Hi.<br><br>I had been installed freeradius 2.0.4 in debian 4.0 and with daloradius like web management interface<br><br>Now
i'm have an inconvenient with the users that i have in mysql. That
users can autenthicate in mysql but, can't get authenticate completly;
i think you know waht I mean.<br>
<br>Freeradius don't authenticate with mysql, so it uses another ways like EAP, PAP an others.<br><br>I had been edited the users file in the attribute auth-type with various values: Local, EAP, PAP, System...<br><br>
I got this when i try to loggin i got this:<br><br><br>rad_recv: Access-Request packet from host 127.0.0.1 port 32814, id=68, length=212<br> Vendor-14559-Attr-8 = 0x312e302e3132<br> User-Name = "juanpal"<br>
User-Password = "juanpal"<br> NAS-IP-Address = 192.168.181.1<br> Service-Type = Login-User<br> Framed-IP-Address = 192.168.181.2<br> Calling-Station-Id = "08-00-27-0A-F7-67"<br>
Called-Station-Id = "08-00-27-C0-08-85"<br> NAS-Identifier = "nas01"<br> Acct-Session-Id = "499d9aa800000001"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 1<br>
WISPr-Logoff-URL = "<a href="http://192.168.181.1:3990/logoff" target="_blank">http://192.168.181.1:3990/logoff</a>"<br> Message-Authenticator = 0xd5b4b59894a7fbb350da9e2f90d9<div id=":83" class="ArwC7c ckChnd">
eb5c<br>+- entering group authorize<br>
++[preprocess] returns ok<br> expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/<a href="http://127.0.0.1/auth-detail-20090219" target="_blank">127.0.0.1/auth-detail-20090219</a><br>
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/<a href="http://127.0.0.1/auth-detail-20090219" target="_blank">127.0.0.1/auth-detail-20090219</a><br>
expand: %t -> Thu Feb 19 13:13:58 2009<br>
++[auth_log] returns ok<br> expand: %{Realm} -><br>++[attr_filter] returns noop<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: No EAP-Message, not doing EAP<br>++[eap] returns noop<br> users: Matched entry DEFAULT at line 61<br>WARNING: Found User-Password == "...".<br>
WARNING: Are you sure you don't mean Cleartext-Password?<br>WARNING: See "man rlm_pap" for more information.<br> users: Matched entry DEFAULT at line 201<br>++[files] returns ok<br> expand: %{User-Name} -> juanpal<br>
rlm_sql (sql): sql_set_user escaped user --> 'juanpal'<br>rlm_sql (sql): Reserving sql socket id: 3<br>
expand: SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'juanpal' ORDER BY id<br>
rlm_sql (sql): User found in radcheck table<br>
expand: SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'juanpal' ORDER BY id<br>
expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='juanpal'<br>rlm_sql (sql): Released sql socket id: 3<br>++[sql] returns ok<br>
rad_check_password: Found Auth-Type Local<br>auth: type Local<br>auth: user supplied User-Password does NOT match local User-Password<br>auth: Failed to validate the user.<br>Login incorrect: [juanpal/juanpal] (from client localhost port 1 cli 08-00-27-0A-F7-67)<br>
Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 68 to 127.0.0.1 port 32814<br> Service-Type = Login-User<br>
Session-Timeout := 2400<br>Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 68 with timestamp +10<br>Ready to process requests.<br><br>As you see, the user juanpal authenticate with mysql but the next step stop him<br>
<br>My user file has this:<br><br>DEFAULT Auth-Type := Local, Crypt-password = User-Password<br> Fall-Through = yes<br><br><br>Whit auth-type = System, the users need to be Systems users.<br>Whit aut-type = ACCEPT, anyone can loggin.<br>
I don't know what try now, i had been google, read in many forums.<br clear="all"><br><br>Thanks a lot.</div><br clear="all"><br>-- <br>Juan Pablo Botero<br>Administrador de Sistemas informáticos<br><a href="http://jpill.wordpress.com">http://jpill.wordpress.com</a><br>
eSSuX: <a href="http://slcolombia.org/eSSuX">http://slcolombia.org/eSSuX</a><br>Linux Registered user #435293<br>