On 01/12/2011 22:41, Piotr wrote:
This is debug from l2tp/ipsec connection:
CHAP-Password = 0x01972f0886c4e5e2f30e32053dbcf67504
[chap] login attempt by "tom3" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Login incorrect (rlm_chap: Clear text password not available):
and here is debug from working connection for sslvpn:
User-Password = "bd8d9a"
[MOTP] expand: %{User-Password} -> bd8d9a
Exec-Program: returned: 0
++[MOTP] returns ok
Login OK: [tom3/bd8d9a] (from client ciscoasa port 5353472 cli
9.72.8.13)
If you want FR to handle the CHAP for you:
> [chap] Cleartext-Password is required for authentication
If FR doesn't know the correct password, you can't expect it to do CHAP.
Change things so FR knows the password, or do plain text authn as per your
first scenario.
-James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
