with Cleartext-password or User-Password I have the same error. radius -x and my configs for chap are here. I searched a lot and test it but not found why it can't find clear text password. Should I add other thing? or change another file? It worked for pap and I added : in users :
DEFAULT Client-IP-Address == 10.10.10.2 , Auth-Type := Vpn, Autz-Type := Vpn, Post-Auth-Type := Vpn, Session-type := Vpn in radius.conf: ldap ldap-Vpn{ .... password_attribute = userPassword password_header = "{clear}" } authorize { chap Autz-Type Vpn{ ldap-Vpn chap } } authenticate { Auth-Type CHAP { chap } Auth-Type Vpn{ chap } } radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded LDAP rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Dial-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Dial rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x90f2d90 Module: Instantiated ldap (ldap-Vpn) Module: Loaded always Module: Instantiated always (ok) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded detail Module: Instantiated detail (auth_log) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL Counter Module: Instantiated sqlcounter (monthly-Vpn) rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Creating new attribute ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_groupcmp for ldap-Vpn-Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap-Vpn rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x90fa4c8 Module: Instantiated ldap (ldap-Vpn) Module: Instantiated sqlcounter (monthly-Vpn) Module: Loaded files Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Instantiated detail (detail) Module: Loaded SQL rlm_sql (sql-Vpn): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql-Vpn): Attempting to connect to rad...@localhost:/vpnradius rlm_sql (sql-Vpn): starting 0 rlm_sql (sql-Vpn): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql-Vpn): Connected new DB handle, #0 rlm_sql (sql-Vpn): starting 1 rlm_sql (sql-Vpn): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql-Vpn): Connected new DB handle, #1 rlm_sql (sql-Vpn): starting 2 rlm_sql (sql-Vpn): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql-Vpn): Connected new DB handle, #2 rlm_sql (sql-Vpn): starting 3 rlm_sql (sql-Vpn): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql-Vpn): Connected new DB handle, #3 rlm_sql (sql-Vpn): starting 4 rlm_sql (sql-Vpn): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql-Vpn): Connected new DB handle, #4 Module: Instantiated sql (sql-Vpn) Module: Instantiated detail (reply_log) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.10.10.2:1866, id=78, length=246 Acct-Session-Id = "120" NAS-IP-Address = 10.10.10.2 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 128 MS-RAS-Vendor = 311 MS-RAS-Version = "MSRASV5.20" NAS-Port-Type = Virtual Tunnel-Type:0 = PPTP Tunnel-Medium-Type:0 = IP Calling-Station-Id = "10.10.10.24" Tunnel-Client-Endpoint:0 = "10.10.10.24" Microsoft-Attr-35 = 0x4d5352415356352e3130 Microsoft-Attr-34 = 0x4d535241532d302d4955542d3834433132343936333646 User-Name = "test" CHAP-Challenge = 0x45c8e77e0465ea843dc5b419ccb3ca01 CHAP-Password = 0x008a7f35b2a09df3aa79b659a9909ca15f Message-Authenticator = 0x540b9a3a9a929db1621fd2cb4fa1b2cc rlm_chap: Setting 'Auth-Type := CHAP' rlm_ldap: - authorize rlm_ldap: performing user authorization for test rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to 10.10.10.27:389, authentication 0 rlm_ldap: bind as / to 10.10.10.27:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: checking if remote access for test is allowed by vpnAccess rlm_ldap: Adding radiusSimultaneousUse as Simultaneous-Use, value 1 & op=21 rlm_ldap: extracted attribute Max-Monthly-Session from generic item Max-Monthly-Session := 0 rlm_ldap: Adding radiusIdleTimeout as Idle-Timeout, value 1200 & op=11 rlm_ldap: extracted attribute Acct-Interim-Interval from generic item Acct-Interim-Interval := 300 rlm_ldap: Adding radiusSimultaneousUse as Simultaneous-Use, value 1 & op=21 rlm_ldap: extracted attribute Max-Monthly-Session from generic item Max-Monthly-Session := 1080000 rlm_ldap: Adding radiusIdleTimeout as Idle-Timeout, value 1200 & op=11 rlm_ldap: extracted attribute Acct-Interim-Interval from generic item Acct-Interim-Interval := 300 rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusSessionTimeout as Session-Timeout, value 10 & op=11 rlm_ldap: user test authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 rlm_chap: login attempt by "test" with CHAP password rlm_chap: Could not find clear text password for user test Login incorrect (rlm_chap: Clear text password not available): [test] (from client vpntist port 128 cli 10.10.10.24) I saw the problem in faq but I didn't find what is my mistake. The config is: --- On Wed, 2/24/10, Alan Buxey <a.l.m.bu...@lboro.ac.uk> wrote: From: Alan Buxey <a.l.m.bu...@lboro.ac.uk> Subject: Re: rlm-ldap error for chap To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Wednesday, February 24, 2010, 7:45 PM Hi, > Now to make matters a touch bit more complicated FreeRADIUS changed how > it accessed the clear text password in its set of attributes. In older > versions of FreeRADIUS it was known as User-Password, but that produced > an unfortunate ambiguity and it was later modified to be > Cleartext-Password, I'm sorry but I don't remember the version this was > modified in. version 1.1.4 brought this into play. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html