Hello, if someone can help me out, it would be very nice! I have to set up a
radius-server for dialling-in, in combination with a cisco-router. It
doesn't work, and I have no idea, if it's a configuration problem, or if
it's a problem from the cisco router 3620. Maybe someone has had a similar
problem, or knows a potential solution?
Thanks for any help!
TOC:
->radiusd dump
->call #1
->call #2
->call #3
->accounts (users-file)
->radius.conf
---->radiusd dump (a part of it):
<--------------------------------------------
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: ignore_password = no
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
---->Here is the call #1:
<----------------------------------------------------
rad_recv: Access-Request packet from host 172.10.15.200:1645, id=116,
length=143
NAS-IP-Address = 172.10.15.200
NAS-Port = 41
NAS-Port-Type = Async
User-Name = "kunde1"
Calling-Station-Id = "015553304"
MS-CHAP-Challenge = 0x3af6c67c31354841
MS-CHAP-Response =
0x040100000000000000000000000000000000000000000000000056ec24d8da13a5828d318a
78620b31b4adb26eb22b852ef6
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "kunde1", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 178
users: Matched DEFAULT at 197
users: Matched DEFAULT at 209
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Login incorrect: [kunde1/<no User-Password attribute>] (from client Cisco
port 41 cli 015553304)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 116 to 172.10.15.200:1645
MS-CHAP-Error = "\004E=691 R=1"
MS-CHAP-Error = "\004E=691 R=1"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 116 with timestamp 3e54fd64
Nothing to do. Sleeping until we see a request.
---->Here is the call #2:
<----------------------------------------------------
rad_recv: Access-Request packet from host 172.10.15.200:1645, id=129,
length=88
NAS-IP-Address = 172.10.15.200
NAS-Port = 36
NAS-Port-Type = Async
User-Name = "kunde1"
Calling-Station-Id = "015553304"
CHAP-Password = 0x03b72881c7db5ecefee0b79726009b4d03
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Adding Auth-Type = CHAP
modcall[authorize]: module "chap" returns ok
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "kunde1", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 178
users: Matched DEFAULT at 197
users: Matched DEFAULT at 209
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
rlm_unix: Attribute "User-Password" is required for authentication. Cannot
use "CHAP-Password".
modcall[authenticate]: module "unix" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Login incorrect: [kunde1/<CHAP-Password>] (from client Cisco port 36 cli
015553304)
Delaying request 30 for 1 seconds
Finished request 30
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 129 to 172.10.15.200:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 30 ID 129 with timestamp 3e550dc3
Nothing to do. Sleeping until we see a request.
---->Here is the call #3:
<----------------------------------------------------
rad_recv: Access-Request packet from host 172.10.15.200:1645, id=132,
length=87
NAS-IP-Address = 172.10.15.200
NAS-Port = 39
NAS-Port-Type = Async
User-Name = "kunde1"
Calling-Station-Id = "015553304"
User-Password = "pass1"
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "kunde1", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 178
users: Matched DEFAULT at 197
users: Matched DEFAULT at 209
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns notfound
modcall: group authenticate returns notfound
auth: Failed to validate the user.
Login incorrect: [kunde1/pass1] (from client Cisco port 39 cli 015553304)
Delaying request 33 for 1 seconds
Finished request 33
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 132 to 172.10.15.200:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 33 ID 132 with timestamp 3e550f25
Nothing to do. Sleeping until we see a request.
----> I tried all these accounts without any success:
<------------------------
kunde1 Auth-Type := Local, Password == "pass1"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.10.15.99,
Framed-IP-Netmask = 255.255.255.0
kunde2 Auth-Type := MS-CHAP, Password == "pass1"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.10.15.99,
Framed-IP-Netmask = 255.255.255.0
kunde3 Auth-Type := Local, User-Password == "pass1"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.10.15.99,
Framed-IP-Netmask = 255.255.255.0
----> Here's a part of my radius.conf:
<---------------------------------------
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
eap {
md5 {
}
}
mschap {
authtype = MS-CHAP
}
authorize {
preprocess
chap
mschap
suffix
files
mschap
}
authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
authtype MS-CHAP {
mschap
}
unix
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
