Hello Brandon - The incoming request has “User-Password” in it, not “Cleartext-Password”.
regards Hugh > On 22 May 2018, at 09:13, Brandon Shiers <brandon.shi...@wyoming.com> wrote: > > I'm using the FreeRadius module and testing some PPPoE authentication. I > have my Mikrotik setup as a PPPoE server and it's forwarding the requests > over to RADIATOR. > > I receive the request but the password it says is null if I'm reading the > output right? I verified in the device that it DOES have the correct > password entered. Here is what's in my radcheck table for the user I'm > testing with: > > MariaDB [fiber]> select * from radcheck; > +----+-------------------+--------------------+----+--------------+ > | id | username | attribute | op | value | > +----+-------------------+--------------------+----+--------------+ > | 1 | fibertest | Cleartext-Password | := | testpassword | > > Here's the radreply table: > 12 | fibertest | Mikrotik-Rate-Limit | := | 25M/50M 0/0 0/0 0/0 8 | > | 13 | fibertest | Mikrotik-Address-List | := | permitted_users > | > | 14 | fibertest | Session-Timeout | := | 60 > > Here is the error I'm getting: > > Mon May 21 17:07:03 2018: DEBUG: Packet dump: > *** Received from 216.67.161.1 port 39338 .... > Code: Access-Request > Identifier: 141 > Authentic: <189><140><240>|Q9GI5<30><20><127>dR;<28> > Attributes: > Service-Type = Framed-User > Framed-Protocol = PPP > NAS-Port = 15734819 > NAS-Port-Type = Ethernet > User-Name = "fibertest" > Calling-Station-Id = "78:32:1B:10:78:85" > Called-Station-Id = "GPONPPPOE" > NAS-Port-Id = "VLAN4 - GPON" > User-Password = <133>2.<187><131><16>,<242>i<159><193><216>t:<163><244> > NAS-Identifier = "Riverton - Century CO MKT01" > NAS-IP-Address = 216.67.161.1 > > Mon May 21 17:07:03 2018: DEBUG: Rewrote user name to fibertest > Mon May 21 17:07:03 2018: DEBUG: Handling request with Handler > 'Client-Identifier=Fast-Fiber', Identifier '' > Mon May 21 17:07:03 2018: DEBUG: SDB-cluster Deleting session for fibertest, > 216.67.161.1, 15734819 > Mon May 21 17:07:03 2018: DEBUG: do query to > 'dbi:mysql:hostname=localhost;database=radius Connection id: 0-00000': > 'DELETE FROM radonline WHERE username='fibertest' AND > nasidentifier='216.67.161.1'': > Mon May 21 17:07:03 2018: DEBUG: Handling with Radius::AuthFREERADIUSSQL: > Fast-Fiber > Mon May 21 17:07:03 2018: DEBUG: Handling with Radius::AuthFREERADIUSSQL: > Fast-Fiber > Mon May 21 17:07:03 2018: DEBUG: Query to > 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT > id, UserName, Attribute, Value, op FROM radcheck WHERE Username=? ORDER BY > id': fibertest > Mon May 21 17:07:03 2018: DEBUG: Got user check row: 1 fibertest > Cleartext-Password testpassword := > Mon May 21 17:07:03 2018: DEBUG: Query to > 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT > id, UserName, Attribute, Value, op FROM radreply WHERE Username = ? ORDER BY > id': fibertest > Mon May 21 17:07:03 2018: DEBUG: Got user reply row: 12 fibertest > Mikrotik-Rate-Limit 25M/50M 0/0 0/0 0/0 8 := > Mon May 21 17:07:03 2018: DEBUG: Got user reply row: 13 fibertest > Mikrotik-Address-List permitted_users := > Mon May 21 17:07:03 2018: DEBUG: Got user reply row: 14 fibertest > Session-Timeout 60 := > Mon May 21 17:07:03 2018: DEBUG: Query to > 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op > FROM radgroupcheck,radusergroup WHERE radusergroup.Username = ? AND > radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id': > fibertest > Mon May 21 17:07:03 2018: DEBUG: Query to > 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op > FROM radgroupreply,radusergroup WHERE radusergroup.Username = ? AND > radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id': > fibertest > Mon May 21 17:07:03 2018: DEBUG: Radius::AuthFREERADIUSSQL looks for match > with fibertest [fibertest] > Mon May 21 17:07:03 2018: DEBUG: Radius::AuthFREERADIUSSQL REJECT: Check item > Cleartext-Password expression 'testpassword' does not match '' in request: > fibertest [fibertest] > Mon May 21 17:07:03 2018: DEBUG: AuthBy FREERADIUSSQL result: REJECT, Check > item Cleartext-Password expression 'testpassword' does not match '' in request > Mon May 21 17:07:03 2018: INFO: Access rejected for fibertest: Check item > Cleartext-Password expression 'testpassword' does not match '' in request > Mon May 21 17:07:03 2018: DEBUG: Packet dump: > *** Sending to 216.67.161.1 port 39338 .... > Code: Access-Reject > Identifier: 141 > Authentic: <139><233><17><215>6<31><183>d$d<138><135>T<242>~<234> > Attributes: > Reply-Message = "Request Denied" > > I'm sure I'm missing something but I can't see it. Is it since I have the op > infront of value in the DB I need to do a custom SQL statement? I'm using > the default FreeRadius module stuff: > <Handler Client-Identifier=Fast-Fiber> > <AuthBy FREERADIUSSQL> > Identifier Fast-Fiber > DBSource dbi:mysql:hostname=localhost;database=fiber > DBUsername foo > DBAuth bar > FailureBackoffTime 5 > NoDefault > Timeout 10 > </AuthBy> > </Handler> > > This was working with a non-PPPoE setup (just using the MKT to authenticate > DHCP requests when a MAC address was coming in as the username). > > I'd appreciate any feedback. Like I said I'm sure it's something simple I'm > missing :) > _______________________________________________ > radiator mailing list > radiator@lists.open.com.au > http://lists.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator
