hello here's debug output and the error, thanks
mysql> select * from radgroupcheck;
+----+---------------+------------------+----+--------+
| id | GroupName | Attribute | op | Value
|
+----+---------------+------------------+----+--------+
| 1 | admin | Auth-Type | == | CHAP
|
| 2 | admin | Simultaneous-Use | := | 1
|
| 3 | disabled-user | Auth-Type | := | Reject
|
+----+---------------+------------------+----+--------+
3 rows in set (0.00 sec)
mysql> select * from radcheck;
+----+----------+---------------------+----+------------------+
| id | UserName | Attribute | op | Value
|
+----+----------+---------------------+----+------------------+
| 1 | cache | User-Password | == | cache
|
| 6 | cache | Expiration | := | 20
November 2003 |
| 3 | reject | CHAP-Password | := | reject
|
| 15 | cache | Max-Monthly-Session | := | 45213
|
| 11 | apellido | CHAP-Password | := | apellido
|
| 14 | apellido | Max-Monthly-Session | := | 3600
|
| 16 | janine | CHAP-Password | := | janine
|
| 17 | jinh | CHAP-Password | := | jinh
|
+----+----------+---------------------+----+------------------+
8 rows in set (0.00 sec)
part of radius -xxx output
radtest cache cache localhost 1645 testing123
Tue Nov 18 22:04:40 2003 : Debug: modcall: group
authorize returns ok for request 2
Tue Nov 18 22:04:40 2003 : Debug:
rad_check_password: Found Auth-Type CHAP
Tue Nov 18 22:04:40 2003 : Debug: auth: type "CHAP"
Tue Nov 18 22:04:40 2003 : Debug: modcall: entering
group Auth-Type for request 2
Tue Nov 18 22:04:40 2003 : Debug:
modsingle[authenticate]: calling chap (rlm_chap) for
request 2
Tue Nov 18 22:04:40 2003 : Auth: rlm_chap: Attribute
"CHAP-Password" is required for authentication. Cannot
use "User-Password".
Tue Nov 18 22:04:40 2003 : Debug:
modsingle[authenticate]: returned from chap (rlm_chap)
for request 2
Tue Nov 18 22:04:40 2003 : Debug:
modcall[authenticate]: module "chap" returns invalid
for request 2
Tue Nov 18 22:04:40 2003 : Debug: modcall: group
Auth-Type returns invalid for request 2
Tue Nov 18 22:04:40 2003 : Debug: auth: Failed to
validate the user.
Tue Nov 18 22:04:40 2003 : Auth: Login incorrect:
[cache/cache] (from client localhost port 1645)
radtest janine janine localhost 1645 testing123
Tue Nov 18 22:07:00 2003 : Debug:
rad_check_password: Found Auth-Type CHAP
Tue Nov 18 22:07:00 2003 : Debug: auth: type "CHAP"
Tue Nov 18 22:07:00 2003 : Debug: modcall: entering
group Auth-Type for request 4
Tue Nov 18 22:07:00 2003 : Debug:
modsingle[authenticate]: calling chap (rlm_chap) for
request 4
Tue Nov 18 22:07:00 2003 : Auth: rlm_chap: Attribute
"CHAP-Password" is required for authentication. Cannot
use "User-Password".
Tue Nov 18 22:07:00 2003 : Debug:
modsingle[authenticate]: returned from chap (rlm_chap)
for request 4
Tue Nov 18 22:07:00 2003 : Debug:
modcall[authenticate]: module "chap" returns invalid
for request 4
Tue Nov 18 22:07:00 2003 : Debug: modcall: group
Auth-Type returns invalid for request 4
Tue Nov 18 22:07:00 2003 : Debug: auth: Failed to
validate the user.
Tue Nov 18 22:07:00 2003 : Auth: Login incorrect:
[janine/janine] (from client localhost port 1645)
radius.conf
instantiate {
#
# The expression module doesn't do
authorization,
# authentication, or accounting. It only
does dynamic
# translation, of the form:
#
# Session-Timeout = `%{expr:2 + 3}`
#
# So the module needs to be instantiated, but
CANNOT be
# listed in any other section. See
'doc/rlm_expr' for
# more information.
#
expr
Monthly
#
# We add the counter module here so that it
registers
# the check-name attribute before any module
which sets
# it
# daily
}
# Authorization. First preprocess (hints and
huntgroups files),
# then realms, and finally look in the "users" file.
#
# The order of the realm modules will determine the
order that
# we try to find a matching realm.
#
# Make *sure* that 'preprocess' comes before any
realm if you
# need to setup hints for the remote radius server
authorize {
#
# The preprocess module takes care of
sanitizing some bizarre
# attributes in the request, and turning them
into attributes
# which are more standard.
#
# It takes care of processing the
'raddb/hints' and the
# 'raddb/huntgroups' files.
#
# It also adds a Client-IP-Address attribute to the
request.
preprocess
#
# If you want to have a log of authentication
requests,
# un-comment the following line, and the
'detail auth_log'
# section, above.
auth_log
#
# The chap module will set 'Auth-Type :=
CHAP' if we are
# handling a CHAP request and Auth-Type has
not already been set
chap
# attr_filter
#
# This module takes care of EAP-MD5, EAP-TLS,
and EAP-LEAP
# authentication.
# eap
#
# If you have a Cisco SIP server
authenticating against
# FreeRADIUS, uncomment the following line.
# digest
#
# Look for IPASS style 'realm/', and if not
found, look for
# '@realm', and decide whether or not to
proxy, based on
# that.
# realmslash
# suffix
sql
# monthlycounter
Monthly
#
# Read the 'users' file
# files
#
# If you are using /etc/smbpasswd, and are
also doing
# mschap authentication, the un-comment this
line, and
# configure the 'etc_smbpasswd' module,
above.
# etc_smbpasswd
#
# If the users are logging in with an
MS-CHAP-Challenge
# attribute for authentication, the mschap
module will find
# the MS-CHAP-Challenge attribute, and add
'Auth-Type := MS-CHAP'
# to the request, which will cause the server
to then use
# the mschap module for authentication.
# mschap
# The ldap module will set Auth-Type to LDAP if it has
not already been set
# ldap
# daily
}
# Authentication.
#
# This section lists which modules are available for
authentication.
# Note that it does NOT mean 'try each module in
order'. It means
# that you have to have a module from the 'authorize'
section add
# a configuration attribute 'Auth-Type := FOO'. That
authentication type
# is then used to pick the apropriate module from the
list below.
#
#
# The default Auth-Type is Local. That is, whatever
is not included inside
# an authtype section will be called only if Auth-Type
is set to Local.
#
# So you should do the following:
# - Set Auth-Type to an appropriate value in the
authorize modules above.
# For example, the chap module will set Auth-Type to
CHAP, ldap to LDAP, etc.
# - After that create corresponding authtype sections
in the
# authenticate section below and call the
appropriate modules.
authenticate {
#
# PAP authentication, when a back-end
database listed
# in the 'authorize' section supplies a
password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the
'authorize' section
# MUST supply a CLEAR TEXT password.
Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication.
# Auth-Type MS-CHAP {
# mschap
# }
#
# If you have a Cisco SIP server
authenticating against
# FreeRADIUS, uncomment the following line.
# digest
#
# Pluggable Authentication Modules.
# pam
#
# See 'man getpwent' for information on how
the 'unix'
# module checks the users password. Note
that packets
# containing CHAP-Password attributes CANNOT
be authenticated
# against /etc/passwd! See the FAQ for
details.
#
# unix
# Uncomment it if you want to use ldap for
authentication
# Auth-Type LDAP {
# ldap
# }
#
# Allow EAP authentication.
# eap
}
=====
wilfredo pahilanga apellido jr.
technical support
mactan online
bacolod city, philippines
+63 34 4348311
If you can't hear me, it's because i'm in parentheses.
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
