Re: Frreradius PAP and CHAP
by the book (if you have the latest server version): John Cleartext-Password := hello No Auth-Type. Cleartext password attribute will work with ANY auth method. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, hao chen [EMAIL PROTECTED] piše: Hi, I tryed as you said. But it seems I still miss something. $cat /usr/local/etc/raddb/users . JohnAuth-Type := CHAP, CHAP-Password == hello ... $ cat request.txt User-Name = John CHAP-Password = hello $radiusd -X .. call_modsingle: chap rlm_chap: login attempt by John with CHAP password ?č°??1?kWĺ°č? rlm_chap: Could not find clear text password for user John modcall[authenticate]: module chap returns invalid .. Any suggestion?Thank you. --chenhao 2007/6/20, Jian Wang [EMAIL PROTECTED]: On 6/20/07, hao chen [EMAIL PROTECTED] wrote: Hi,Ivan I want to know how to test CHAP with radclient(I have no NAS). Could you give me a example of the radclient configure file? Thank you. -chenhao $ cat request.txt User-Name = foo CHAP-Password = bar $ radclient -sx -f request.txt radius server auth shared secret Sending Access-Request of id 116 to 192.168.3.38:1812 User-Name = foo CHAP-Password = 0x74f42a8e4b2b3f0505ad6ed22ba980a20e rad_recv: Access-Accept packet from host 192.168.3.38:1812, id=116, length=20 Total approved auths: 1 Total denied auths: 0 Total lost auths: 0 $ 2007/6/20, [EMAIL PROTECTED] [EMAIL PROTECTED]: No, not with radtest. You can use radclient, which has much more ability, but is also more complicated. Use, for instance, XP dialup connection. In connection properties click on Security tab, Advanced radio button and then Settings button. By default all protocols are ticked. Leave only CHAP ticked and exit with OK. Once you are done with testing remember to go back and add protocols back. WARNING: This will work only if the NAS you are connecting through also supports CHAP authentication. If it doesn't, XP client with only CHAP enabled won't be able to connect. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piĹĄe: thanks, Is there a way to test CHAP? could we test that with radtest? 2007/6/19, [EMAIL PROTECTED] [EMAIL PROTECTED]: Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] pi e: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6 /src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf [1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Frreradius PAP and CHAP
Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6/src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf[1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piše: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6/src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf[1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
thanks, Is there a way to test CHAP? could we test that with radtest? 2007/6/19, [EMAIL PROTECTED] [EMAIL PROTECTED]: Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piše: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6 /src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf[1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
No, not with radtest. You can use radclient, which has much more ability, but is also more complicated. Use, for instance, XP dialup connection. In connection properties click on Security tab, Advanced radio button and then Settings button. By default all protocols are ticked. Leave only CHAP ticked and exit with OK. Once you are done with testing remember to go back and add protocols back. WARNING: This will work only if the NAS you are connecting through also supports CHAP authentication. If it doesn't, XP client with only CHAP enabled won't be able to connect. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piše: thanks, Is there a way to test CHAP? could we test that with radtest? 2007/6/19, [EMAIL PROTECTED] [EMAIL PROTECTED]: Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] pie: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6 /src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf[1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
Hi,Ivan I want to know how to test CHAP with radclient(I have no NAS). Could you give me a example of the radclient configure file? Thank you. -chenhao 2007/6/20, [EMAIL PROTECTED] [EMAIL PROTECTED]: No, not with radtest. You can use radclient, which has much more ability, but is also more complicated. Use, for instance, XP dialup connection. In connection properties click on Security tab, Advanced radio button and then Settings button. By default all protocols are ticked. Leave only CHAP ticked and exit with OK. Once you are done with testing remember to go back and add protocols back. WARNING: This will work only if the NAS you are connecting through also supports CHAP authentication. If it doesn't, XP client with only CHAP enabled won't be able to connect. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piše: thanks, Is there a way to test CHAP? could we test that with radtest? 2007/6/19, [EMAIL PROTECTED] [EMAIL PROTECTED]: Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] pi e: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6 /src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf[1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
Instead of using radclient/radtest, this program BY FAR is the best way to debug a radius box... http://jradius.org/wiki/index.php/JRadiusSimulator On 6/19/07, hao chen [EMAIL PROTECTED] wrote: Hi,Ivan I want to know how to test CHAP with radclient(I have no NAS). Could you give me a example of the radclient configure file? Thank you. -chenhao 2007/6/20, [EMAIL PROTECTED] [EMAIL PROTECTED]: No, not with radtest. You can use radclient, which has much more ability, but is also more complicated. Use, for instance, XP dialup connection. In connection properties click on Security tab, Advanced radio button and then Settings button. By default all protocols are ticked. Leave only CHAP ticked and exit with OK. Once you are done with testing remember to go back and add protocols back. WARNING: This will work only if the NAS you are connecting through also supports CHAP authentication. If it doesn't, XP client with only CHAP enabled won't be able to connect. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piše: thanks, Is there a way to test CHAP? could we test that with radtest? 2007/6/19, [EMAIL PROTECTED] [EMAIL PROTECTED]: Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] pi e: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6 /src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf [1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
On 6/20/07, hao chen [EMAIL PROTECTED] wrote: Hi,Ivan I want to know how to test CHAP with radclient(I have no NAS). Could you give me a example of the radclient configure file? Thank you. -chenhao $ cat request.txt User-Name = foo CHAP-Password = bar $ radclient -sx -f request.txt radius server auth shared secret Sending Access-Request of id 116 to 192.168.3.38:1812 User-Name = foo CHAP-Password = 0x74f42a8e4b2b3f0505ad6ed22ba980a20e rad_recv: Access-Accept packet from host 192.168.3.38:1812, id=116, length=20 Total approved auths: 1 Total denied auths: 0 Total lost auths: 0 $ 2007/6/20, [EMAIL PROTECTED] [EMAIL PROTECTED]: No, not with radtest. You can use radclient, which has much more ability, but is also more complicated. Use, for instance, XP dialup connection. In connection properties click on Security tab, Advanced radio button and then Settings button. By default all protocols are ticked. Leave only CHAP ticked and exit with OK. Once you are done with testing remember to go back and add protocols back. WARNING: This will work only if the NAS you are connecting through also supports CHAP authentication. If it doesn't, XP client with only CHAP enabled won't be able to connect. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piše: thanks, Is there a way to test CHAP? could we test that with radtest? 2007/6/19, [EMAIL PROTECTED] [EMAIL PROTECTED]: Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] pi e: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6 /src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf [1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
Hi, I tryed as you said. But it seems I still miss something. $cat /usr/local/etc/raddb/users . JohnAuth-Type := CHAP, CHAP-Password == hello ... $ cat request.txt User-Name = John CHAP-Password = hello $radiusd -X .. call_modsingle: chap rlm_chap: login attempt by John with CHAP password ?谟??1?kW将芇? rlm_chap: Could not find clear text password for user John modcall[authenticate]: module chap returns invalid .. Any suggestion?Thank you. --chenhao 2007/6/20, Jian Wang [EMAIL PROTECTED]: On 6/20/07, hao chen [EMAIL PROTECTED] wrote: Hi,Ivan I want to know how to test CHAP with radclient(I have no NAS). Could you give me a example of the radclient configure file? Thank you. -chenhao $ cat request.txt User-Name = foo CHAP-Password = bar $ radclient -sx -f request.txt radius server auth shared secret Sending Access-Request of id 116 to 192.168.3.38:1812 User-Name = foo CHAP-Password = 0x74f42a8e4b2b3f0505ad6ed22ba980a20e rad_recv: Access-Accept packet from host 192.168.3.38:1812, id=116, length=20 Total approved auths: 1 Total denied auths: 0 Total lost auths: 0 $ 2007/6/20, [EMAIL PROTECTED] [EMAIL PROTECTED]: No, not with radtest. You can use radclient, which has much more ability, but is also more complicated. Use, for instance, XP dialup connection. In connection properties click on Security tab, Advanced radio button and then Settings button. By default all protocols are ticked. Leave only CHAP ticked and exit with OK. Once you are done with testing remember to go back and add protocols back. WARNING: This will work only if the NAS you are connecting through also supports CHAP authentication. If it doesn't, XP client with only CHAP enabled won't be able to connect. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] piše: thanks, Is there a way to test CHAP? could we test that with radtest? 2007/6/19, [EMAIL PROTECTED] [EMAIL PROTECTED]: Have a look at dictionary.freeradius.internal. You will find several xxx-Password attributes where xxx are supported encryption types. To test CHAP you don't need to tell Freeradius anything. Chap module is enabled by default, so it will work if you havent diabled it. What you need to do is to get the client to use CHAP - radius server will follow. Ivan Kalik Kalik Informatika ISP Dana 19/6/2007, lisa laam [EMAIL PROTECTED] pi e: Hi, I configured Freeradius to use PAP method with users file. The password is stored in clear text is stored in clear text in the user file and it works well. Now I want to use other mode of user storing with PAP method. (exemple MD5 with the user file locatedt in /freeradius-1.1.6 /src/tests/digest-auth-MD5) 1- How to tell frreeradius that the user password is stored in clear text, or digest, or MD5 hashed, etc ?? I tried to copy the content of digest-auth-MD5 in the users file and I got this errror : Errors reading /opt/freeradius/etc/raddb/users radiusd.conf[1067]: files: Module instantiation failed. radiusd.conf [1852] Unknown module files. radiusd.conf[1788] Failed to parse authorize section. I want to test also CHAP method, how to tell radius to use this method in stead of PAP? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Frreradius PAP and CHAP
On 6/20/07, hao chen [EMAIL PROTECTED] wrote: Hi, I tryed as you said. But it seems I still miss something. $cat /usr/local/etc/raddb/users . JohnAuth-Type := CHAP, CHAP-Password == hello ... Here, you should use `User-Password' other than `CHAP-Password'. $ cat request.txt User-Name = John CHAP-Password = hello $radiusd -X .. call_modsingle: chap rlm_chap: login attempt by John with CHAP password ?谟??1?kW将芇? rlm_chap: Could not find clear text password for user John modcall[authenticate]: module chap returns invalid .. Any suggestion?Thank you. --chenhao - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html