Using different realm in the same server
Hi all, I'm trying to use different realm into the same server, but I probably miss something. I just want to check my users in radcheck table as user@realm, but I can't get it working. here you are my radcheck table mysql> select * from radcheck where username like 'tesths%'; +----+------------------+--------------------+----+--------------+ | id | username | attribute | op | value | +----+------------------+--------------------+----+--------------+ | 5 | tesths2 | Cleartext-Password | := | tesths2 | | 4 | tesths@drupalAP1 | Cleartext-Password | := | tesths | | 11 | tesths@drupalAP1 | Login-Time | := | Any1000-2000 | | 8 | tesths@drupalAP1 | Max-Daily-Session | := | 36000 | | 12 | tesths@drupalAP1 | Expiration | := | 31 Mar 2012 | +----+------------------+--------------------+----+--------------+ 5 rows in set (0.03 sec) Following the output of freeradius -X replying to my Access-Request. As you can see it search for the cleartext password for tesths@drupalAP1, but it doesn't find it: rad_recv: Access-Request packet from host 213.144.94.217 port 2060, id=64, length=322 ChilliSpot-Version = "1.2.7-svn" User-Name = "tesths@drupalAP1" CHAP-Challenge = 0x1d5cbf018e5c3e1f0f27db84019d6334 CHAP-Password = 0x00e56e25844efe021fe0ada407d300798d Service-Type = Login-User Acct-Session-Id = "4f28155900000001" Framed-IP-Address = 10.1.0.3 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" Calling-Station-Id = "48-5D-60-71-DC-CC" Called-Station-Id = "58-6D-8F-B4-69-F7" NAS-IP-Address = 192.168.2.152 NAS-Identifier = "coovaAP01" WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Coova_HotSpot01" WISPr-Location-Name = "My_HotSpot" WISPr-Logoff-URL = "http://10.1.0.1:3660/logoff" Message-Authenticator = 0xcbdb61af05f57eb2c5ef22c62a339623 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "drupalAP1" for User-Name = "tesths@drupalAP1" [suffix] No such realm "drupalAP1" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> tesths@drupalAP1 [sql] sql_set_user escaped user --> 'tesths@drupalAP1' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tesths@drupalAP1' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tesths@drupalAP1' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'tesths@drupalAP1' ORDER BY priority rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(acctsessiontime - GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'' [dailycounter] expand: SELECT SUM(acctsessiontime - GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' -> SELECT SUM(acctsessiontime - GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'tesths@drupalAP1' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' sqlcounter_expand: '%{sql:SELECT SUM(acctsessiontime - GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'tesths@drupalAP1' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'}' [dailycounter] sql_xlat [dailycounter] expand: %{User-Name} -> tesths@drupalAP1 [dailycounter] sql_set_user escaped user --> 'tesths@drupalAP1' [dailycounter] expand: SELECT SUM(acctsessiontime - GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'tesths@drupalAP1' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' -> SELECT SUM(acctsessiontime - GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'tesths@drupalAP1' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' rlm_sql (sql): Reserving sql socket id: 0 [dailycounter] row[0] returned NULL rlm_sql (sql): Released sql socket id: 0 [dailycounter] expand: %{sql:SELECT SUM(acctsessiontime - GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'tesths@drupalAP1' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'} -> rlm_sqlcounter: No integer found in string "" ++[dailycounter] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[monthlycounter] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] returns noop [expiration] Checking Expiration time: '31 Mar 2012' ++[expiration] returns ok rlm_logintime: Checking Login-Time: 'Any1000-2000' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 9240 ++[logintime] returns ok [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = CHAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group CHAP {...} [chap] login attempt by "tesths@drupalAP1" with CHAP password [chap] Using clear text password "tesths" for user tesths@drupalAP1 authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> tesths@drupalAP1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 64 to 213.144.94.217 port 2060 Waking up in 4.9 seconds. Cleaning up request 3 ID 64 with timestamp +378 Ready to process requests. How can I have the realm be part of the authentication? Thanks a lot -- Gabriele Dr. Brosulo Responsabile Web EdiSoft Srl
participants (1)
-
Gabriele Brosulo