Actually, all the way from the beginning, "CleartextPassword" has been set (without an Auth-Type) but for some reason the program chooses Local automatically. It is probably a default setting of FreeRadius to go Local when it doesn't find an Auth method.
However, what I don't understand is why it doesn't find an authentication method if I have already configured the EAP.conf file with MD5 and have it in the Authorize and Authenticate sections of radiusd.conf
Now read my first reply again. It looks like you have replaced the
password attribute, but left the Auth-Type.
Ivan Kalik
Kalik Informatika ISP
Dana 9/10/2007, "inl2goal" < syaoran.sakura@gmail.com> piše:
>
>Here is the debug output
>
>When I run the server I get:
>
># ./radiusd -X
>Starting - reading configuration files ...
>reread_config: reading radiusd.conf
>Config: including file: /usr/local/etc/raddb/clients.conf
>Config: including file: /usr/local/etc/raddb/eap.conf
>Config: including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/usr/local/var"
> main: logdir = "/usr/local/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/usr/local/var/log/radius/radacct"
> main: hostname_lookups = no
> main: snmp = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 16214
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/usr/local/var/log/radius/radius.log"
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> main: user = "(null)"
> main: group = "(null)"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/local/sbin/checkrad"
> main: proxy_requests = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
>read_config_files: reading dictionary
>read_config_files: reading naslist
>Using deprecated naslist file. Support for this will go away soon.
>read_config_files: reading clients
>read_config_files: reading realms
>radiusd: entering modules setup
>Module: Library search path is /usr/local/lib
>Module: Loaded eap
> eap: default_eap_type = "md5"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> eap: cisco_accounting_username_bug = no
>rlm_eap: Loaded and initialized type md5
>Module: Instantiated eap (eap)
>Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = yes
> preprocess: with_alvarion_vsa_hack = no
>Module: Instantiated preprocess (preprocess)
>Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> realm: ignore_default = no
> realm: ignore_null = no
>Module: Instantiated realm (suffix)
>Module: Loaded SQL
> sql: driver = "rlm_sql_mysql"
> sql: server = "localhost"
> sql: port = ""
> sql: login = "root"
> sql: password = "watchdog"
> sql: radius_db = "radius"
> sql: nas_table = "nas"
> sql: sqltrace = yes
> sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
> sql: readclients = yes
> sql: deletestalesessions = yes
> sql: num_sql_socks = 5
> sql: sql_user_name = "%{User-Name}"
> sql: default_user_profile = ""
> sql: query_on_not_found = no
> sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, op
>FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER
>BY id"
> sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op
>FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER
>BY id"
> sql: authorize_group_check_query = "SELECT
>radgroupcheck.id ,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
>FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
>AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
> sql: authorize_group_reply_query = "SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute ,radgroupreply.Value,radgroupreply.op
>FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
>AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
> sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
>AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
>AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
>'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
>NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
> sql: accounting_update_query = " UPDATE radacct SET
>FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime =
>'%{Acct-Session-Time}', + AcctInputOctets =
>'%{Acct-Input-Gigawords:-0}' << 32 |
>'%{Acct-Input-Octets:-0}', AcctOutputOctets =
>'%{Acct-Output-Gigawords:-0}' << 32 |
>'%{Acct-Output-Octets:-0}' WHERE AcctSessionId =
>'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
>AND NASIPAddress = '%{NAS-IP-Address}'"
> sql: accounting_update_query_alt = " INSERT INTO radacct
>(AcctSessionId, AcctUniqueId, UserName, Realm,
>NASIPAddress, NASPortId, NASPortType, AcctStartTime,
>AcctSessionTime, AcctAuthentic, ConnectInfo_start,
>AcctInputOctets, AcctOutputOctets, CalledStationId,
>CallingStationId, ServiceType, FramedProtocol,
>FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey)
>VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
>'%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',
>INTERVAL (%{Acct-Session-Time:-0} +
>%{Acct-Delay-Time:-0}) SECOND),
>'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
>'%{Acct-Input-Gigawords:-0}' << 32 | '%{Acct-Input-Octets:-0}',
>'%{Acct-Output-Gigawords:-0}' << 32 |
>'%{Acct-Output-Octets:-0}', '%{Called-Station-Id}',
>'%{Calling-Station-Id}', '%{Service-Type}',
>'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
>'%{X-Ascend-Session-Svr-Key}')"
> sql: accounting_start_query = " INSERT INTO radacct
>(AcctSessionId, AcctUniqueId, UserName, Realm,
>NASIPAddress, NASPortId, NASPortType, AcctStartTime,
>AcctStopTime, AcctSessionTime, AcctAuthentic,
>ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
>AcctOutputOctets, CalledStationId, CallingStationId,
>AcctTerminateCause, ServiceType, FramedProtocol,
>FramedIPAddress, AcctStartDelay, AcctStopDelay,
>XAscendSessionSvrKey) VALUES ('%{Acct-Session-Id}',
>'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
>'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
>'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}',
>'%{Connect-Info}', '', '0', '0',
>'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
>'%{Acct-Delay-Time:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
> sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S',
>AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}'
>WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
>AND NASIPAddress = '%{NAS-IP-Address}'"
> sql: accounting_stop_query = " UPDATE radacct SET
>AcctStopTime = '%S', AcctSessionTime =
>'%{Acct-Session-Time}', AcctInputOctets =
>'%{Acct-Input-Gigawords:-0}' << 32 |
>'%{Acct-Input-Octets:-0}', AcctOutputOctets =
>'%{Acct-Output-Gigawords:-0}' << 32 |
>'%{Acct-Output-Octets:-0}', AcctTerminateCause =
>'%{Acct-Terminate-Cause}', AcctStopDelay =
>'%{Acct-Delay-Time:-0}', ConnectInfo_stop = '%{Connect-Info}'
>WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName
>= '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
> sql: accounting_stop_query_alt = " INSERT INTO radacct
>(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
>NASPortId, NASPortType, AcctStartTime, AcctStopTime,
>AcctSessionTime, AcctAuthentic, ConnectInfo_start,
>ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
>CalledStationId, CallingStationId, AcctTerminateCause,
>ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay,
>AcctStopDelay) VALUES ('%{Acct-Session-Id}',
>'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
>'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
>'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL
>(%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND),
>'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
>'%{Connect-Info}', '%{Acct-Input-Gigawords:-0}' << 32 |
>'%{Acct-Input-Octets:-0}', '%{Acct-Output-Gigawords:-0}' << 32
>| '%{Acct-Output-Octets:-0}',
>'%{Called-Station-Id}', '%{Calling-Station-Id}',
>'%{Acct-Terminate-Cause}', '%{Service-Type}',
>'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
>'%{Acct-Delay-Time:-0}')"
> sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE
>UserName='%{SQL-User-Name}'"
> sql: connect_failure_retry_delay = 60
> sql: simul_count_query = ""
> sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
>NASIPAddress, NASPortId, FramedIPAddress,
>CallingStationId, FramedProtocol FROM radacct
>WHERE UserName='%{SQL-User-Name}' AND
>AcctStopTime = 0"
> sql: postauth_query = "INSERT into radpostauth (user, pass, reply, date)
>values ('%{User-Name}', '%{User-Password:-Chap-Password}',
>'%{reply:Packet-Type}', NOW())"
> sql: safe-characters =
>"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
>rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
>rlm_sql (sql): Attempting to connect to root@localhost:/radius
>rlm_sql (sql): starting 0
>rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
>rlm_sql_mysql: Starting connect to MySQL server for #0
>rlm_sql (sql): Connected new DB handle, #0
>rlm_sql (sql): starting 1
>rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
>rlm_sql_mysql: Starting connect to MySQL server for #1
>rlm_sql (sql): Connected new DB handle, #1
>rlm_sql (sql): starting 2
>rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
>rlm_sql_mysql: Starting connect to MySQL server for #2
>rlm_sql (sql): Connected new DB handle, #2
>rlm_sql (sql): starting 3
>rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
>rlm_sql_mysql: Starting connect to MySQL server for #3
>rlm_sql (sql): Connected new DB handle, #3
>rlm_sql (sql): starting 4
>rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
>rlm_sql_mysql: Starting connect to MySQL server for #4
>rlm_sql (sql): Connected new DB handle, #4
>rlm_sql (sql): - generate_sql_clients
>rlm_sql (sql): Query: SELECT * FROM nas
>rlm_sql (sql): Reserving sql socket id: 4
>rlm_sql_mysql: query: SELECT * FROM nas
>rlm_sql (sql): Read entry nasname=w.x.y.z,shortname=radius1,secret=holygrail
>rlm_sql (sql): Adding client w.x.y.z (radius1) to clients list
>rlm_sql (sql): Released sql socket id: 4
>Module: Instantiated sql (sql)
>Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>Client-IP-Address, NAS-Port"
>Module: Instantiated acct_unique (acct_unique)
>Module: Loaded detail
> detail: detailfile =
>"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
>Module: Instantiated detail (detail)
>Module: Loaded radutmp
> radutmp: filename = "/usr/local/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
>Module: Instantiated radutmp (radutmp)
>Listening on authentication *:16214
>Listening on accounting *:16215
>Ready to process requests.
>
>And when I send the request after connecting to the switch I get:
>
>rad_recv: Access-Request packet from host w.x.y.z:1645, id=3, length=125
> User-Name = "power"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "00-1A-A2-5B-43-83"
> Calling-Station-Id = "00-0B-CD-AA-ED-6D"
> EAP-Message = 0x0202000a01706f776572
> Message-Authenticator = 0x58fa7799b0cf8b82e6216ce8048220d7
> NAS-Port = 50003
> NAS-Port-Type = Ethernet
> NAS-IP-Address = w.x.y.z
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> rlm_realm: No '@' in User-Name = "power", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
>radius_xlat: 'power'
>rlm_sql (sql): sql_set_user escaped user --> 'power'
>radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
>radcheck WHERE Username = 'power' ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 3
>rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
>FROM radcheck WHERE Username = 'power' ORDER BY id
>radius_xlat: 'SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
>FROM radgroupcheck,usergroup WHERE usergroup.Username = 'power' AND
>usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query: SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value ,radgroupcheck.op
>FROM radgroupcheck,usergroup WHERE usergroup.Username = 'power' AND
>usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
>radreply WHERE Username = 'power' ORDER BY id'
>rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
>FROM radreply WHERE Username = 'power' ORDER BY id
>radius_xlat: 'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute ,radgroupreply.Value,radgroupreply.op
>FROM radgroupreply,usergroup WHERE usergroup.Username = 'power' AND
>usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id '
>rlm_sql_mysql: query: SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
>FROM radgroupreply,usergroup WHERE usergroup.Username = 'power' AND
>usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Released sql socket id: 3
> modcall[authorize]: module "sql" returns ok for request 0
> modcall[authorize]: module "eap" returns noop for request 0
>modcall: leaving group authorize (returns ok) for request 0
>auth: type Local
>auth: No User-Password or CHAP-Password attribute in the request
>auth: Failed to validate the user.
>Delaying request 0 for 1 seconds
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 3 to w.x.y.z port 1645
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 3 with timestamp 470bb882
>Nothing to do. Sleeping until we see a request.
>
>
>Thank you
>
>
>
>tnt wrote:
>>
>> Post the whole debug (radiusd -X) then.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>
>--
>View this message in context: http://www.nabble.com/EAP%2BMD5%2BSQL-trouble-tf4571786.html#a13120808
>Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html