[RADIATOR] MSCHAPV2 with Vpn Concentrator 3000
Sami Keski-Kasari
samikk at archred.com
Mon Aug 25 09:39:33 CDT 2008
How have you created those hashes?
goodies/nthash.pl?
--
Sami
SEG7 kirjoitti:
> Sami Keski-Kasari wrote:
>
>> Hi Sergio,
>>
>> You can't rewrite username if you are using mschapv2.
>>
>> Use UsernameMatchesWithoutRealm inside authby instead.
>>
>>
> Already tryed that before, must be something else...
> Thanks,
> Sérgio
>
> Handler
> <Handler Realm = vpn.ipb.pt,User-Name = seg7 at vpn.ipb.pt>
> MaxSessions 4
> AccountingHandled
> SessionDatabase SessDBUsers
> <AuthBy LDAP2>
> NoDefault
> UsernameMatchesWithoutRealm
> Host blade04.ccom.ipb.pt
> Port 389
> Version 3
> AuthDN cn=root,dc=ipb,dc=pt
> AuthPassword *
> BaseDN ou=staff,ou=users,dc=ipb,dc=pt
> Scope sub
> PasswordAttr sambaNTPassword
> SearchFilter (uid=%1)
> AutoMPPEKeys yes
> </AuthBy>
> AcctLogFileName /var/log/radius/vpn-detail.log
> AccountingHandled
> AuthLog vpnusers
> </Handler>
>
>
> Trace 4
> Mon Aug 25 15:13:55 2008: DEBUG: Packet dump:
> *** Received from 193.137.107.254 port 1130 ....
> Code: Access-Request
> Identifier: 54
> Authentic: <160>I<223>(F<246><229>e<216><1><189>j<171><171><180><224>
> Attributes:
> User-Name = "seg7 at vpn.ipb.pt"
> NAS-Port = 2311
> Service-Type = Framed
> Framed-Protocol = PPP
> Tunnel-Client-Endpoint = 193.136.195.195
> MS-CHAP-Challenge = "<139>m<207><16>
> X<160><222>/<230><218>j^<20><130>>"
> MS-CHAP2-Response =
> "<2><0>vp<175><252><197><153><27><198>A<215><174>:<224><22>L<250><0><0><0><0><0><0><0><0>yI<206><13><240>S<242>L<240>3<177><8>+<1
> 6><218><216>a<9>D{<216><165><222><168>"
> NAS-IP-Address = 193.137.107.254
> NAS-Port-Type = Virtual
>
> Mon Aug 25 15:13:55 2008: DEBUG: Handling request with Handler 'Realm =
> vpn.ipb.pt,User-Name = seg7 at vpn.ipb.pt'
> Mon Aug 25 15:13:55 2008: DEBUG: SessDBUsers Deleting session for
> seg7 at vpn.ipb.pt, 193.137.107.254, 2311
> Mon Aug 25 15:13:55 2008: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='193.137.107.254' and NASPORT=02311':
> Mon Aug 25 15:13:55 2008: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='seg7 at vpn.ipb.pt'':
> Mon Aug 25 15:13:55 2008: DEBUG: Handling with Radius::AuthLDAP2:
> Mon Aug 25 15:13:55 2008: INFO: Connecting to blade04.ccom.ipb.pt:389
> Mon Aug 25 15:13:55 2008: INFO: Attempting to bind to LDAP server
> blade04.ccom.ipb.pt:389
> Mon Aug 25 15:13:55 2008: DEBUG: LDAP got result for
> uid=seg7,ou=staff,ou=users,dc=ipb,dc=pt
> Mon Aug 25 15:13:55 2008: DEBUG: LDAP got sambaNTPassword:
> {nthash}31D6CFE0D16AE931B73C59D7E0C089C0
> Mon Aug 25 15:13:55 2008: DEBUG: Radius::AuthLDAP2 looks for match with
> seg7 [seg7 at vpn.ipb.pt]
> Mon Aug 25 15:13:55 2008: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password:
> seg7 [seg7 at vpn.ipb.pt]
> Mon Aug 25 15:13:55 2008: DEBUG: AuthBy LDAP2 result: REJECT, Bad Password
> Mon Aug 25 15:13:55 2008: INFO: Access rejected for seg7 at vpn.ipb.pt: Bad
> Password
> Mon Aug 25 15:13:55 2008: DEBUG: Packet dump:
> *** Sending to 193.137.107.254 port 1130 ....
> Code: Access-Reject
> Identifier: 54
> Authentic: <225><6><159>"i@<138><239><13><156><15><207><192><185><20><165>
> Attributes:
> Reply-Message = "Request Denied"
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
More information about the radiator
mailing list