-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Sorry if this is a dumb question or if it has been answered before but I've
looked through the RADIUS book and back through the emails I have received
from the list and found nothing relevant.
I've been using FreeRADIUS 0.9.2 to authenticate users using MS-CHAPv2 and,
up to now, everything has been working fine. However, I have several users
who use a username in Uppercase so I thought I'd use the "lower_user =
after" function to make everything lowercase if uppercase fails. However,
as soon as I do this, I have the following problem.
If the username is in lowercase in the users file and the user uses
lowercase in their request, everything works fine (as expected).
If the username is in uppercase in the users file and the user sends
uppercase in their request, everything works fine (as expected).
If the username is in lowercase in the users file and the user sends
uppercase in their request, the request fails (not as expected).
If the username is in uppercase in the users file and the user sends
lowercase in their request, the request fails (as expected).
In the logfile, I was seeing errors like this...
Wed Oct 29 11:40:48 2003 : Auth: Login incorrect: [GUYD/<no User-Password
attribute>] (from client MX-20-Tech-Eng-PM port 0 cli 00-2
0-A6-4C-F7-1C)
Wed Oct 29 11:40:48 2003 : Error: rlm_eap: EAP-Message not found
Wed Oct 29 11:40:48 2003 : Auth: Login incorrect: [guyd/<no User-Password
attribute>] (from client MX-20-Tech-Eng-PM port 0 cli 00-2
0-A6-4C-F7-1C)
I was running radiusd with -X and got the following, which relates directly
to the messages above...
rad_recv: Access-Request packet from host 10.24.0.200:20007, id=208,
length=157
NAS-Port-Id = "1/2"
Calling-Station-Id = "00-20-A6-4C-F7-1C"
Called-Station-Id = "00-0B-0E-00-0A-44"
User-Name = "GUYD"
MS-CHAP-Challenge = 0xdad9af6fac7c8ba98a460cd911841fd8
MS-CHAP2-Response =
0x000045f4b3128611804c99e54c88527004a5000000000000000018afea36077a13bd6e105d
941cc1711b30a53423bde826d7
NAS-IP-Address = 10.24.0.200
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "GUYD", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 154
users: Matched DEFAULT at 160
modcall[authorize]: module "files" returns ok
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP'
modcall[authorize]: module "mschap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group Auth-Type
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: No LM-Password or NT-Password attribute found. Cannot perform
MS-CHAP authentication.
modcall[authenticate]: module "mschap" returns fail
modcall: group Auth-Type returns fail
auth: Failed to validate the user.
Login incorrect: [GUYD/<no User-Password attribute>] (from client
MX-20-Tech-Eng-PM port 0 cli 00-20-A6-4C-F7-1C)
rad_lowerpair: User-Name now 'guyd'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "guyd", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched guyd at 39
users: Matched DEFAULT at 154
users: Matched DEFAULT at 160
modcall[authorize]: module "files" returns ok
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP'
modcall[authorize]: module "mschap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group Auth-Type
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject
modcall: group Auth-Type returns reject
auth: Failed to validate the user.
Login incorrect: [guyd/<no User-Password attribute>] (from client
MX-20-Tech-Eng-PM port 0 cli 00-20-A6-4C-F7-1C)
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
However, with exactly the same username (guyd) and the same client, I get
this when I login directly using lowercase (i.e. the lower_user function
isn't used).
rad_recv: Access-Request packet from host 10.24.0.200:20007, id=209,
length=157
NAS-Port-Id = "1/2"
Calling-Station-Id = "00-20-A6-4C-F7-1C"
Called-Station-Id = "00-0B-0E-00-0A-44"
User-Name = "guyd"
MS-CHAP-Challenge = 0xac9c8132067b24c328bb5d132892710a
MS-CHAP2-Response =
0x000096b81f06b43769757e10228a321fe436000000000000000019174ef972837e09f4d32a
d93018d8b2226e138b621cfbab
NAS-IP-Address = 10.24.0.200
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "chap" returns noop
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "guyd", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched guyd at 39
users: Matched DEFAULT at 154
users: Matched DEFAULT at 160
modcall[authorize]: module "files" returns ok
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP'
modcall[authorize]: module "mschap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group Auth-Type
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok
modcall: group Auth-Type returns ok
Login OK: [guyd] (from client MX-20-Tech-Eng-PM port 0 cli
00-20-A6-4C-F7-1C)
Sending Access-Accept of id 209 to 10.24.0.200:20007
Service-Type = Administrative-User
VLAN-Name = "telinternal"
Session-Timeout = 1800
Idle-Timeout = 60
Login-Service = Telnet
MS-CHAP2-Success =
0x00533d39394534324330433834443041444346374136363546453132333333334541324337
343645374346
MS-MPPE-Recv-Key = 0xa8bd66ac63801f383fccf51db3244f54
MS-MPPE-Send-Key = 0x35814e5b526e6828f5f14337bf4cca81
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 7
Going to the next request
Any ideas?
Regards,
Guy
- ---
Guy Davies Telindus
Limited
IP Architect Hatchwood Place,
Farnham Road,
Odiham,
Hampshire, RG29 1AB
e: [EMAIL PROTECTED] m: +44 (0)7879
434214
t: +44 (0)1256 709285 f: +44 (0)1256
709210
jabber: [EMAIL PROTECTED] aim: aguyd2000 icq: 169876941
msn: [EMAIL PROTECTED] yahoo: aguyd2000
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBP5+4j43dwu/Ss2PCEQL4WACgwUGgR8iuTIqu+Q3g39eVCdowuSIAoJ/u
5kZwVIMEUh0FBUP4ai3VhtaA
=wlXl
-----END PGP SIGNATURE-----
>>>
30th Telindus International Symposium
Thursday, October 30, 2003 - Brussels Expo, Belgium
Check out the complete conference programme, exhibition,
workshops and register now for this high value'must attend' event!
http://www.telindussymposium.com
<<<
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
