We are using FreeRADIUS Version 0.9.3 (I know - it's old). We are authenticating users on a network of wireless access controllers and are trying to integrate a new type of access controller. This controller can only authenticate using PAP (I know - it's old and unsecure). We use MySQL for the user database. We have built a custom application to manage user passwords. If an authentication attempt is not successful (no user account, expired password, invalid password) then FreeRADIUS sends a proxy request to the customer application to deal with the situation.
When we use PAP, FreeRADIUS is sending proxy requests to the custom application in the case of: User not in the MySQL database User is in the MySQL database but the password has expired The problem is that it is not (or at least does not appear to be) sending a proxy request in the case of: User is in the MySQL database, there is a non-expired password but the submitted password is incorrect. We have very detailed logging on the custom application starting with the reception of a message on the port - here is a sample: [10/08/29 16:26:54:567]C[PortThread ]Received message on UDP port 15000. However, in problem case we don't see anything - so it seems to me that FreeRADIUS is not proxying this authentication request to the custom application. I have searched radius.conf and proxy.conf for some setting that would manage this without luck. Also it is important to note that this problem does not occur when we are using MS-CHAPV2 which we do with other controllers we have integrated with - it seems to be associated with PAP. Also - in case you were wondering users can authenticate if they have a valid user name and password. Any suggestions would be appreciated. Regards, John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
