Upgrade From 1 to 2 - problem with authorize

Robert White rwhite at globalgossip.net
Tue Oct 27 08:12:54 CET 2009


Hi,

I'm trying to upgrade my setup from freeradius 1 to freeradius 2.

I've been making little changes to the config as suggested in the doc and I
managed to get my setup connecting to my mssql backend.  However, when I try
and authorize with a user/pass, I get an error - actually more of a warning.
 I've Googled about but although others have had this error I haven't really
seen a good explanation of why it occurs let alone how to solve.

The warning is...

rad_recv: Access-Request packet from host 10.152.0.7 port 20001, id=16,
length=168
        NAS-IP-Address = 10.152.0.7
        User-Name = "999999999"
        User-Password = "999999999"
        Service-Type = Login-User
        NAS-Port-Type = Async
        Calling-Station-Id = "1002"
        Quintum-h323-conf-id = "h323-conf-id=34616537 32353264 62350001
00080000"
        Quintum-AVPair = "h323-ivr-out=ACCESSCODE:990006"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[suffix] No '@' in User-Name = "999999999", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql]   expand: %{User-Name} -> 999999999
[sql] sql_set_user escaped user --> '999999999'
rlm_sql (sql): Reserving sql socket id: 4
[sql]   expand: SELECT [id], UserName, Attribute, [Value], op FROM
dbo.Rad_Authorize_User_Check('%{SQL-User-Name}') -> SELECT [id], UserName,
Attribute, [Value], op FROM dbo.Rad_Authorize_User_Check('999999999')
query:  SELECT [id], UserName, Attribute, [Value], op FROM
dbo.Rad_Authorize_User_Check('999999999')
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[sql] User found in radcheck table
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group PAP {...}
[pap] login attempt with password "999999999"
[pap] Using clear text password "999999999"
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [999999999] (from client 10.152.0.7 port 0 cli 1002)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 16 to 10.152.0.7 port 20001
Finished request 0.


Although the last line there says 'Sending Access-Accept', I do not get
authorized at the NAS end.

Here's how things play out on my old version 1 setup....

rad_recv: Access-Request packet from host 10.152.0.7:20001, id=31,
length=168
        NAS-IP-Address = 10.152.0.7
        User-Name = "999999999"
        User-Password = "999999999"
        Service-Type = Login-User
        NAS-Port-Type = Async
        Calling-Station-Id = "1002"
        Quintum-h323-conf-id = "h323-conf-id=34616537 32383034 62640001
00080000"
        Quintum-AVPair = "h323-ivr-out=ACCESSCODE:990006"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "999999999", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  '999999999'
rlm_sql (sql): sql_set_user escaped user --> '999999999'
radius_xlat:  'SELECT [id], UserName, Attribute, [Value], op FROM
dbo.Rad_Authorize_User_Check('999999999')'
rlm_sql (sql): Reserving sql socket id: 49
query:  SELECT [id], UserName, Attribute, [Value], op FROM
dbo.Rad_Authorize_User_Check('999999999')
radius_xlat:  'SELECT * FROM dbo.Rad_Group_Check('999999999')'
query:  SELECT * FROM dbo.Rad_Group_Check('999999999')
radius_xlat:  ''
radius_xlat:  'EXEC Rad_Authenticate @username = '999999999',
@dialstring_from = '1002', @dialstring_to = '', @gw_session_id = '34616537
32383034 62640001 00080000', @ivr_out = 'h323-ivr-out=ACCESSCODE:990006',
@gw_ip = '10.152.0.7', @call_origin = '', @gw_name = '' '
query:  EXEC Rad_Authenticate @username = '999999999', @dialstring_from =
'1002', @dialstring_to = '', @gw_session_id = '34616537 32383034 62640001
00080000', @ivr_out = 'h323-ivr-out=ACCESSCODE:990006', @gw_ip =
'10.152.0.7', @call_origin = '', @gw_name = ''
rlm_sql (sql): Released sql socket id: 49
  modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [999999999] (from client cms port 0 cli 1002)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_sql (sql): Processing sql_postauth
radius_xlat:  '999999999'
rlm_sql (sql): sql_set_user escaped user --> '999999999'
  modcall[post-auth]: module "sql" returns noop for request 0
modcall: leaving group post-auth (returns noop) for request 0
Sending Access-Accept of id 31 to 10.152.0.7 port 20001
        h323-return-code = "h323-return-code=0"
        h323-billing-model = "h323-billing-model=0"
        h323-credit-amount = "h323-credit-amount=76.15"
        h323-currency = "h323-currency=AUD"
Finished request 0


Thanks for any assistance,

Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091027/995b1fea/attachment.html>


More information about the Freeradius-Users mailing list