Just upgraded from 0.9.3 to 1.0 on my FreeBSD 4.9 machine... Previously while on 0.9.3, PAP & CHAP working fine... But now... after upgrade to 1.0.. CHAP is not working...
The configuration in 1.0 is following previous 0.9.3 version... (rewritten.. not replacing!!) >From the debug log below.. It keep complaining "cannot find clear password".. I'm very sure that the password in clear form.. since while using 0.9.3.. it read the same entry and OK.. Please help..!!! --haizam > User-Name = "kpdn.gov.my" > CHAP-Password = 0xae9a6aff9c471ab31942831e2418d0bebd > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 52 > modcall[authorize]: module "preprocess" returns ok for request 52 > rlm_chap: Setting 'Auth-Type := CHAP' > modcall[authorize]: module "chap" returns ok for request 52 > modcall[authorize]: module "mschap" returns noop for request 52 > rlm_realm: No '/' in User-Name = "kpdn.gov.my", skipping NULL due to > config. > modcall[authorize]: module "IPASS" returns noop for request 52 > rlm_realm: No '@' in User-Name = "kpdn.gov.my", looking up realm NULL > rlm_realm: Found realm "NULL" > rlm_realm: Adding Stripped-User-Name = "kpdn.gov.my" > rlm_realm: Proxying request from user kpdn.gov.my to realm NULL > rlm_realm: Adding Realm = "NULL" > rlm_realm: Authentication realm is LOCAL. > modcall[authorize]: module "suffix" returns noop for request 52 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 52 > modcall[authorize]: module "files" returns notfound for request 52 > modcall: entering group redundant for request 52 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for kpdn.gov.my > radius_xlat: '(uid=kpdn.gov.my)' > radius_xlat: 'ou=RADIUS,ou=People,dc=jaring,dc=my' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in ou=RADIUS,ou=People,dc=jaring,dc=my, with > filter (uid=kpdn.gov.my) > rlm_ldap: checking if remote access for kpdn.gov.my is allowed by > dialupAccess > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: Adding radiusTunnelServerAuthId as Tunnel-Server-Auth-Id, value > :0:XXXXX & op=11 > rlm_ldap: Adding radiusTunnelClientAuthId as Tunnel-Client-Auth-Id, value > :0:XXXXX & op=11 > rlm_ldap: Adding radiusTunnelAssignmentId as Tunnel-Assignment-Id, value > :0:XXXXXX & op=11 > rlm_ldap: Adding radiusTunnelPassword as Tunnel-Password, value > :0:XXXXXX & op=11 > rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value :0:IP > & op=11 > rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value :0:L2TP & op=11 > rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & > op=11 > rlm_ldap: Adding radiusServiceType as Service-Type, value Outbound-User & > op=11 > rlm_ldap: extracted attribute Cisco-AVPair from generic item Cisco-AVPair > += "vpdn:ip-addresses=XXXXXXXX" > rlm_ldap: user kpdn.gov.my authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap1" returns ok for request 52 > modcall: group redundant returns ok for request 52 > modcall: group authorize returns ok for request 52 > rad_check_password: Found Auth-Type CHAP > auth: type "CHAP" > Processing the authenticate section of radiusd.conf > modcall: entering group Auth-Type for request 52 > rlm_chap: login attempt by "kpdn.gov.my" with CHAP password > rlm_chap: Could not find clear text password for user kpdn.gov.my > modcall[authenticate]: module "chap" returns invalid for request 52 > modcall: group Auth-Type returns invalid for request 52 > auth: Failed to validate the user. > Login incorrect (rlm_chap: Clear text password not available): > [kpdn.gov.my] (from client sysadmin port 0) > Delaying request 52 for 1 seconds > Finished request 52 > Going to the next request > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
