Dear Michael Hare, In authorize section mschap should follow the module retrieving user's password (for example ldap).
--Wednesday, March 26, 2003, 6:26:01 PM, you wrote to [EMAIL PROTECTED]: MH> All- MH> I'm in the initial stages of understanding and trying to set up our LDAP MH> auth environment (storing plaintext passwords) with MSCHAP. We're using a MH> Cisco 30xx VPN concentrator. MH> I've read the rlm_mschap doc in the docs/ subdir, and I think I have my MH> radius config setup OK. However, I'm starting to wonder if I'm having MH> client, VPN concentrator issues, and hopefully by looking at my debugs MH> somebody on this list can help me decide that. MH> This is more than likely a problem with me not understanding CHAP, but I MH> find it strange there is no Chap-Password supplied in the access-request MH> packet.. Perhaps there are multiple pieces missing here? (Yes, non-CHAP MH> authentication works OK) MH> rad_recv: Access-Request packet from host 144.92.44.114:2474, id=50, MH> length=165 MH> User-Name = "radius.testuser" MH> NAS-Port = 5735 MH> Service-Type = Framed-User MH> Framed-Protocol = PPP MH> Tunnel-Client-Endpoint:0 = "128.104.19.106" MH> MS-CHAP-Challenge = 0x93f85072a0d1b096d65d11bdc1a6ecba MH> MS-CHAP2-Response = MH> 0x0200917d137fbe6068ce0ff6497fd585346f0000000000000000083a89c344e820927e54de MH> 0aab531960ebca12bd418e6904 MH> NAS-IP-Address = 144.92.44.114 MH> NAS-Port-Type = Virtual MH> ... MH> ... MH> rlm_chap: Could not find proper Chap-Password attribute in request MH> modcall[authorize]: module "chap" returns noop MH> modcall[authorize]: module "mschap" returns notfound MH> ... MH> ... MH> auth: type "LDAP" MH> modcall: entering group authtype MH> rlm_ldap: - authenticate MH> rlm_ldap: Attribute "User-Password" is required for authentication. MH> modcall[authenticate]: module "ldap" returns invalid MH> modcall: group authtype returns invalid MH> auth: Failed to validate the user. MH> Delaying request 1 for 1 seconds MH> Finished request 1 MH> Going to the next request MH> --- Walking the entire request list --- MH> Waking up in 1 seconds... MH> --- Walking the entire request list --- MH> Sending Access-Reject of id 50 to 144.92.44.114:2474 MH> MS-CHAP-Error = "\002E=691 R=1" MH> Waking up in 4 seconds... MH> --- Walking the entire request list --- MH> Cleaning up request 1 ID 50 with timestamp 3e81b844 MH> Nothing to do. Sleeping until we see a request. MH> /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ MH> Michael Hare MH> UW-Madison/WiscNet Network Engineering MH> My phone: 608-262-5236 MH> 24-Hour NOC: 608-263-4188 MH> WiscNet: 608-265-6761 MH> - MH> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Всегда будем рады послушать ваше чириканье (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
