Hi,
I was wondering if you were planning to support MS-CHAP v1 and MS-CHAP v2 for users who are set to "Auth-Type := Local". I'm using the latest version of Freeradius (1.0.0-pre3) and I get the following debug output when I try to use MS-CHAP v2 between the RADIUS client and Freeradius server:
rad_recv: Access-Request packet from host 67.130.149.86:1025, id=104, length=220 User-Name = "rad1" NAS-IP-Address = 77.210.10.86 NAS-Port = 0 Service-Type = Login-User Acct-Session-Id = "8F000035" Called-Station-Id = "00-50-E8-00-26-3B" Calling-Station-Id = "00-20-A6-4C-42-FF" Nomadix-Logoff-URL = ""> NAS-Identifier = "AG-2000" NAS-Port-Type = Async Framed-IP-Address = 31.31.31.2 MS-CHAP-Challenge = 0x0000160b000008fc00000dd70000046a MS-CHAP2-Response = 0x8b00000027ef00005614000008f60000076d0000000000000000c4f301f9a6a8d2cd58c3234ed216f5ed85aed31bb0b8dca7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' modcall[authorize]: module "mschap" returns ok for request 4 rlm_realm: No '/' in User-Name = "psoltan", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "IPASS" returns noop for request 4 rlm_realm: No '@' in User-Name = "psoltan", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 4 users: Matched psoltan at 90 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns ok for request 4 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 4 for 1 seconds Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 104 to 67.130.149.86:1025 Nomadix-Goodbye-URL = ""> Waking up in 4 seconds...
If I specifically set a user to "Auth-Type := MS-CHAP" then the server returns an Access-Accept.
Thanks,
Phillip Soltan QA Engineer 818-575-2440 tel. 818-575-1502 fax
Nomadix Inc. 31355 Agoura Road Westlake Village, CA 91361
|
- Re: MS-CHAP Support Phillip Soltan
- Re: MS-CHAP Support Alan DeKok
- RE: MS-CHAP Support Phillip Soltan
- Re: MS-CHAP Support Alan DeKok