authentication problem with sql

hadi golestani hadi.golestani at gmail.com
Wed Oct 24 07:43:19 CEST 2007 

No one knows?

On 10/23/07, hadi golestani <hadi.golestani at gmail.com> wrote:
>
> Hi,
> my freeradius works well with users files users but when I test it with
> one of my users that is stored in db, the authentication fails.
> what is needed to authenticate users that are stored in db.
>
> two debug mode output is attached:
> it's debug response for a user that is stored in db:
>
> rad_recv: Access-Request packet from host 127.0.0.1:1029, id=90, length=58
>         User-Name = "n2test"
>         User-Password = "n2test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1645
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
>   modcall[authorize]: module "preprocess" returns ok for request 1
>   modcall[authorize]: module "chap" returns noop for request 1
>   modcall[authorize]: module "mschap" returns noop for request 1
>     rlm_realm: No '@' in User-Name = "n2test", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 1
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 1
>     users: Matched entry DEFAULT at line 154
>   modcall[authorize]: module "files" returns ok for request 1
> radius_xlat:  'n2test'
> rlm_sql (sql): sql_set_user escaped user --> 'n2test'
> radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
> radcheck           WHERE Username = 'n2test'           ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 2
> radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
> radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
> radgroupcheck,usergroup WHERE usergroup.Username = 'n2test' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
> radreply           WHERE Username = 'n2test'           ORDER BY id'
> radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
> radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
> radgroupreply,usergroup WHERE usergroup.Username = 'n2test' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): Released sql socket id: 2
>   modcall[authorize]: module "sql" returns ok for request 1
> rlm_pap: Found existing Auth-Type, not changing it.
>   modcall[authorize]: module "pap" returns noop for request 1
> modcall: leaving group authorize (returns ok) for request 1
>   rad_check_password:  Found Auth-Type System
> auth: type "System"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
>   modcall[authenticate]: module "unix" returns notfound for request 1
> modcall: leaving group authenticate (returns notfound) for request 1
> auth: Failed to validate the user.
> Delaying request 1 for 1 seconds
> Finished request 1
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 90 to 127.0.0.1 port 1029
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 1 ID 90 with timestamp 471de1e9
> Nothing to do.  Sleeping until we see a request.
>
>
>
> and it's the output for a normal user that is stored in users file:
>
> rad_recv: Access-Request packet from host 127.0.0.1:1029, id=43, length=62
>         User-Name = "normaltest"
>         User-Password = "normaltest"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1645
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
>     rlm_realm: No '@' in User-Name = "normaltest", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 0
>     users: Matched entry normaltest at line 1
>   modcall[authorize]: module "files" returns ok for request 0
> radius_xlat:  'normaltest'
> rlm_sql (sql): sql_set_user escaped user --> 'normaltest'
> radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
> radcheck           WHERE Username = 'normaltest'           ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 4
> rlm_sql (sql): User normaltest not found in radcheck
> radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
> radgroupcheck.Attribute ,radgroupcheck.Value,radgroupcheck.op  FROM
> radgroupcheck,usergroup WHERE usergroup.Username = 'normaltest' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id '
> radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
> radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
> radgroupreply,usergroup WHERE usergroup.Username = 'normaltest' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): User normaltest not found in radgroupcheck
> rlm_sql (sql): Released sql socket id: 4
> rlm_sql (sql): User not found
>   modcall[authorize]: module "sql" returns notfound for request 0
>   modcall[authorize]: module "pap" returns updated for request 0
> modcall: leaving group authorize (returns updated) for request 0
>   rad_check_password:  Found Auth-Type pap
> auth: type "PAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group PAP for request 0
> rlm_pap: login attempt with password normaltest
> rlm_pap: Using clear text password "normaltest".
> rlm_pap: User authenticated successfully
>   modcall[authenticate]: module "pap" returns ok for request 0
> modcall: leaving group PAP (returns ok) for request 0
>   Processing the post-auth section of radiusd.conf
> modcall: entering group post-auth for request 0
> rlm_sql (sql): Processing sql_postauth
> radius_xlat:  'normaltest'
> rlm_sql (sql): sql_set_user escaped user --> 'normaltest'
> radius_xlat:  'INSERT into radpostauth (user, pass, reply, date) values
> ('normaltest', 'normaltest', 'Access-Accept', NOW())'
> rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (user,
> pass, reply, date) values ('normaltest', 'normaltest', 'Access-Accept',
> NOW())
> rlm_sql (sql): Reserving sql socket id: 3
> rlm_sql (sql): Released sql socket id: 3
>   modcall[post-auth]: module "sql" returns ok for request 0
> modcall: leaving group post-auth (returns ok) for request 0
> Sending Access-Accept of id 43 to 127.0.0.1 port 1029
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 43 with timestamp 471de179
> Nothing to do.  Sleeping until we see a request.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071024/2b28f675/attachment.html>

More information about the Freeradius-Users mailing list