auth-type problem

tnt at kalik.co.yu tnt at kalik.co.yu
Sat May 5 22:10:41 CEST 2007 

Auth-Type System is most likeky coming from a DEFAULT entry towards the
end of users file. Coment it out and see if it works than. Server should
set Auth-Type on it's own.

You shouldn't have sql in authenticate { } section. That's correct.

Ivan Kalik
Kalik Informatika ISP


Dana 5/5/2007, "liran tal" <liransgarage at gmail.com> piše:

>Hey everyone,
>
>I've used an older version of FreeRADIUS before (I think 1.1.0) with mysql
>as a backend and all I had to do
>to authenticate users is have the following entry in radcheck table: |  1 |
>admin    | Password        | == | admin |
>although I see some errors when using radiusd -X and the error received is
>username/password not correct.
>The log from freeradius is:
>
>  modcall[authorize]: module "mschap" returns noop for request 1
>    rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 1
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 1
>    users: Matched entry DEFAULT at line 152
>    users: Matched entry DEFAULT at line 171
>    users: Matched entry DEFAULT at line 183
>  modcall[authorize]: module "files" returns ok for request 1
>radius_xlat:  'admin'
>rlm_sql (sql): sql_set_user escaped user --> 'admin'
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radcheck           WHERE Username = 'admin'           ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 2
>radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
>radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
>radgroupcheck,usergroup WHERE usergroup.Username = 'admin' AND
>usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radreply           WHERE Username = 'admin'           ORDER BY id'
>radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
>radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
>radgroupreply,usergroup WHERE usergroup.Username = 'admin' AND
>usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql (sql): Released sql socket id: 2
>  modcall[authorize]: module "sql" returns ok for request 1
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 1
>rlm_sqlcounter: Entering module authorize code
>sqlcounter_expand:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
>UserName='%{User-Name}''
>radius_xlat:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
>UserName='admin''
>sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE
>UserName='admin'}'
>radius_xlat: Running registered xlat function of module sql for string
>'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='admin''
>rlm_sql (sql): - sql_xlat
>radius_xlat:  'admin'
>rlm_sql (sql): sql_set_user escaped user --> 'admin'
>radius_xlat:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
>UserName='admin''
>rlm_sql (sql): Reserving sql socket id: 1
>rlm_sql (sql): - sql_xlat finished
>rlm_sql (sql): Released sql socket id: 1
>radius_xlat:  '27'
>rlm_sqlcounter: (Check item - counter) is greater than zero
>rlm_sqlcounter: Authorized user admin, check_item=86400, counter=27
>rlm_sqlcounter: Sent Reply-Item for user admin, Type=Session-Timeout,
>value=300
>  modcall[authorize]: module "noresetcounter" returns ok for request 1
>rlm_sqlcounter: Entering module authorize code
>rlm_sqlcounter: Could not find Check item value pair
>  modcall[authorize]: module "dailycounter" returns noop for request 1
>rlm_sqlcounter: Entering module authorize code
>rlm_sqlcounter: Could not find Check item value pair
>  modcall[authorize]: module "monthlycounter" returns noop for request 1
>modcall: leaving group authorize (returns ok) for request 1
>  rad_check_password:  Found Auth-Type System
>auth: type "System"
>  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested
>action.
>auth: Failed to validate the user.
>Login incorrect: [admin/admin] (from client localhost port 1)
>Delaying request 1 for 1 seconds
>Finished request 1
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>
>
>
>It mentions some error about Auth-Type so I added another entry for that
>user in the table which is:
>|  2 | admin     | Auth-Type       | := | Local |
>
>And then it works fine.
>My question is why does it require the Auth-Type entry to be added? I've
>used freeradius with mysql before without having
>to enter an Auth-Type entry for each user in the radcheck table.
>
>My radiusd.conf authenticate { } section has no sql mentioning there.
>Could that be it?
>
>
>Thanks in advance,
>Liran.
>
>

More information about the Freeradius-Users mailing list