help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Authentication failure Problem

From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] Authentication failure Problem
Date: Mon, 31 Mar 2003 11:27:44 +0300 
> DEFAULT       Auth-Type = SQL,
>                 Password-Location = SQL       
>                 Service-Type = Framed-User,
>               Framed-Protocol = PPP

Notice, that in this setup, Password-Location attribute is effectively
ignored. The Password-Location should be used with either
Auth-Type=Local or Auth-Type=Crypt-Local. Auth-Type = SQL itself is a
short notation for

        Auth-Type = Crypt-Local, Password-Location = SQL

Now to the problem:

> when request is created by 'radauth', log shows
> auth_type=3
> auth: CRYPT
>
> but when requst is comming from 'nas' log shows
> auth_type=0
> auth: Local
>
> Why?

In the first case, radauth sends usual authentication packets
(User-Name,Password, etc).

In the second case, NAS is sending CHAP authentication requests. To
confirm this, look at your radius.log, you will see there something
like:

        Login incorrect [USERNAME/{chap-password}]

When radius receives CHAP requests it automatically switches to the
Local mode (plaintext passwords), since CHAP can't be used with
encrypted passwords.

If you wish to use CHAP authentication, you will have to keep
plaintext passwords in your database. In this case the check-pairs
of the raddb/users entry should contain:

       Auth-Type = Local, Password-Location = SQL

Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]