Radius Problems

gosi · December 1, 2004, 8:54pm

Hello people !

I am playing around with MikroTik the last 2 days.
I got the PPPoE thingy working, and that works quite well, have tried Cisco equipment which gave a quite poor performance …

Anyhow, since we want to have quite a few customers connected via PPPoE soon, I was trying to setup a RADIUS Server.
I used FreeRadius and the box seem to work, tried with radtest and it replies as it should.

I added the MikroTik box in the clients.conf and tried, but no go.
In the debug mode of FreeRadius I see that the request from the Router comes in, but isn´t processed correctly, I get a rejected message.

So basically it is a FreeRADIUS problem, but since FreeRADIUS works stand alone and just with MikroTik as client it breaks, I guess I have over seen something withing the MikroTik config or the FreeRADIUS config.

Maybe somebody could give me a hint ?

Here the incoming RADIUS packet:

rad_recv: Access-Request packet from host 192.168.81.4:32768, id=8, length=184
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = “MikroTik”
NAS-Port = 20
NAS-Port-Type = Ethernet
User-Name = “daniel”
Calling-Station-Id = “00:D0:59:XX:XX:XX”
Called-Station-Id = “pppoetestx”
NAS-Port-Id = “ether2”
MS-CHAP-Challenge = 0x38857ee1c50f1e8b5774959511d06695
MS-CHAP2-Response = 0x0100b76faf76adc7f74af96c9140cd39288c0000000000000000d4b821d476a843d0558c30f7e295633cd76ebe83904af08a
NAS-IP-Address = 192.168.81.4

And here the response:

rad_recv: Access-Request packet from host 192.168.81.4:32768, id=8, length=184
Sending Access-Reject of id 8 to 192.168.81.4:32768

In first place I thought MS-CHAP might be the problem. Double checked on that, seems to be enabled in authorize {} section …

Hmm, hope somebody can give me a hand, the demo will run out soon and I really hope we can go with MikroTik.

Regards,
Daniel

andrewluck · December 1, 2004, 8:58pm

Can you post the relevant section of the FreeRadius config file.

Regards

Andrew

edzix · December 2, 2004, 8:59am

Are you using default Freeradius dictionary files?

Edgars

gosi · December 14, 2004, 9:08am

Sorry for the late reply, didn´t get the email from the forum about the new posts ..

Anyhow, yes I almost use the default config on my radius server,
and so I assume that would be the default dictionary files as well …

What config files do you want to see ?

gosi · December 14, 2004, 10:14am

Hmm, got a bit further with testing …
I was looking into the dictionary include dir, which comes within the Debian package, there is a dictionary.microsoft and a dictionary.mikrotik
That seems to be okay so far.
I have tried to send a CHAP request via NTradpind and via Linux radclient, both did work. I have not succeeded yet to make a MS-CHAP test since there seems to be no tool to do that

Another thing I just achieved, with MS-CHAP disabled in the Microsoft Connection setup, I am able to connect without any problems using CHAP.
Works quite well so far, so the issue is only RADIUS and within that topic only the MS-CHAP challenge/response

Lord · December 16, 2004, 8:35pm

Do you have “daniel” user on Radius ???

_ASM · December 16, 2004, 8:51pm

Seems that there was a problem in FreeRadius MS-CHAP support… try stopping it at the router, then if it works you know where the problem is

gosi · December 16, 2004, 9:18pm

Thanks for your help ..

Problem is already solved, will post the way tomorrow … no time today ..