Re: mschapv2 and users file
Alan DeKok already hit it head on, I had an old version of the radius dictionary hanging around. -v doesn't list the version of the modules or dictionary file unfortunately. Swapped in the new one and it works Ryan On 6/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, > I'm having the same problem on 1.1.6, but when I try the cobb > Cleartext-Password := "secret" as below, i get this when starting... > > /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown > attribute "Cleartext-password" > Errors reading /etc/raddb-test/users > radiusd.conf[1052]: files: Module instantiation failed. > radiusd.conf[1654] Unknown module "files". > radiusd.conf[1589] Failed to parse authorize section. output of `radiusd -v` please alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mschapv2 and users file
Alan,
I believe you that is can work - I just want to know how to configure it
so it does :-)
Here is the output:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var/lib"
main: logdir = "/var/lib/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/lib/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/lib/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
listen: port = 1645
listen: type = "auth"
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = no
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/lib/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = yes
Module: Instantiated realm (suffix)
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (ntdomain)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/lib/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/lib/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on authentication *:1645
Listening on proxy *:1814
Ready to process
Re: mschapv2 and users file
Hi, > I'm having the same problem on 1.1.6, but when I try the cobb > Cleartext-Password := "secret" as below, i get this when starting... > > /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown > attribute "Cleartext-password" > Errors reading /etc/raddb-test/users > radiusd.conf[1052]: files: Module instantiation failed. > radiusd.conf[1654] Unknown module "files". > radiusd.conf[1589] Failed to parse authorize section. output of `radiusd -v` please alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
Ryan Kramer wrote: > I'm having the same problem on 1.1.6, but when I try the cobb > Cleartext-Password := "secret" as below, i get this when starting... > > /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown > attribute "Cleartext-password" You're not using the dictionaries that came with 1.1.6. See raddb/dictionary. Point it to the location of the 1.1.6 dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
I'm having the same problem on 1.1.6, but when I try the cobb Cleartext-Password := "secret" as below, i get this when starting... /etc/raddb-test/users[1]: Parse error (check) for entry test: Unknown attribute "Cleartext-password" Errors reading /etc/raddb-test/users radiusd.conf[1052]: files: Module instantiation failed. radiusd.conf[1654] Unknown module "files". radiusd.conf[1589] Failed to parse authorize section. On 6/20/07, Alan DeKok <[EMAIL PROTECTED]> wrote: Matt Cobb wrote: > Tried: > > cobb Cleartext-Password:="secret" > > same result: Please post the ENTIRE debug output. Trust me, MS-CHAP works in the server. Put that entry at the TOP of the "users" file, and it should work. Odds are you put it in the middle of the "users" file, and there's an earlier entry which means that the "cobb" entry is never used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mschapv2 and users file
Can you post the whole conversation from the request. From this snip it looks like your realm isn't stripped. Try using [EMAIL PROTECTED] as username in users file instead of cobb. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: >Tried: > > cobb Cleartext-Password:="secret" > >same result: > > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect > modcall[authenticate]: module "mschap" returns reject for request 0 > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL >PROTECTED] >Sent: Wednesday, June 20, 2007 1:47 AM >To: FreeRadius users mailing list >Subject: Re: mschapv2 and users file > >Use Cleartext-Password and operator := > >That listing seems to be from the attempt with NT-Password. That entry >should also use := as the operator. > >Ivan Kalik >Kalik Informatika ISP > > >Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: > >>I have freeradius 1.1.4 setup as a proxy to an upstream radius server >>which works. I also want to put guests in a local users file and use >>MSCHAPV2 on them, but didn't get it to work. I was able to get PAP and >>CHAP working. Here is the MSCHAPV2 configuration I tried: >> >> >> >>users file: >> >>cobb User-Password=="secret" >> >> >>How do I configure MSCHAPv2 to a local users file? >> >> >> > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
Matt Cobb wrote: > Tried: > > cobb Cleartext-Password:="secret" > > same result: Please post the ENTIRE debug output. Trust me, MS-CHAP works in the server. Put that entry at the TOP of the "users" file, and it should work. Odds are you put it in the middle of the "users" file, and there's an earlier entry which means that the "cobb" entry is never used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mschapv2 and users file
Tried: cobb Cleartext-Password:="secret" same result: rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 20, 2007 1:47 AM To: FreeRadius users mailing list Subject: Re: mschapv2 and users file Use Cleartext-Password and operator := That listing seems to be from the attempt with NT-Password. That entry should also use := as the operator. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: >I have freeradius 1.1.4 setup as a proxy to an upstream radius server >which works. I also want to put guests in a local users file and use >MSCHAPV2 on them, but didn't get it to work. I was able to get PAP and >CHAP working. Here is the MSCHAPV2 configuration I tried: > > > >users file: > >cobb User-Password=="secret" > > >How do I configure MSCHAPv2 to a local users file? > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschapv2 and users file
Use Cleartext-Password and operator := That listing seems to be from the attempt with NT-Password. That entry should also use := as the operator. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, "Matt Cobb" <[EMAIL PROTECTED]> piše: >I have freeradius 1.1.4 setup as a proxy to an upstream radius server >which works. I also want to put guests in a local users file and use >MSCHAPV2 on them, but didn't get it to work. I was able to get PAP and >CHAP working. Here is the MSCHAPV2 configuration I tried: > > > >users file: > >cobb User-Password=="secret" > > >How do I configure MSCHAPv2 to a local users file? > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
