Hi again,
I'm coming back with this problem.
When I change "User-Password" for "Cleartext-Password", my NAS can't
connect with the Radius because NAS is sendig in CHAP mode
rad_recv: Access-Request packet from host 192.168.1.39 port 2050, id=0,
length=228
User-Name = "[email protected]"
CHAP-Challenge = 0x53a8429597c9b905cbab17b209bf294
CHAP-Password = 0x005fe19cab42985d294e73e48156dd4ce0
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.10.2
Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
Called-Station-Id = "xx-xx-xx-xx-xx-xx"
NAS-Identifier = "nas01"
Acct-Session-Id = "4900b86200000000"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Message-Authenticator = 0x9a651id7eab7ded29008bf6c18244954
WISPr-Logoff-URL = "http://192.168.10.1:3990/logoff";
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[sql] expand: %{User-Name} -> [email protected]
[sql] sql_set_user escaped user --> '[email protected]'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '[email protected]' ORDER BY id
[sql] User found in radcheck table
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
[chap] login attempt by "[email protected]" with CHAP password
[chap] Using clear text password "pass" for user [email protected]
authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_chap: Wrong user password):
[[email protected]/<CHAP-Password>] (from client malditonas port 0 cli
xx-xx-xx-xx-xx-xx)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> [email protected]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 192.168.1.39 port 2050
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +1313
Ready to process requests.
When I set "User-Password" in the data base, again, I can connect but
with the "mistake":
Found Auth-Type = CHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group CHAP {...}
[chap] login attempt by "[email protected]" with CHAP password
[chap] Using clear text password "pass" for user be...@hostcom
authentication.
[chap] chap user [email protected] authenticated succesfully
++[chap] returns ok
It is really wrong????
Besides, this could be affecting to my SQL query in radgroupreply?
I remember my dicctionary doesn't send attributes to the NAS and query
about radgroupreply is being ignored
Thanks
[email protected] escribió:
On the other hand, I don't know how I can fix this fail and why is produced
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
Because you should be using Cleartext-Password in user entry.
http://wiki.freeradius.org/SQL_HOWTO#Populating_SQL
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
