freeradius mysql 無法使用ms-chap認證,HELP
我用pptp+freeradius+mysql架設VPN伺服器,可是
只能通過CHAP認證,MS-CHAP無法通過。各種文檔都
查了,英文、簡體、繁體,各有各的說法,折騰幾天
了,小弟實在是無解,請幫助,不勝感激!
下面是運行freeradius -X收到請求時的輸出:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 41762, id=97, length=150
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "zongyu"
MS-CHAP-Challenge = 0x41902a3df355bf003235416f8c95123b
MS-CHAP2-Response = 0x6700046bbbecd97e76d54ba2b84e6f2d999f0000000000000000325624ca5c6d0e7a7840cdaaef889bef23b2545ba559e823
Calling-Station-Id = "222.246.32.223"
NAS-IP-Address = 174.34.155.242
NAS-Port = 0
+- entering group authorize {...}
++ returns ok
++ returns noop
Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++ returns ok
No '@' in User-Name = "zongyu", looking up realm NULL
No such realm "NULL"
++ returns noop
No EAP-Message, not doing EAP
++ returns noop
expand: %{User-Name} -> zongyu
sql_set_user escaped user --> 'zongyu'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op
FROM radcheck
WHERE username = '%{SQL-User-Name}'
ORDER BY id
->
SELECT id, username, attribute, value, op
FROM radcheck
WHERE username = 'zongyu'
ORDER BY id
User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'zongyu' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
-> SELECT groupname FROM radusergroup WHERE username = 'zongyu' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
-> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'pptp' ORDER BY id
User found in group pptp
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id
-> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'pptp' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++ returns ok
++ returns noop
++ returns noop
Found existing Auth-Type, not changing it.
++ returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
rlm_chap: Attribute "CHAP-Password" is required for authentication.
++ returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> zongyu
attr_filter: Matched entry DEFAULT at line 11
++ returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 97 to 127.0.0.1 port 41762
Waking up in 2.9 seconds.
Cleaning up request 0 ID 97 with timestamp +8
[ 本帖最後由 mawav 於 2010-1-23 12:17 編輯 ]
《解決方案》
這麼多高手,沒人響應?
如有朋友幫忙解決,贈送10天VPN帳戶(美國加州伺服器)。
[ 本帖最後由 mawav 於 2010-1-23 12:22 編輯 ]
《解決方案》
問題解決。
自己犯迷糊,之前東搞西搞為進行CHAP驗證在資料庫中設置成了AuthType:=CHAP
《解決方案》
原帖由 mawav 於 2010-1-23 13:30 發表 http://bbs.chinaunix.net/images/common/back.gif
問題解決。
自己犯迷糊,之前東搞西搞為進行CHAP驗證在資料庫中設置成了AuthType:=CHAP
Local
MS-CHAP
這些都是經常用的