auth-type problem

liran tal liransgarage at gmail.com
Sun May 6 06:57:18 CEST 2007


Thanks, commenting out the DEFAULT Auth-Type == System entry in the users
file made it worked.
Oddly enough I never had this problem before, and I thought that the order
of appearance of the modules
in the authorization { } section shouldn't have any impact. If the user
isn't found in the unix realm (/etc/passwd) then
freeradius checks the next one (say the sql module) and so on.

Anyway, good to know, probably should do more reading on Auth-Type also.

Thanks again,
Liran.

On 5/5/07, tnt at kalik.co.yu <tnt at kalik.co.yu> wrote:
>
> Auth-Type System is most likeky coming from a DEFAULT entry towards the
> end of users file. Coment it out and see if it works than. Server should
> set Auth-Type on it's own.
>
> You shouldn't have sql in authenticate { } section. That's correct.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 5/5/2007, "liran tal" <liransgarage at gmail.com> piše:
>
> >Hey everyone,
> >
> >I've used an older version of FreeRADIUS before (I think 1.1.0) with
> mysql
> >as a backend and all I had to do
> >to authenticate users is have the following entry in radcheck table: |  1
> |
> >admin    | Password        | == | admin |
> >although I see some errors when using radiusd -X and the error received
> is
> >username/password not correct.
> >The log from freeradius is:
> >
> >  modcall[authorize]: module "mschap" returns noop for request 1
> >    rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
> >    rlm_realm: No such realm "NULL"
> >  modcall[authorize]: module "suffix" returns noop for request 1
> >  rlm_eap: No EAP-Message, not doing EAP
> >  modcall[authorize]: module "eap" returns noop for request 1
> >    users: Matched entry DEFAULT at line 152
> >    users: Matched entry DEFAULT at line 171
> >    users: Matched entry DEFAULT at line 183
> >  modcall[authorize]: module "files" returns ok for request 1
> >radius_xlat:  'admin'
> >rlm_sql (sql): sql_set_user escaped user --> 'admin'
> >radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
> >radcheck           WHERE Username = 'admin'           ORDER BY id'
> >rlm_sql (sql): Reserving sql socket id: 2
> >radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
> >radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
> >radgroupcheck,usergroup WHERE usergroup.Username = 'admin' AND
> >usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> >radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
> >radreply           WHERE Username = 'admin'           ORDER BY id'
> >radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
> >radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
> >radgroupreply,usergroup WHERE usergroup.Username = 'admin' AND
> >usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> >rlm_sql (sql): Released sql socket id: 2
> >  modcall[authorize]: module "sql" returns ok for request 1
> >rlm_pap: Found existing Auth-Type, not changing it.
> >  modcall[authorize]: module "pap" returns noop for request 1
> >rlm_sqlcounter: Entering module authorize code
> >sqlcounter_expand:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
> >UserName='%{User-Name}''
> >radius_xlat:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
> >UserName='admin''
> >sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE
> >UserName='admin'}'
> >radius_xlat: Running registered xlat function of module sql for string
> >'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='admin''
> >rlm_sql (sql): - sql_xlat
> >radius_xlat:  'admin'
> >rlm_sql (sql): sql_set_user escaped user --> 'admin'
> >radius_xlat:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
> >UserName='admin''
> >rlm_sql (sql): Reserving sql socket id: 1
> >rlm_sql (sql): - sql_xlat finished
> >rlm_sql (sql): Released sql socket id: 1
> >radius_xlat:  '27'
> >rlm_sqlcounter: (Check item - counter) is greater than zero
> >rlm_sqlcounter: Authorized user admin, check_item=86400, counter=27
> >rlm_sqlcounter: Sent Reply-Item for user admin, Type=Session-Timeout,
> >value=300
> >  modcall[authorize]: module "noresetcounter" returns ok for request 1
> >rlm_sqlcounter: Entering module authorize code
> >rlm_sqlcounter: Could not find Check item value pair
> >  modcall[authorize]: module "dailycounter" returns noop for request 1
> >rlm_sqlcounter: Entering module authorize code
> >rlm_sqlcounter: Could not find Check item value pair
> >  modcall[authorize]: module "monthlycounter" returns noop for request 1
> >modcall: leaving group authorize (returns ok) for request 1
> >  rad_check_password:  Found Auth-Type System
> >auth: type "System"
> >  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested
> >action.
> >auth: Failed to validate the user.
> >Login incorrect: [admin/admin] (from client localhost port 1)
> >Delaying request 1 for 1 seconds
> >Finished request 1
> >Going to the next request
> >--- Walking the entire request list ---
> >Waking up in 1 seconds...
> >--- Walking the entire request list ---
> >Waking up in 1 seconds...
> >
> >
> >
> >It mentions some error about Auth-Type so I added another entry for that
> >user in the table which is:
> >|  2 | admin     | Auth-Type       | := | Local |
> >
> >And then it works fine.
> >My question is why does it require the Auth-Type entry to be added? I've
> >used freeradius with mysql before without having
> >to enter an Auth-Type entry for each user in the radcheck table.
> >
> >My radiusd.conf authenticate { } section has no sql mentioning there.
> >Could that be it?
> >
> >
> >Thanks in advance,
> >Liran.
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070506/c8a8f4f6/attachment.html>


More information about the Freeradius-Users mailing list