Using different realm in the same server

Gabriele Brosulo brosulo at edisoft.net
Tue Jan 31 17:31:24 CET 2012 

Hi all,
I'm trying to use different realm into the same server, but I probably 
miss something.

I just want to check my users in radcheck table as user at realm, but I 
can't get it working. here you are my radcheck table

mysql> select * from radcheck where username like 'tesths%';
+----+------------------+--------------------+----+--------------+
| id | username         | attribute          | op | value        |
+----+------------------+--------------------+----+--------------+
|  5 | tesths2          | Cleartext-Password | := | tesths2      |
|  4 | tesths at drupalAP1 | Cleartext-Password | := | tesths       |
| 11 | tesths at drupalAP1 | Login-Time         | := | Any1000-2000 |
|  8 | tesths at drupalAP1 | Max-Daily-Session  | := | 36000        |
| 12 | tesths at drupalAP1 | Expiration         | := | 31 Mar 2012  |
+----+------------------+--------------------+----+--------------+
5 rows in set (0.03 sec)

Following the output of freeradius -X replying to my Access-Request. As 
you can see it search for the cleartext password for tesths at drupalAP1, 
but it doesn't find it:

rad_recv: Access-Request packet from host 213.144.94.217 port 2060, 
id=64, length=322
         ChilliSpot-Version = "1.2.7-svn"
         User-Name = "tesths at drupalAP1"
         CHAP-Challenge = 0x1d5cbf018e5c3e1f0f27db84019d6334
         CHAP-Password = 0x00e56e25844efe021fe0ada407d300798d
         Service-Type = Login-User
         Acct-Session-Id = "4f28155900000001"
         Framed-IP-Address = 10.1.0.3
         NAS-Port-Type = Wireless-802.11
         NAS-Port = 1
         NAS-Port-Id = "00000001"
         Calling-Station-Id = "48-5D-60-71-DC-CC"
         Called-Station-Id = "58-6D-8F-B4-69-F7"
         NAS-IP-Address = 192.168.2.152
         NAS-Identifier = "coovaAP01"
         WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Coova_HotSpot01"
         WISPr-Location-Name = "My_HotSpot"
         WISPr-Logoff-URL = "http://10.1.0.1:3660/logoff"
         Message-Authenticator = 0xcbdb61af05f57eb2c5ef22c62a339623
# Executing section authorize from file 
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "drupalAP1" for User-Name = "tesths at drupalAP1"
[suffix] No such realm "drupalAP1"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} -> tesths at drupalAP1
[sql] sql_set_user escaped user --> 'tesths at drupalAP1'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'tesths at drupalAP1'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'tesths at drupalAP1'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup 
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM radusergroup           WHERE username = 
'tesths at drupalAP1'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT SUM(acctsessiontime - 
GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
     FROM radacct WHERE username = '%{User-Name}' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400''
[dailycounter]  expand: SELECT SUM(acctsessiontime - 
GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
     FROM radacct WHERE username = '%{User-Name}' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' -> SELECT 
SUM(acctsessiontime -                  GREATEST((1327964400 - 
UNIX_TIMESTAMP(acctstarttime)), 0))                  FROM radacct WHERE 
username = 'tesths at drupalAP1' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'
sqlcounter_expand:  '%{sql:SELECT SUM(acctsessiontime - 
  GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
       FROM radacct WHERE username = 'tesths at drupalAP1' AND 
      UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'}'
[dailycounter] sql_xlat
[dailycounter]  expand: %{User-Name} -> tesths at drupalAP1
[dailycounter] sql_set_user escaped user --> 'tesths at drupalAP1'
[dailycounter]  expand: SELECT SUM(acctsessiontime - 
GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
     FROM radacct WHERE username = 'tesths at drupalAP1' AND 
    UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' -> 
SELECT SUM(acctsessiontime -                  GREATEST((1327964400 - 
UNIX_TIMESTAMP(acctstarttime)), 0))                  FROM radacct WHERE 
username = 'tesths at drupalAP1' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'
rlm_sql (sql): Reserving sql socket id: 0
[dailycounter] row[0] returned NULL
rlm_sql (sql): Released sql socket id: 0
[dailycounter]  expand: %{sql:SELECT SUM(acctsessiontime - 
     GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
          FROM radacct WHERE username = 'tesths at drupalAP1' AND 
         UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'} ->
rlm_sqlcounter: No integer found in string ""
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: '31 Mar 2012'
++[expiration] returns ok
rlm_logintime: Checking Login-Time: 'Any1000-2000'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 9240
++[logintime] returns ok
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "tesths at drupalAP1" with CHAP password
[chap] Using clear text password "tesths" for user tesths at drupalAP1 
authentication.
[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> tesths at drupalAP1
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 64 to 213.144.94.217 port 2060
Waking up in 4.9 seconds.
Cleaning up request 3 ID 64 with timestamp +378
Ready to process requests.

How can I have the realm be part of the authentication?
Thanks a lot
-- 
Gabriele Dr. Brosulo
  Responsabile Web
  EdiSoft Srl

More information about the Freeradius-Users mailing list