Re: [Help-gnu-radius] More newbie help.

[Sergey Poznyakoff]

Hello,

> Oh, yeah, what's that 'CLID unknown' business about?

CLID stands for Calling Station ID. It is included in the log
message for informational purposes only, so you shouldn't worry
about it. The message `CLID unknown' means that the NAS has not
reported the calling station ID in its authentication request.

> The problem looks something like others' questions about the trailing
> '/', but so far I don't understand the significance of that.  :)

I guess you mean the slash in the following message:

Sep 25 13:35:47: Auth: Login incorrect: [jman/] CLID unknown (from nas as-itofc)

The slash in authentication diagnostics messages separates username
from the password, if radius is configured to show incorrect
passwords. In your case, this means that the user "jman" has 
supplied an empty password. More precisely, the authentication
request did not contain Password (2) attribute. This may happen, e.g.
when the NAS is configured to use CHAP authentication, in which case
the hashed user's password is sent in CHAP-Password (3) attribute.
CHAP passwords cannot be used with PAM authentication.

Here's some more information you might find useful:

By default PAM authentication uses "radius" service name, so that the
entries in your /etc/pam.conf file should look like:

radius  auth    required        ...
radius  account required        ...
radius  session required        ...

If you wish to change this, you can use Pam-Auth attribute in your
raddb/users, e.g.:

DEFAULT Auth-Type = Pam,
                Pam-Auth = "my-auth"
        Service-Type = Framed-User,
                Framed-Protocol = PPP
 


Regards,
Sergey