Hi,
I'm having trouble with VPN PPTP authenticating against FreeRADIUS (on my
CentOS box). Captive portal can auth without any problem, but PPTP can't.
The most strange problem is that I can get the message "[ldap] user fmathias
authorized to use remote access" but
Here is the log (radiusd -X) for VPN PPTP :
rad_recv: Access-Request packet from host 192.168.7.1 port 63382, id=143,
length=180
NAS-Identifier = "yodabsd.lbhc.hcancer.org.br"
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "192.168.7.245"
User-Name = "fmathias"
MS-CHAP-Challenge = 0xbb1e68ab43c46412f36d67f0ff7e2eb4
MS-CHAP2-Response =
0x010059f048b4dcc6c99209889fca8aa57aa200000000000000007c3502916638a4c48443fae4787081db8e5db21d2bee874e
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.7.1/auth-detail-20100119
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.7.1/auth-detail-20100119
[auth_log] expand: %t -> Tue Jan 19 10:38:31 2010
++[auth_log] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "fmathias", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[ldap] performing user authorization for fmathias
[ldap] expand: %{Stripped-User-Name} ->
[ldap] expand: %{User-Name} -> fmathias
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=fmathias)
[ldap] expand: ou=Users,dc=lbhc,dc=hcancer,dc=com,dc=br ->
ou=Users,dc=lbhc,dc=hcancer,dc=com,dc=br
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.lbhc.hcancer.org.br:389, authentication 0
rlm_ldap: bind as / to ldap.lbhc.hcancer.org.br:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=Users,dc=lbhc,dc=hcancer,dc=com,dc=br,
with filter (uid=fmathias)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user fmathias authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for fmathias with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> fmathias
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 143 to 192.168.7.1 port 63382
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.7.1 port 63382, id=143,
length=180
Sending duplicate reply to client yodabsd port 63382 - ID: 143
Sending Access-Reject of id 143 to 192.168.7.1 port 63382
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.7.1 port 63382, id=143,
length=180
Sending duplicate reply to client yodabsd port 63382 - ID: 143
Sending Access-Reject of id 143 to 192.168.7.1 port 63382
Waking up in 4.9 seconds.
Any issue ?
Thanks in advance
