Hi List, please, I think this must be a very basic issue, I am starting to
work with FreeRadius 0.9.3, my first test was very fine while testing
without realm, but now when I attempt to work with a realm I'm having
problems.
I have set my proxy.conf file that for working with real looks like:
realm myrealm {
type = radius
authhost = LOCAL
accthost = LOCAL
strip
}
And in my user's file I have:
prueba Auth-Type := Local, User-Password == "prueba"
Port-Limit = 2,
Class = II-BRONCE,
Framed-IP-Address = 255.255.255.255,
Framed-IP-Netmask = 255.255.255.255
With this configuration , when I tested to authenticate with the user
[EMAIL PROTECTED] I get the following message, and this is rejected, but
without the realm all works fine.
#----------------START OF THE
MESSAGE --------------------------------------#
rad_recv: Access-Request packet from host 192.168.100.161:1089, id=8,
length=193
NAS-IP-Address = 192.168.100.161
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 11
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.00"
NAS-Port-Type = Async
Connect-Info = "CONNECT 9600/ARQ"
User-Name = "[EMAIL PROTECTED]"
MS-CHAP-Challenge = 0x0c24fef9ec83ef46b0a9cd1167b54a54
MS-CHAP2-Response =
0x0000d29ca44130fe77235a0f744a7998d3900000000000000000ec6fa5e3db0ac1a199e232
0f9b3246565e67d9937e8811ea
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "eap" returns noop for request 5
rlm_realm: Looking up realm "myrealm" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "myrealm"
rlm_realm: Adding Stripped-User-Name = "prueba"
rlm_realm: Proxying request from user prueba to realm myrealm
rlm_realm: Adding Realm = "myrealm"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched prueba at 77
modcall[authorize]: module "files" returns ok for request 5
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP'
modcall[authorize]: module "mschap" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group Auth-Type for request 5
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 5
modcall: group Auth-Type returns reject for request 5
auth: Failed to validate the user.
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 8 to 192.168.100.161:1089
MS-CHAP-Error = "\000E=691 R=1"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 8 with timestamp 40153a51
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.100.161:1090, id=9,
length=193
NAS-IP-Address = 192.168.100.161
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 11
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.00"
NAS-Port-Type = Async
Connect-Info = "CONNECT 9600/ARQ"
User-Name = "[EMAIL PROTECTED]"
MS-CHAP-Challenge = 0xf4e6094ba50901a08d34e31f06d05bec
MS-CHAP2-Response =
0x01006d25736722c42e292ef788585bac49a700000000000000008ec1a46aa6d87929e4c7c1
7679c47406dbf42713b55a9b88
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "eap" returns noop for request 6
rlm_realm: Looking up realm "myrealm" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "myrealm"
rlm_realm: Adding Stripped-User-Name = "prueba"
rlm_realm: Proxying request from user prueba to realm myrealm
rlm_realm: Adding Realm = "myrealm"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched prueba at 77
modcall[authorize]: module "files" returns ok for request 6
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP'
modcall[authorize]: module "mschap" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group Auth-Type for request 6
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 9 to 192.168.100.161:1090
MS-CHAP-Error = "\001E=691 R=1"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 9 with timestamp 40153a60
#----------------END OF THE MESSAGE --------------------------------------#
But when I test with the same configuration with the user "prueba" (without
realm) all works fine, So I think I 'm not considering some further detail
???
Please could somebody give me some hint about this question?
Thank you in advance.
Regards,
Ernesto Freyre.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
