Just delete that User-Password entry from the radcheck table. Ivan Kalik Kalik Informatika ISP
Dana 20/6/2007, "Felipe Ceglia - PY1NB" <[EMAIL PROTECTED]> piše: >Hi again... > >I am now trying to authenticate a DHCPd request from a mikrotik box. >My freeradius server says that there is a problem with user's password. >How can I tell him (PAP) that this should be ok? > >Something strange that I noticed is that the calling station id got >changed from the original mac address value. Anyway, I just put this as >a calling-station id attribute on radcheck. > > >mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE >Username = '00:0B:CD:EC:63:50' ORDER BY id; >+------+-------------------+--------------------+-------------------+----+ >| id | UserName | Attribute | Value | op | >+------+-------------------+--------------------+-------------------+----+ >| 2047 | 00:0B:CD:EC:63:50 | Calling-Station-Id | 1:0:b:cd:ec:63:50 | := | >| 2050 | 00:0B:CD:EC:63:50 | User-Password | | := | >+------+-------------------+--------------------+-------------------+----+ >2 rows in set (0.00 sec) > >SELECT >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op >FROM radgroupcheck,usergroup WHERE usergroup.Username = >'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName >ORDER BY radgroupcheck.id; >Empty set (0.00 sec) > >mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE >Username = '00:0B:CD:EC:63:50' ORDER BY id; >+----+-------------------+-------------------+-----------------+----+ >| id | UserName | Attribute | Value | op | >+----+-------------------+-------------------+-----------------+----+ >| 42 | 00:0B:CD:EC:63:50 | Framed-IP-Address | 192.168.254.101 | == | >| 43 | 00:0B:CD:EC:63:50 | Framed-IP-Netmask | 255.255.255.0 | == | >+----+-------------------+-------------------+-----------------+----+ >2 rows in set (0.00 sec) > >SELECT >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op >FROM radgroupreply,usergroup WHERE usergroup.Username = >'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName >ORDER BY radgroupreply.id; >Empty set (0.00 sec) > > > > > > >Ready to process requests. >rad_recv: Access-Request packet from host 172.16.3.5:32768, id=71, >length=113 > NAS-Port-Type = Ethernet > NAS-Port = 2205155400 > Calling-Station-Id = "1:0:b:cd:ec:63:50" > Called-Station-Id = "server1" > User-Name = "00:0B:CD:EC:63:50" > User-Password = "" > NAS-Identifier = "MikroTik" > NAS-IP-Address = 172.16.3.5 > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "00:0B:CD:EC:63:50", looking up >realm NULL > rlm_realm: Found realm "NULL" > rlm_realm: Adding Stripped-User-Name = "00:0B:CD:EC:63:50" > rlm_realm: Proxying request from user 00:0B:CD:EC:63:50 to realm NULL > rlm_realm: Adding Realm = "NULL" > rlm_realm: Authentication realm is LOCAL. > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 0 > users: Matched entry DEFAULT at line 174 > modcall[authorize]: module "files" returns ok for request 0 >radius_xlat: '00:0B:CD:EC:63:50' >rlm_sql (sql): sql_set_user escaped user --> '00:0B:CD:EC:63:50' >radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE >Username = '00:0B:CD:EC:63:50' ORDER BY id' >rlm_sql (sql): Reserving sql socket id: 4 >radius_xlat: 'SELECT >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op >FROM radgroupcheck,usergroup WHERE usergroup.Username = >'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName >ORDER BY radgroupcheck.id' >radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE >Username = '00:0B:CD:EC:63:50' ORDER BY id' >radius_xlat: 'SELECT >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op >FROM radgroupreply,usergroup WHERE usergroup.Username = >'00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName >ORDER BY radgroupreply.id' >rlm_sql (sql): Released sql socket id: 4 > modcall[authorize]: module "sql" returns ok for request 0 >rlm_pap: Found existing Auth-Type, not changing it. > modcall[authorize]: module "pap" returns noop for request 0 >modcall: leaving group authorize (returns ok) for request 0 >****************************************************************************** > rad_check_password: Found Auth-Type PAP >auth: type "PAP" > Processing the authenticate section of radiusd.conf >modcall: entering group PAP for request 0 > modcall[authenticate]: module "pap" returns invalid for request 0 >modcall: leaving group PAP (returns invalid) for request 0 >****************************************************************************** >auth: Failed to validate the user. >Login incorrect (rlm_pap: empty password supplied): [00:0B:CD:EC:63:50/] >(from client mikrotik port 2205155400 cli 1:0:b:cd:ec:63:50) >rad_lowerpair: Stripped-User-Name now '00:0b:cd:ec:63:50' >rad_lowerpair: User-Password now '' >rad_rmspace_pair: Stripped-User-Name now '00:0b:cd:ec:63:50' >rad_rmspace_pair: User-Password now '' > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: Request already proxied. Ignoring. > modcall[authorize]: module "suffix" returns noop for request 0 > > > > >Thank you, > >Felipe >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html