You have obviously done some work on breaking the server configuration.
Put mschap{} section back the way it was (with ntlm_auth line commented
out). You don't need *any* changes to the default configuration if you
are using users file. Put this in users file:root Clertext-Password := "rootpassword" Radtest will work and so will mschap (VPN). Ivan Kalik Kalik Informatika ISP Dana 16/10/2007, "hadi golestani" <[EMAIL PROTECTED]> piše: >I've change it to /usr/bin/ntlm_auth ( found from locate ntlm ) >but still same error. >What I must add to users file to test my radius from radtest or vpn client? > >sorry for bothering I'm too newbie. > >On 10/16/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> >> Well path to ntlm_auth obviously isn't /path/to/ntlm_auth. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> Dana 16/10/2007, "hadi golestani" <[EMAIL PROTECTED]> pi�e: >> >> >hi, >> >I've installed poptop and freeradius well and both are working, >> >but when I try to connect from a vpn connection or even radtest some >> error >> >occured. >> >what I need to add to users.conf for a simple radtest connection or a vpn >> >client? >> > >> >it's the output of debug mode for vpn client, some thing like this has >> been >> >printed for radtest also: >> > >> > >> >rad_recv: Access-Request packet from host 127.0.0.1:32770, id=30, >> length=132 >> > >> > Service-Type = Framed-User >> > Framed-Protocol = PPP >> > User-Name = "root" >> > MS-CHAP-Challenge = 0x4d1a9b1028ef83957754c83ce0f55e01 >> > MS-CHAP2-Response = >> >> >0x9e000d1394f73d58cc731cd6cf58de7cb74f00000000000000008c6daec89825fb28b90bb60b737fb683a4a80f6252935547 >> > >> > NAS-IP-Address = 127.0.0.1 >> > NAS-Port = 0 >> > Processing the authorize section of radiusd.conf >> >modcall: entering group authorize for request 11 >> > modcall[authorize]: module "preprocess" returns ok for request 11 >> > modcall[authorize]: module "chap" returns noop for request 11 >> > rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' >> > modcall[authorize]: module "mschap" returns ok for request 11 >> > rlm_realm: No '@' in User-Name = "root", looking up realm NULL >> > rlm_realm: No such realm "NULL" >> > modcall[authorize]: module "suffix" returns noop for request 11 >> > rlm_eap: No EAP-Message, not doing EAP >> > modcall[authorize]: module "eap" returns noop for request 11 >> > users: Matched entry DEFAULT at line 152 >> > users: Matched entry DEFAULT at line 171 >> > users: Matched entry DEFAULT at line 183 >> > modcall[authorize]: module "files" returns ok for request 11 >> >modcall: leaving group authorize (returns ok) for request 11 >> > rad_check_password: Found Auth-Type MS-CHAP >> >auth: type "MS-CHAP" >> > Processing the authenticate section of radiusd.conf >> >modcall: entering group MS-CHAP for request 11 >> > rlm_mschap: No User-Password configured. Cannot create LM-Password. >> > rlm_mschap: No User-Password configured. Cannot create NT-Password. >> > rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password >> >radius_xlat: Running registered xlat function of module mschap for string >> >'Challenge' >> > mschap2: 4d >> >radius_xlat: Running registered xlat function of module mschap for string >> >'NT-Response' >> >radius_xlat: '/path/to/ntlm_auth --request-nt-key --username=root >> >--challenge=f1090a99b916ef69 >> >--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547' >> >Exec-Program: /path/to/ntlm_auth --request-nt-key --username=root >> >--challenge=f1090a99b916ef69 >> >--nt-response=8c6daec89825fb28b90bb60b737fb683a4a80f6252935547 >> >Exec-Program output: Exec-Program: FAILED to execute /path/to/ntlm_auth: >> No >> >such file or directory >> >Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute >> >/path/to/ntlm_auth: No such file or directory >> >Exec-Program: returned: 1 >> > rlm_mschap: External script failed. >> > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect >> > modcall[authenticate]: module "mschap" returns reject for request 11 >> >modcall: leaving group MS-CHAP (returns reject) for request 11 >> >auth: Failed to validate the user. >> >Delaying request 11 for 1 seconds >> >Finished request 11 >> >Going to the next request >> >--- Walking the entire request list --- >> >Waking up in 1 seconds... >> >--- Walking the entire request list --- >> >Waking up in 1 seconds... >> >--- Walking the entire request list --- >> >Sending Access-Reject of id 30 to 127.0.0.1 port 32770 >> >Waking up in 4 seconds... >> >--- Walking the entire request list --- >> >Cleaning up request 11 ID 30 with timestamp 47152198 >> >Nothing to do. Sleeping until we see a request. >> > >> > >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
