> > I posted an idea and you decided not to reply to my questions ! > > I suspect that your VPN server doesn't know Microsoft Radius > attributes and refuses to send them to the radius server. I've tested > a bad setup (lack of Microsoft radius dictionary), and I get the same > radiusd -X debug log: no MS-CHAP Challenge in the request... I've ensured thet /etc/radiusclient/ and /etc/raddb have the same dictionary. (dictionary and dictionary.microsoft,.) > > I asked "have you checked possible error messages in /var/log/messages > " on the vpn server ? > To be more specific, look for the following lines in you log file: > " rc_avpair_new: unknown attribute" > No such error messages appear on my Radius Server. I had them once when I tried to change the dictionary to the one in /usr/share/freeradius, but I imported the official dictionary.microsoft one and they went away. > If you see such lines it might be that your radiusclient library (used > by the PPPd plugin on your VPN server) doesn't understand the > Microsoft attributes (for instance the MS-CHAP Challenge). Thus, the > PPPd radius plugin doesn't send these attributes that are required for > Freeradius to do MS-CHAP authentication. > > Could you really check that your dictionnary file on the VPN server > side contains a line like: > INCLUDE /usr/share/radiusclient-ng/dictionary.microsoft > > and check the content of this file... > > HTH, > Thibault
I found A possible culprit. Jan 13 16:54:41 kurama pppd[11364]: rc_avpair_new: unknown attribute 11 Jan 13 16:54:41 kurama pppd[11364]: rc_avpair_new: unknown attribute 25 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
