Freeradius doesn't detect EAP when authenticating against MySQL

Andrew Rowson freeradius at growse.com
Sun Sep 9 18:12:02 CEST 2007



tnt at kalik.co.yu wrote:
> Read the documentation (wiki, users file). For 1.1.6. you should be using
> Cleartext-Password attribute.
> 

Ok, I updated the radcheck table in mysql so that the atttibute read 
"Cleartext-Password". I now get a different result when trying to log in 
from the wlan:

rlm_sql (sql): No matching entry in the database for request from user 
[growse]
   modcall[authorize]: module "sql" returns notfound for request 7
     users: Matched entry DEFAULT at line 155
   modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   eaptls_process returned 7
   rlm_eap_peap: EAPTLS_OK
   rlm_eap_peap: Session established.  Decoding tunneled attributes.
   rlm_eap_peap: Received EAP-TLV response.
   rlm_eap_peap: Tunneled data is valid.
   rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected 
earlier in this session.
  rlm_eap: Handler failed in EAP/peap
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [growse] (from client wlan port 34 cli 000e35bd8c13)

For some reason, sql is now returning "not found", presumably because 
it's looking for the "Password" attribute and doesn't understand 
"Cleartext-Password" (just guessing here). However, the correct 
auth-type is now set, although it rejects the user. Is it rejecting 
because the sql module returned notfound?

Also, my cisco device logins have now broken since updating this 
attribute, I'm guessing because the sql module can't authenticate the 
user against the db?

Thanks,

Andrew


> Dana 8/9/2007, "Andrew Rowson" <freeradius at growse.com> piše:
> 
>> tnt at kalik.co.yu wrote:
>>>>>     users: Matched entry DEFAULT at line 155
>>>>>   modcall[authorize]: module "files" returns ok for request 0
>>>>> modcall: leaving group authorize (returns updated) for request 0
>>>>>   rad_check_password:  Found Auth-Type Local
>>> What is that DEFAULT entry? Is Auth-Type Local coming from there? Or do
>>> you have in the database? It had to come from somewhere.
>> The DEFAULT entry in the users is for an auth-type of System. There's
>> nothing in the DB that specifies an auth-type.
>>
>>> And what Freeradius version are you using? User-Password should not be
>>> used in recent server versions.
>> Freeradius version is 1.1.6. What do you mean about User-Password
>> shouldn't be used?
>>
>> Thanks,
>>
>> Andrew
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list