Re: mschapv2 and users file
Alan DeKok already hit it head on, I had an old version of the radius dictionary hanging around. -v doesn't list the version of the modules or dictionary file unfortunately. Swapped in the new one and it works Ryan On 6/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, > I'm having the same problem on 1.1.6, but when I try the cobb > Cleartext-Password := "secret" as below, i get this when starting... > > /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown > attribute "Cleartext-password" > Errors reading /etc/raddb-test/users > radiusd.conf[1052]: files: Module instantiation failed. > radiusd.conf[1654] Unknown module "files". > radiusd.conf[1589] Failed to parse authorize section. output of `radiusd -v` please alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mschapv2 and users file
Alan, I believe you that is can work - I just want to know how to configure it so it does :-) Here is the output: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var/lib" main: logdir = "/var/lib/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/lib/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/lib/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms listen: port = 1645 listen: type = "auth" radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/lib/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = yes Module: Instantiated realm (suffix) realm: format = "prefix" realm: delimiter = "\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (ntdomain) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/lib/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/lib/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on authentication *:1645 Listening on proxy *:1814 Ready to process
Re: mschapv2 and users file
Hi, > I'm having the same problem on 1.1.6, but when I try the cobb > Cleartext-Password := "secret" as below, i get this when starting... > > /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown > attribute "Cleartext-password" > Errors reading /etc/raddb-test/users > radiusd.conf[1052]: files: Module instantiation failed. > radiusd.conf[1654] Unknown module "files". > radiusd.conf[1589] Failed to parse authorize section. output of `radiusd -v` please alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
Ryan Kramer wrote: > I'm having the same problem on 1.1.6, but when I try the cobb > Cleartext-Password := "secret" as below, i get this when starting... > > /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown > attribute "Cleartext-password" You're not using the dictionaries that came with 1.1.6. See raddb/dictionary. Point it to the location of the 1.1.6 dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
I'm having the same problem on 1.1.6, but when I try the cobb Cleartext-Password := "secret" as below, i get this when starting... /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown attribute "Cleartext-password" Errors reading /etc/raddb-test/users radiusd.conf[1052]: files: Module instantiation failed. radiusd.conf[1654] Unknown module "files". radiusd.conf[1589] Failed to parse authorize section. On 6/20/07, Alan DeKok <[EMAIL PROTECTED]> wrote: Matt Cobb wrote: > Tried: > > cobb Cleartext-Password:="secret" > > same result: Please post the ENTIRE debug output. Trust me, MS-CHAP works in the server. Put that entry at the TOP of the "users" file, and it should work. Odds are you put it in the middle of the "users" file, and there's an earlier entry which means that the "cobb" entry is never used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mschapv2 and users file
Can you post the whole conversation from the request. From this snip it looks like your realm isn't stripped. Try using [EMAIL PROTECTED] as username in users file instead of cobb. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: >Tried: > > cobb Cleartext-Password:="secret" > >same result: > > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 0 > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL >PROTECTED] >Sent: Wednesday, June 20, 2007 1:47 AM >To: FreeRadius users mailing list >Subject: Re: mschapv2 and users file > >Use Cleartext-Password and operator := > >That listing seems to be from the attempt with NT-Password. That entry >should also use := as the operator. > >Ivan Kalik >Kalik Informatika ISP > > >Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: > >>I have freeradius 1.1.4 setup as a proxy to an upstream radius server >>which works. I also want to put guests in a local users file and use >>MSCHAPV2 on them, but didn't get it to work. I was able to get PAP and >>CHAP working. Here is the MSCHAPV2 configuration I tried: >> >> >> >>users file: >> >>cobb User-Password=="secret" >> >> >>How do I configure MSCHAPv2 to a local users file? >> >> >> > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
Matt Cobb wrote: > Tried: > > cobb Cleartext-Password:="secret" > > same result: Please post the ENTIRE debug output. Trust me, MS-CHAP works in the server. Put that entry at the TOP of the "users" file, and it should work. Odds are you put it in the middle of the "users" file, and there's an earlier entry which means that the "cobb" entry is never used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mschapv2 and users file
Tried: cobb Cleartext-Password:="secret" same result: rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 20, 2007 1:47 AM To: FreeRadius users mailing list Subject: Re: mschapv2 and users file Use Cleartext-Password and operator := That listing seems to be from the attempt with NT-Password. That entry should also use := as the operator. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: >I have freeradius 1.1.4 setup as a proxy to an upstream radius server >which works. I also want to put guests in a local users file and use >MSCHAPV2 on them, but didn't get it to work. I was able to get PAP and >CHAP working. Here is the MSCHAPV2 configuration I tried: > > > >users file: > >cobb User-Password=="secret" > > >How do I configure MSCHAPv2 to a local users file? > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
Use Cleartext-Password and operator := That listing seems to be from the attempt with NT-Password. That entry should also use := as the operator. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: >I have freeradius 1.1.4 setup as a proxy to an upstream radius server >which works. I also want to put guests in a local users file and use >MSCHAPV2 on them, but didn't get it to work. I was able to get PAP and >CHAP working. Here is the MSCHAPV2 configuration I tried: > > > >users file: > >cobb User-Password=="secret" > > >How do I configure MSCHAPv2 to a local users file? > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html