Router User via radius server

chapeupreto · Sat Nov 27, 2010 2:05 pm

Hi all.
I'm trying to use router user authentication and accounting via freeradius server.
However, I ain't using cleartext passwords in my radius.radcheck table. Instead, I'm using Crypt-Password and my Auth-Type attribute is Crypt-Local.
So, after enabling radius in the "/user aaa" section, I'm getting this kind of error message:

Sat Nov 27 07:31:48 2010 : Auth: Login incorrect: [andre/<CHAP-Password>] (from client DUDE_Monitor port 0 cli 187.118.123.32)

The content of my radius.radcheck table is shown as follows:

	id	UserName	       Attribute                                  	Value	                                op
	3	andre	       Crypt-Password	                           $1$LBqMRXld$0PH8SvPub2F7P0nbC6eja1	          ==

This is what my "/user aaa" section looks like:

[admin@MikroTik] user aaa> print
        use-radius: yes
        accounting: yes
    interim-update: 5m
     default-group: full

Also, that error message only shows in the freeradius' log when users try to authenticate on the router.

Should I use plain-text passwords because of the CHAP protocol or is there any 'workaround' for this kind of situation?
Any help?
Thanks in advance!

rod~

SurferTim · Mon Nov 29, 2010 2:19 pm

Have you started FreeRADIUS in debug mode? In my OS from a shell logged in as root, it is

radiusd stop
radiusd -X

Then try the login again and see what is happening during the transaction.
When you are finished and exit debug mode, you can restart radius.

radiusd start

And I use plain text passwords. "ClearText-Password" or "User-Password", depending on version of FreeRADIUS.

Router User via radius server

Router User via radius server

Re: Router User via radius server