Hi all, I've installed freeradius 1.1.6 on Fedora core 2 (kernel 2.6.5-1.358) (I can't upgrade please don't go there). I did a basic configure/make/make install.
The only changes to the default configuration is adding an entry to the clients.conf file to allow requests from the Cisco VPN gateway. So far as I can tell CHAP and CHAPv2 should work straight out of the box (as per this page http://deployingradius.com/documents/configuration/auth_type.html). I've tried to authenticate using a local /etc/passwd user, and I get the output posted below. Is the default configuration enough for it to consult the /etc/passwd files (I thought that is what "DEFAULT Auth-Type = System" did?) or is there something else I need to add. Can CHAP (or CHAPv2) use /etc/passwd? I'm a little confused about the differences and I'm sure thats not helping :) I'd really rather not list the users individually in the users file, I'd like there to still only be one place to add users, so I'd like to use /etc/passwd file only. I apologise if there is documentation listed on this, I really feel that I've searched everywhere I can and no one seems to give real details. Thanks, rad_recv: Access-Request packet from host 192.168.100.254:1645, id=45, length=152 Framed-Protocol = PPP User-Name = "denvertech" MS-CHAP-Challenge = 0x79c27ab491824ce5 MS-CHAP-Response = 0x010100000000000000000000000000000000000000000000000033f6aa08b02f18fa3e3013072a8f8f171469f179b7b7434b NAS-Port-Type = Virtual NAS-Port = 33 NAS-Port-Id = "Uniq-Sess-ID33" Service-Type = Framed-User NAS-IP-Address = 192.168.100.254 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' modcall[authorize]: module "mschap" returns ok for request 2 rlm_realm: No '@' in User-Name = "denvertech", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 2 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 users: Matched entry DEFAULT at line 184 modcall[authorize]: module "files" returns ok for request 2 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 2 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv1 with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: MS-CHAP-Response is incorrect. modcall[authenticate]: module "mschap" returns reject for request 2 modcall: leaving group MS-CHAP (returns reject) for request 2 auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 45 to 192.168.100.254 port 1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 45 with timestamp 46c3b8db Nothing to do. Sleeping until we see a request. -- Kelly Ormsby Senior Unix Systems Administrator Email: [EMAIL PROTECTED] Mobile: 0417 910 801
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
