help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] another list of questions

From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] another list of questions
Date: Fri, 20 Jul 2001 10:38:08 +0300 
> First thing that confuses me is why I can't test with radtest when I =
> have for source-ip specified my real IP address (I get authentication =
> failed) and I can see from log files that radius do not query mysql =
> server. If I'm going through the NAS (using telnet) I can log in without =
> problems.

It seems to be a radtest misconfiguration issue. Radtest gets the IP
address of the server or servers to query from its configuration file
<sysconfdir>/raddb/radctl.rc. By default it is configured to query
server 127.0.0.1, that's why when you are using your real IP address
radtest is unable to connect to the server. To fix it, just put
your real IP address instead of "localhost" in radctl.rc.

> Second thing is: I have read somewhere on the web that when you are =
> loging thru CHAP you have to had your user password in plain text. Is =
> that correct?

Yes, it is. Your server then has to keep your password in plaintext.

> I had tried to log from win98 workstation using CHAP and PPP but was =
> refused with check you passwords message. In detail.auth file I can see =
> the attribute CHAP-Password crypted. And in my radius.log file I get =

Detail.auth lists attributes received, and all passwords travel
through the network encrypted, no matter what the authentication type.

> following line:
> 
> Jul 19 15:52:15: Auth: Login incorrect: [test/]: CLID unknown (from nas =
> dial)
> 
> Is there anything more to be configured to use CHAP authentication?

Actually, no. The only thing to note is that since CHAP passwords
should be stored in plaintext, the only way to configure this type
of authentication is to use raddb/users file. SQL database can't be
used, since it keeps only encrypted passwords. The CHAP user entry
looks like:

username Auth-Type = Local,
                   Password = "guessme"
         Service-Type = Framed-User,
                   Framed-Protocol = PPP

> Ok, that's it for now. Maybe I'll be back later with more questions 

You're welcome :^)

Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]