My best guess is that the passwords are stored encrypted at the radius
server, which will never work since CHAP is one-way encyption.
You have 2 options:
- use CHAP and store passwords unencrypted at the radius server
- use PAP and store passwords encrypted at the radius server.
Regards,
Thor.
----- Original Message -----
From: "Markus Ebel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 17, 2004 2:52 PM
Subject: Solution for Auth-Problem
Hi,
i tried but i can�t find a solution of my auth-problem.
i try to connect to our Ascend Max2000 by a Windows-Client
with username and password and i�cant get it working
Here is the debug.
-------------- freeradius Debug ----------------------
rad_recv: Access-Request packet from host 21X.xx.xx.xxx:1025, id=20,
length=111
User-Name = "testuser"
CHAP-Password =
"\021qjE\415h\3111\373\137W\323X\313\030\325\255"
NAS-IP-Address = 21X.XX.XX.XXX
NAS-Port-Id = 10106
NAS-Port-Type = Sync
Service-Type = Framed-User
Framed-Protocol = PPP
State = ""
Calling-Station-Id = "0023XXXXXXXX"
Called-Station-Id = "XXXX"
Acct-Session-Id = "453506169"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
rlm_realm: No '@' in User-Name = "testuser", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 5
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
modcall: entering group Auth-Type
rlm_chap: login attempt by "testuser" with CHAP password
?qxN�?h�1wW��X?ŭ
rlm_chap: Could not find clear text password for user testuser
modcall[authenticate]: module "chap" returns invalid
modcall: group Auth-Type returns invalid
auth: Failed to validate the user.
Login incorrect: [testuser/<CHAP-Password>] (from client ascend1 port
5 cli 0023XXXXXXXX)
-----------------------------
It seems that the freeradius can�t read the passphrase in
the user-profile and i don�t know why.
--------------------------------
testuser Password=="verysecret"
Auth-Type=MS-CHAP,
User-Service=Framed-User,
User-Name="testuser",
Framed-Protocol=PPP,
Framed-Routing=None,
Framed-Address=21X.XX.XX.XXX,
Framed-Netmask=255.255.255.255,
Ascend-Require-Auth=Not-Require-Auth,
Ascend-Data-Svc="Switched-64K",
Ascend-Idle-Limit=600
--------------------------------
why can�t freeradius read the cleartext password (verysecret)
from the profile. I can ;-).
Please help. I don�t know what to do. Maybe the soloution is
to easy, but i can�t see it.
thanx in advance
Markus
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
