"Roy, Daniel" <[EMAIL PROTECTED]> wrote: > Yes, mschap is just above the group and it is not commented out. If I > comment out the group and restart the radius server and send an > access-request, it does indeed do an mschap authorization and then an > mschap authentication (as per the output when running in debug mode), > proving that mschap is indeed there and active. But somehow, when I > insert a group without a mschap section within the group (as indicated > in my previous email), mschap does not occur correctly.
So the problem is within that group. > Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling mschap > (rlm_mschap) for request 7 > Fri Jun 25 14:53:42 2004 : Debug: rlm_mschap: Found MS-CHAP > attributes. Setting 'Auth-Type := MS-CHAP' That looks good. > Fri Jun 25 14:53:42 2004 : Debug: rad_check_password: Found Auth-Type > Local That doesn't look good. I'd say that one of your SQL qeuries returns "Auth-Type := Local", and that's breaking MS-CHAP. > Fri Jun 25 14:53:42 2004 : Debug: auth: type Local > Fri Jun 25 14:53:42 2004 : Debug: auth: No User-Password or > CHAP-Password attribute in the request > Fri Jun 25 14:53:42 2004 : Debug: auth: Failed to validate the user. Yup. MS-CHAP doesn't contain PAP or CHAP passwords, so "Local" won't work. > What you state is in fact the case in my radiusd.conf, but it doesn't = > seem to be working the way you (or I) expect it to work. But it's doing what you told it to do, which is often a problem. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
