well you feel wrong because I already solved this problem, it was a radclient bug...(which I found in mailing list archives)
Evren On Tue, 26 Nov 2002, Chhai Thach wrote: > -- I have a feeling that the password stored inside your database is encrypted. > > > I have sql and chap in authorize section and the password is cleartext for > sure =) freeradius even finds it! > > rlm_chap: Using clear text password testpasswd for user test > -- it says that when the password you are storing is encrypted :) > > Chhai > > On Tue, 26 Nov 2002, Chhai Thach wrote: > > > In the radius.conf file under the authenticate function, it say: > > > > > > Most people want CHAP authentication > > A back-end database listed in the 'authorize' section > > MUST supply a CLEAR TEXT password. Encrypted passwords > > won't work. > > > > > > I couldn't get MS-Chap going though with neither encrypted or unencripted >password. > > > > > > > > > > -----Original Message----- > > From: Evren Yurtesen [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, 26 November 2002 2:19 PM > > To: [EMAIL PROTECTED] > > Subject: serious radclient bug! (2) > > > > Sorry, maybe this is not a bug =) > > But still I couldnt get freeradius to work with MySQL and CHAP > > I use plain text passwords in MySQL and everything else seems fine > > > > in radcheck I have > > Username Attribute Value Op > > test User-Passwd testpassed := > > > > in radgroupcheck > > GroupName Attribute Value op > > 64Kbit/s Auth-Type CHAP := > > > > and test user is in this group... > > > > I get this error > > > > tunnel:/usr/local/dialup_admin#radclient localhost auth testing123 > > User-Name = "test" > > CHAP-Password = "testpasswd" > > Received response ID 242, code 3, length = 32 > > Ascend-Data-Rate = 64000 > > tunnel:/usr/local/dialup_admin# > > > > and my -sxx output is... > > > > tunnel:/usr/local/etc/raddb#radiusd -sxx > > Starting - reading configuration files ... > > reread_config: reading radiusd.conf > > Config: including file: /usr/local/etc/raddb/clients.conf > > Config: including file: /usr/local/etc/raddb/sql.conf > > main: prefix = "/usr/local" > > main: localstatedir = "/usr/local/var" > > main: logdir = "/var/log" > > main: libdir = "/usr/local/lib" > > main: radacctdir = "/var/log/radacct" > > main: hostname_lookups = no > > read_config_files: reading dictionary > > read_config_files: reading clients > > read_config_files: reading realms > > read_config_files: reading naslist > > main: max_request_time = 30 > > main: cleanup_delay = 5 > > main: max_requests = 1024 > > main: delete_blocked_requests = 0 > > main: port = 0 > > main: allow_core_dumps = no > > main: log_stripped_names = no > > main: log_auth = no > > main: log_auth_badpass = no > > main: log_auth_goodpass = no > > main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" > > main: user = "(null)" > > main: group = "(null)" > > main: usercollide = no > > main: lower_user = "no" > > main: lower_pass = "no" > > main: nospace_user = "no" > > main: nospace_pass = "no" > > main: proxy_requests = no > > security: max_attributes = 200 > > security: reject_delay = 1 > > main: debug_level = 0 > > read_config_files: entering modules setup > > Module: Library search path is /usr/local/lib > > Module: Loaded CHAP > > Module: Instantiated chap (chap) > > Module: Loaded SQL > > sql: driver = "rlm_sql_mysql" > > sql: server = "localhost" > > sql: port = "" > > sql: login = "radius" > > sql: password = "radius2best" > > sql: radius_db = "radius" > > sql: acct_table = "radacct" > > sql: acct_table2 = "radacct" > > sql: authcheck_table = "radcheck" > > sql: authreply_table = "radreply" > > sql: groupcheck_table = "radgroupcheck" > > sql: groupreply_table = "radgroupreply" > > sql: usergroup_table = "usergroup" > > sql: nas_table = "nas" > > sql: dict_table = "dictionary" > > sql: sqltrace = no > > sql: sqltracefile = "/var/log/sqltrace.sql" > > sql: deletestalesessions = yes > > sql: num_sql_socks = 5 > > sql: sql_user_name = "%{User-Name}" > > sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM > > radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" > > sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM > > radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" > > sql: authorize_group_check_query = "SELECT > > >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op > > FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' > > AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY > > radgroupcheck.id" > > sql: authorize_group_reply_query = "SELECT > > >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op > > FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' > > AND usergroup.GroupName = radgroupreply.GroupName ORDER BY > > radgroupreply.id" > > sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE > > UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = > > 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC" > > sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', > > AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), > > AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = > > %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND > > NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" > > sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = > > '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND > > UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND > > AcctStopTime = 0" > > sql: accounting_start_query = "INSERT into radacct (RadAcctId, > > AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, > > NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, > > ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, > > CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, > > FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', > > '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', > > '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', > > '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', > > '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', > > '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')" > > sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = > > '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = > > '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName > > = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND > > AcctStopTime = 0" > > sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', > > AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = > > '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', > > AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = > > '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE > > AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND > > NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0" > > sql: accounting_stop_query_alt = "INSERT into radacct (RadAcctId, > > AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, > > NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, > > ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, > > CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, > > FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', > > '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', > > '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '0', > > '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', > > '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', > > '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', > > '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')" > > sql: connect_failure_retry_delay = 60 > > sql: simul_count_query = "" > > sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, > > NASIPAddress, NASPortId, FramedIPAddress, CalledStationId FROM radacct > > WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" > > sql: simul_zap_query = "DELETE FROM radacct WHERE RadAcctId = '%s'" > > rlm_sql: Driver rlm_sql_mysql loaded and linked > > rlm_sql: Attempting to connect to radius@localhost:/radius > > rlm_sql: starting 0 > > rlm_sql: Attempting to connect #0 > > rlm_sql: Starting connect to MySQL server for #0 > > rlm_sql: Connected new DB handle, #0 > > rlm_sql: starting 1 > > rlm_sql: Attempting to connect #1 > > rlm_sql: Starting connect to MySQL server for #1 > > rlm_sql: Connected new DB handle, #1 > > rlm_sql: starting 2 > > rlm_sql: Attempting to connect #2 > > rlm_sql: Starting connect to MySQL server for #2 > > rlm_sql: Connected new DB handle, #2 > > rlm_sql: starting 3 > > rlm_sql: Attempting to connect #3 > > rlm_sql: Starting connect to MySQL server for #3 > > rlm_sql: Connected new DB handle, #3 > > rlm_sql: starting 4 > > rlm_sql: Attempting to connect #4 > > rlm_sql: Starting connect to MySQL server for #4 > > rlm_sql: Connected new DB handle, #4 > > Module: Instantiated sql (sql) > > Listening on IP address *, ports 1812/udp and 1813/udp. > > Ready to process requests. > > rad_recv: Access-Request packet from host 127.0.0.1:1558, id=242, > > length=45 > > User-Name = "test" > > CHAP-Password = 0xf26580dede51cb48778629d0487cd5fad7 > > modcall: entering group authorize > > rlm_chap: Adding Auth-Type = CHAP > > modcall[authorize]: module "chap" returns ok > > radius_xlat: 'test' > > sql_set_user: escaped user --> 'test' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > Username = 'test' ORDER BY id' > > rlm_sql: Reserving sql socket id: 4 > > radius_xlat: 'SELECT > > >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op > > FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test' AND > > usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' > > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > Username = 'test' ORDER BY id' > > radius_xlat: 'SELECT > > >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op > > FROM radgroupreply,usergroup WHERE usergroup.Username = 'test' AND > > usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' > > radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = > > 'test' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR > > Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' > > rlm_sql: Released sql socket id: 4 > > modcall[authorize]: module "sql" returns ok > > modcall: group authorize returns ok > > rad_check_password: Found Auth-Type CHAP > > auth: type "CHAP" > > modcall: entering group authtype > > rlm_chap: login attempt by "test" with CHAP password �e?��Q�Hw?)�H|��� > > rlm_chap: Using clear text password testpasswd for user test > > authentication. > > rlm_chap: Pasword check failed > > modcall[authenticate]: module "chap" returns reject > > modcall: group authtype returns reject > > auth: Failed to validate the user. > > Delaying request 0 for 1 seconds > > Finished request 0 > > Going to the next request > > --- Walking the entire request list --- > > Waking up in 1 seconds... > > --- Walking the entire request list --- > > Waking up in 1 seconds... > > --- Walking the entire request list --- > > Sending Access-Reject of id 242 to 127.0.0.1:1558 > > Ascend-Data-Rate = 64000 > > Waking up in 4 seconds... > > --- Walking the entire request list --- > > Cleaning up request 0 ID 242 with timestamp 3de2eee0 > > Nothing to do. Sleeping until we see a request. > > > > > > So what is the solution to this problem? > > > > > > ---------- Forwarded message ---------- > > Date: Tue, 26 Nov 2002 05:35:16 +0200 (WET) > > From: Evren Yurtesen <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: serious radclient bug! > > > > Hi, > > > > I have been sittin here all night to find out to see this; > > > > I run radclient like this > > #radclient localhost auth testing123 > > > > I enter these > > User-Name = test > > CHAP-Password = testpasswd > > > > then press CTRL-D > > > > I somehow never could login! > > > > I (at last) set in conf file to see password in logs... > > > > Tue Nov 26 05:29:20 2002 : Auth: Login incorrect: [test/<CHAP-Password>] (from >client localhost port 0) > > > > I believe this happens to be a bug? If I use these pairs it works though > > > > User-Name = test > > Password = testpasswd > > Auth-Type = CHAP > > > > > > Evren > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
