Ascend NAS sending only CHAP passwords.

[Rodolfo Gonzalez Gonzalez]

Hello,

Sorry for the long post. I've installed freeradius 1.0.0 on a slackware
box. I'm trying to make it work against my ISP's Ascend Max40xx. I'm
supporting only PAP on my side, my users are on a MySQL db, with crypt'ed
passwords. I can only connect if I force PAP on client side (in Windows'
DUN, for example). I googled and found two pairs:
Ascend-Send-Auth=Send-Auth-PAP and Ascend-Auth-Type=Auth-PAP but I don't
know if some of these can be used to force PAP, and if so, where to place
them... any help or hint for configuration is appreciated.

The technician from the ISP doesn't know which the configuration of the
Max is, BTW.

I'm getting this from the NAS:

rad_recv: Access-Request packet from host a.b.c.d:10262, id=2,
length=174
        User-Name = "test"
        CHAP-Password = 0x012594a06a1302e0f7c5d7e76c1b993d99
        NAS-IP-Address = w.x.y.z
        NAS-Port = 2262
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "6666666666"
        Calling-Station-Id = "6666666666"
        NAS-Identifier = "nas1.a.b.c.d"
        Acct-Session-Id = "330052261"
        Vendor-1760-Attr-18 = 0x00000000
        NAS-Port-Type = Async
        X-Ascend-Data-Rate = 26400
        Vendor-1760-Attr-20 = 0x00000001
        X-Ascend-Xmit-Rate = 19200

My freeradius responds:

Login incorrect: [test/<CHAP-Password>] (from client nas1 port 2262
cli 6666666666)
Sending Access-Reject of id 2 to a.b.c.d:10262

My radius.conf looks like this (relevant -IMO- sections only, if more info
is needed pls tell me :) ):

modules {
        pap {
                encryption_scheme = crypt
        }
        realm suffix {
                format = suffix
                delimiter = "@"
                ignore_default = no
                ignore_null = no
        }
        preprocess {
                huntgroups = ${confdir}/huntgroups
                hints = ${confdir}/hints
                with_ascend_hack = yes
                ascend_channels_per_line = 23
                with_ntdomain_hack = no
                with_specialix_jetstream_hack = no
                with_cisco_vsa_hack = no
        }
        attr_filter {
                attrsfile = ${confdir}/attrs
        }
# ... logs and othe things
}

authorize {
        preprocess
        auth_log
        sql
}

authenticate {
        Auth-Type PAP {
                pap
        }
}

Thanks in advanced,
Rodolfo.

P.S. in fact I have the very same situation with a Cistron server and the
same NAS.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html