\\026q}7Q\003\355\224>$N"
 Service-Type = Framed-User
 Framed-Protocol = PPP
 NAS-IP-Address = 213.20.240.250
 NAS-Port = 1
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for talktest
radius_xlat:  '(uid=talktest)'
radius_xlat:  'ou=Radius,ou=Account,dc=uni-oldenburg,dc=de'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=Radius,ou=Account,dc=uni-oldenburg,dc=de, with filter (uid=talktest)
rlm_ldap: Added password talktalk in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user talktest authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok
rlm_eap: EAP-Message not found
  modcall[authorize]: module "eap" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type LDAP
auth: type "LDAP"
auth: Failed to validate the user.
Login incorrect: [talktest/talktalk] (from client MediaWays port 1)
Delaying request 711 for 1 seconds
Finished request 711
Going to the next request

####################################################################################



--
+----------------------------------------------------------------------+

+ Juergen Weiss                mailto:[EMAIL PROTECTED]   |

+ Hochschulrechenzentrum       TEL:   +49 0441 7984407                 |

+ Universitaet Oldenburg       FAX:   +49 0441 7984413                 |

+ Carl v. Ossietzky Str. 9-11  http://www.hrz.uni-oldenburg.de/~weiss  |

+----------------------------------------------------------------------+

+




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html