Can any one help me?
I
try to create the PPTP connection to CISCO router,
and it seems be working fine if
I use local authentication on cisco.
If I try to authenticate to FreeRadius with MS-CHAP,
it still hard to work after trying long time.
rlm_mschap: No LM/NT
password configured. Check authorization.
modcall[authenticate]: module "mschap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
modcall[authenticate]: module "mschap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Who can comment what's happen?
Thank you very much!!!
Configuation and the error messages
show on the below.
username cisco
password cisco
vpdn-group 2
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 2
local name vpdn
pptp tunnel echo 0
pptp flow-control receive-window 64
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 2
local name vpdn
pptp tunnel echo 0
pptp flow-control receive-window 64
interface
Virtual-Template2
ip unnumbered FastEthernet0/0
peer default ip address pool pptp-pool
ppp max-bad-auth 4
ppp encrypt mppe auto
ppp authentication ms-chap-v2
ip unnumbered FastEthernet0/0
peer default ip address pool pptp-pool
ppp max-bad-auth 4
ppp encrypt mppe auto
ppp authentication ms-chap-v2
users file
test Auth-Type := MS-CHAP,
User-Password = "test"
(
test Auth-Type := MS-CHAP, NT-Password =
"$1$m8QDPK4O$.rEj97XgPB/FVHCb2BTNy0" ) also
failed
radiusd.conf
module
mschap {
# Location of the SAMBA passwd file
#
#passwd = /etc/smbpasswd
authtype = MS-CHAP
use_mppe = yes
require_encryption =
yes
require_strong = yes
require_strong = yes
}
authorize {
preprocess
mschap
suffix
files
}
authenticate {
authtype
CHAP
{
chap
}
chap
}
authtype
MS-CHAP
{
mschap
}
mschap
}
}
rad_recv: Access-Request packet from host
202.145.138.34:1645, id=201,
length=160
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0xb41e91a9541c4577966546a55c7cc157
MS-CHAP2-Response = 0x02043146e52dbbb11f22672e6d1307329d5a0000000000000000455556271c1c2b3aa7d159847e01970656a58c9a61fdefdc
NAS-Port-Type = Virtual
Cisco-NAS-Port = "Uniq-Sess-ID87"
NAS-Port = 87
Service-Type = Framed-User
NAS-IP-Address = 202.145.138.34
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 8
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authtype
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0xb41e91a9541c4577966546a55c7cc157
MS-CHAP2-Response = 0x02043146e52dbbb11f22672e6d1307329d5a0000000000000000455556271c1c2b3aa7d159847e01970656a58c9a61fdefdc
NAS-Port-Type = Virtual
Cisco-NAS-Port = "Uniq-Sess-ID87"
NAS-Port = 87
Service-Type = Framed-User
NAS-IP-Address = 202.145.138.34
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 8
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authtype
rlm_mschap: No LM/NT password configured. Check authorization.
modcall[authenticate]: module "mschap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 201 to 202.145.138.34:1645
MS-CHAP-Error = "\002E=691 R=1"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 201 with timestamp 413448bb
Nothing to do. Sleeping until we see a request.
*台灣電訊 ADSL 推出[有線+無線]超值優惠組合$4399, 讓您的寬頻也可以無"線"制, 立即上網!!http://www.ttn.com.tw/wlan
*
網域名稱申請優惠價, 請洽 http://www.ttn.net; TTN現有客戶網域名稱轉入優惠, 請洽客服中心 0800-093-636
This message (and any attachments) may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee (or a person responsible for delivering it to the addressee). If you are not the intended reciptient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please destroy the message or delete it from your system immediately and notify the sender.
本郵件(及任何附件)[EMAIL PROTECTED](或負責將資料遞交給收件人的人士)使用。如閣下不是本郵件的預定收件人,便無權閱讀、列印、保留、複製或傳佈本郵件或其任何部分。如閣下錯誤地收到本郵件,請立即將之銷毀或從閣下的系統中刪除,並通知寄件人。
<<inline: ttn1.jpg>>
