Failing to authenticate users

butteryak chrysalis72 at hotmail.com
Wed Nov 12 18:34:01 CET 2008


Hmmmm....my eyes are bugging out.  This is a new freeradius
install/mysql/daloradius/ubuntu.   I fail to find any specific as to why my
users are failing to authenticate, via a simple radcheck.  anyone have
another eye and take a peek, and see somthing I'm missing.....the first part
of this is all config loading. the access request is located towards the
bottem....... I'm pretty sure everything is talking to everything it needs
to, but I'm obviously missing somthing most likely obvious. if anyone sees
anything.....please let me know.....


thanks guys....

cg

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/freeradius/proxy.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/snmp.conf
Config:   including file: /etc/freeradius/eap.conf
Config:   including file: /etc/freeradius/sql.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/freeradius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/freeradius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/freeradius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/freeradius/freeradius.pid"
 main: user = "freerad"
 main: group = "freerad"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
 pap: auto_header = yes
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "/etc/shadow"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/freeradius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded eap 
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/etc/freeradius/huntgroups"
 preprocess: hints = "/etc/freeradius/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/etc/freeradius/users"
 files: acctusersfile = "/etc/freeradius/acct_users"
 files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded SQL 
 sql: driver = "rlm_sql_mysql"
 sql: server = "localhost"
 sql: port = ""
 sql: login = "root"
 sql: password = "XXXXXXX"
 sql: radius_db = "radius"
 sql: nas_table = "nas"
 sql: sqltrace = no
 sql: sqltracefile = "/var/log/freeradius/sqltrace.sql"
 sql: readclients = yes
 sql: deletestalesessions = yes
 sql: num_sql_socks = 5
 sql: sql_user_name = "%{User-Name}"
 sql: default_user_profile = ""
 sql: query_on_not_found = no
 sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op          
FROM radcheck           WHERE Username = '%{SQL-User-Name}'           ORDER
BY id"
 sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op          
FROM radreply           WHERE Username = '%{SQL-User-Name}'           ORDER
BY id"
 sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
 sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
 sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
 sql: accounting_update_query = "           UPDATE radacct           SET             
FramedIPAddress = '%{Framed-IP-Address}',              AcctSessionTime     =
'%{Acct-Session-Time}',              AcctInputOctets     =
'%{Acct-Input-Gigawords:-0}'  << 32 |                                   
'%{Acct-Input-Octets:-0}',              AcctOutputOctets    =
'%{Acct-Output-Gigawords:-0}' << 32 |                                   
'%{Acct-Output-Octets:-0}'           WHERE AcctSessionId =
'%{Acct-Session-Id}'           AND UserName        = '%{SQL-User-Name}'          
AND NASIPAddress    = '%{NAS-IP-Address}'"
 sql: accounting_update_query_alt = "           INSERT INTO radacct            
(AcctSessionId,    AcctUniqueId,      UserName,              Realm,           
NASIPAddress,      NASPortId,              NASPortType,      AcctStartTime,    
AcctSessionTime,              AcctAuthentic,    ConnectInfo_start,
AcctInputOctets,              AcctOutputOctets, CalledStationId,  
CallingStationId,              ServiceType,      FramedProtocol,   
FramedIPAddress,              AcctStartDelay,   XAscendSessionSvrKey)          
VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',             
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',                      
INTERVAL (%{Acct-Session-Time:-0} +                                
%{Acct-Delay-Time:-0}) SECOND),                      
'%{Acct-Session-Time}',              '%{Acct-Authentic}', '',             
'%{Acct-Input-Gigawords:-0}' << 32 |              '%{Acct-Input-Octets:-0}',             
'%{Acct-Output-Gigawords:-0}' << 32 |             
'%{Acct-Output-Octets:-0}',              '%{Called-Station-Id}',
'%{Calling-Station-Id}',              '%{Service-Type}',
'%{Framed-Protocol}',              '%{Framed-IP-Address}',              '0',
'%{X-Ascend-Session-Svr-Key}')"
 sql: accounting_start_query = "           INSERT INTO radacct            
(AcctSessionId,    AcctUniqueId,     UserName,              Realm,           
NASIPAddress,     NASPortId,              NASPortType,      AcctStartTime,   
AcctStopTime,              AcctSessionTime,  AcctAuthentic,   
ConnectInfo_start,              ConnectInfo_stop, AcctInputOctets, 
AcctOutputOctets,              CalledStationId,  CallingStationId,
AcctTerminateCause,              ServiceType,      FramedProtocol,  
FramedIPAddress,              AcctStartDelay,   AcctStopDelay,   
XAscendSessionSvrKey)           VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',             
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',             
'%{NAS-Port-Type}', '%S', '0',              '0', '%{Acct-Authentic}',
'%{Connect-Info}',              '', '0', '0',             
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',             
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',             
'%{Acct-Delay-Time:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
 sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S',
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'"
 sql: accounting_stop_query = "           UPDATE radacct SET             
AcctStopTime       = '%S',              AcctSessionTime    =
'%{Acct-Session-Time}',              AcctInputOctets    =
'%{Acct-Input-Gigawords:-0}' << 32 |                                  
'%{Acct-Input-Octets:-0}',              AcctOutputOctets   =
'%{Acct-Output-Gigawords:-0}' << 32 |                                  
'%{Acct-Output-Octets:-0}',              AcctTerminateCause =
'%{Acct-Terminate-Cause}',              AcctStopDelay      =
'%{Acct-Delay-Time:-0}',              ConnectInfo_stop   = '%{Connect-Info}'          
WHERE AcctSessionId   = '%{Acct-Session-Id}'           AND UserName         
= '%{SQL-User-Name}'           AND NASIPAddress      = '%{NAS-IP-Address}'"
 sql: accounting_stop_query_alt = "           INSERT INTO radacct            
(AcctSessionId, AcctUniqueId, UserName,              Realm, NASIPAddress,
NASPortId,              NASPortType, AcctStartTime, AcctStopTime,             
AcctSessionTime, AcctAuthentic, ConnectInfo_start,             
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,             
CalledStationId, CallingStationId, AcctTerminateCause,             
ServiceType, FramedProtocol, FramedIPAddress,              AcctStartDelay,
AcctStopDelay)           VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',             
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',             
'%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL
(%{Acct-Session-Time:-0} +                  %{Acct-Delay-Time:-0}) SECOND),             
'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',             
'%{Connect-Info}',              '%{Acct-Input-Gigawords:-0}' << 32 |             
'%{Acct-Input-Octets:-0}',              '%{Acct-Output-Gigawords:-0}' << 32
|              '%{Acct-Output-Octets:-0}',             
'%{Called-Station-Id}', '%{Calling-Station-Id}',             
'%{Acct-Terminate-Cause}',              '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}',              '0',
'%{Acct-Delay-Time:-0}')"
 sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}'"
 sql: connect_failure_retry_delay = 60
 sql: simul_count_query = ""
 sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,                               
NASIPAddress, NASPortId, FramedIPAddress,                               
CallingStationId, FramedProtocol                                FROM radacct                               
WHERE UserName='%{SQL-User-Name}'                                AND
AcctStopTime = 0"


 sql: postauth_query = "INSERT into radpostauth (user, pass, reply, date)
values ('%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
 sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root at localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT * FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Read entry
nasname=127.0.0.1,shortname=localhost,secret=testing123
rlm_sql (sql): Adding client 127.0.0.1 (localhost) to clients list
rlm_sql (sql): Released sql socket id: 4
Module: Instantiated sql (sql) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded detail 
 detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/freeradius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:33575, id=29, length=47
	User-Name = "sqltest"
	User-Password = "testpwd"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "sqltest", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'sqltest'
rlm_sql (sql): sql_set_user escaped user --> 'sqltest'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'sqltest'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'sqltest' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'sqltest'           ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
FROM radgroupreply,usergroup WHERE usergroup.Username = 'sqltest' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 29 to 127.0.0.1 port 33575
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 29 with timestamp 491a1ba8
Nothing to do.  Sleeping until we see a request.

-- 
View this message in context: http://www.nabble.com/Failing-to-authenticate-users-tp20451334p20451334.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list