MySQL authentication problem

Hernan Antolini antolini at ar.ibm.com
Tue Jan 2 13:37:13 CET 2007


ian, just review your radiusd.conf (authenticate and authorize sections) 
because you sql IS going ok.....

 modcall[authorize]: module "sql" returns ok for request 0

but your "unix" IS not

modcall[authenticate]: module "unix" returns notfound for request 0

just leave "sql" in your auth section if you plan to do it tha way

Hernan Antolini





Ian Truelsen <ian.truelsen at gmail.com> 
Sent by: freeradius-users-bounces+antolini=ar.ibm.com at lists.freeradius.org
01/01/07 07:32 PM
Please respond to
FreeRadius users mailing list <freeradius-users at lists.freeradius.org>


To
Freeradius Mailing List <freeradius-users at lists.freeradius.org>
cc

Subject
MySQL authentication problem






radiusd: FreeRADIUS Version 1.1.3, for host i686-pc-linux-gnu, built on
Dec 26 2006 at 01:46:55
mysql  Ver 14.12 Distrib 5.0.30, for pc-linux-gnu (i686) using readline
5.2

I thought that I had everything configured properly for MySQL
authentication, but when I try to do a test with radtest, the test user
is not authenticated and there is no log of activity to the MySQL
database. Anyway, here is the output of radiusd -X and, at the end, the
population of my database:

rad_recv: Access-Request packet from host 192.168.182.1:2053, id=7,
length=55
        User-Name = "ian"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "ian", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'ian'
rlm_sql (sql): sql_set_user escaped user --> 'ian'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'ian'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ian' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'ian'           ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'ian' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Login incorrect: [ian/test] (from client brentwood port 1812)
Delaying request 0 for 1 seconds
Finished request 0


mysql> select * from radcheck
    -> ;
+----+----------+-----------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+-------+
|  1 | Password | ==        | te |       | 
|  2 | ian      | Password  | == | test  | 
+----+----------+-----------+----+-------+
2 rows in set (0.01 sec)

Any thoughts on why this is not working would be greatly appreciated.

-- 
Ian Truelsen
s/v Sting
Email: ian.truelsen at gmail.com
AIM: ihtruelsen
MSN: ihtruelsen at hotmail.com
Google Talk: ian.truelsen at gmail.com

- 
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070102/58babae1/attachment.html>


More information about the Freeradius-Users mailing list