How to Authenticate Mysql Users whit freeradius editing the users file
Hi. I had been installed freeradius 2.0.4 in debian 4.0 and with daloradius like web management interface Now i'm have an inconvenient with the users that i have in mysql. That users can autenthicate in mysql but, can't get authenticate completly; i think you know waht I mean. Freeradius don't authenticate with mysql, so it uses another ways like EAP, PAP an others. I had been edited the users file in the attribute auth-type with various values: Local, EAP, PAP, System... I got this when i try to loggin i got this: rad_recv: Access-Request packet from host 127.0.0.1 port 32814, id=68, length=212 Vendor-14559-Attr-8 = 0x312e302e3132 User-Name = "juanpal" User-Password = "juanpal" NAS-IP-Address = 192.168.181.1 Service-Type = Login-User Framed-IP-Address = 192.168.181.2 Calling-Station-Id = "08-00-27-0A-F7-67" Called-Station-Id = "08-00-27-C0-08-85" NAS-Identifier = "nas01" Acct-Session-Id = "499d9aa800000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Logoff-URL = "http://192.168.181.1:3990/logoff" Message-Authenticator = 0xd5b4b59894a7fbb350da9e2f90d9eb5c +- entering group authorize ++[preprocess] returns ok expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090219 rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090219 expand: %t -> Thu Feb 19 13:13:58 2009 ++[auth_log] returns ok expand: %{Realm} -> ++[attr_filter] returns noop ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop users: Matched entry DEFAULT at line 61 WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. users: Matched entry DEFAULT at line 201 ++[files] returns ok expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'juanpal' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'juanpal' ORDER BY id expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='juanpal' rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [juanpal/juanpal] (from client localhost port 1 cli 08-00-27-0A-F7-67) Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 68 to 127.0.0.1 port 32814 Service-Type = Login-User Session-Timeout := 2400 Waking up in 4.9 seconds. Cleaning up request 0 ID 68 with timestamp +10 Ready to process requests. As you see, the user juanpal authenticate with mysql but the next step stop him My user file has this: DEFAULT Auth-Type := Local, Crypt-password = User-Password Fall-Through = yes Whit auth-type = System, the users need to be Systems users. Whit aut-type = ACCEPT, anyone can loggin. I don't know what try now, i had been google, read in many forums. Thanks a lot. -- Juan Pablo Botero Administrador de Sistemas informáticos http://jpill.wordpress.com eSSuX: http://slcolombia.org/eSSuX Linux Registered user #435293
Freeradius don't authenticate with mysql, so it uses another ways like EAP, PAP an others.
I had been edited the users file in the attribute auth-type with various values: Local, EAP, PAP, System...
Why? All the freeradius documentation says that you *shouldn't* force the Auth-Type.
As you see, the user juanpal authenticate with mysql but the next step stop him
My user file has this:
DEFAULT Auth-Type := Local, Crypt-password = User-Password Fall-Through = yes
Delete that. Follow the sql howto from the wiki. Ivan Kalik Kalik Informatika ISP
Hello again. On Thu, Feb 19, 2009 at 7:16 PM, <tnt@kalik.net> wrote:
Freeradius don't authenticate with mysql, so it uses another ways like EAP, PAP an others.
I had been edited the users file in the attribute auth-type with various values: Local, EAP, PAP, System...
Why? All the freeradius documentation says that you *shouldn't* force the Auth-Type.
As you see, the user juanpal authenticate with mysql but the next step stop him
My user file has this:
DEFAULT Auth-Type := Local, Crypt-password = User-Password Fall-Through = yes
Delete that. Follow the sql howto from the wiki.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
i didn't force any authentication, I left the users file by default, when i tried to login i got this: rad_recv: Access-Request packet from host 127.0.0.1 port 32769, id=4, length=212 Vendor-14559-Attr-8 = 0x312e302e3132 User-Name = "juanpal" User-Password = "juanpal" NAS-IP-Address = 192.168.181.1 Service-Type = Login-User Framed-IP-Address = 192.168.181.2 Calling-Station-Id = "08-00-27-0A-F7-67" Called-Station-Id = "08-00-27-C0-08-85" NAS-Identifier = "nas01" Acct-Session-Id = "499e664400000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Logoff-URL = "http://192.168.181.1:3990/logoff" Message-Authenticator = 0x158efa3c2616f5104a2401d082f73222 +- entering group authorize ++[preprocess] returns ok expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220 rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220 expand: %t -> Fri Feb 20 03:14:15 2009 ++[auth_log] returns ok expand: %{Realm} -> ++[attr_filter] returns noop ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'juanpal' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'juanpal' ORDER BY id expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='juanpal' rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [juanpal/juanpal] (from client localhost port 1 cli 08-00-27-0A-F7-67) Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.8 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 4 to 127.0.0.1 port 32769 Session-Timeout := 2400 Waking up in 4.9 seconds. Cleaning up request 2 ID 4 with timestamp +169 Ready to process requests. now, the user file by default: # # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # If you use the database support to turn this file into a .db or .dbm # file, the DEFAULT entries _have_ to be at the end of this file and # you can't have multiple entries for one username. # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Cleartext-Password := "hello" # Reply-Message = "Hello, %{User-Name}" # # Dial user back and telnet to the default host for that port # #Deg Cleartext-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Cleartext-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # using the default method, give them shell access, and stop processing # the rest of the file. # #DEFAULT Suffix == ".shell" # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Sample defaults for all framed connections. # #DEFAULT Service-Type == Framed-User # Framed-IP-Address = 255.255.255.254, # Framed-MTU = 576, # Service-Type = Framed-User, # Fall-Through = Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Administrative-User # On no match, the user is denied access. Thanks -- Juan Pablo Botero Administrador de Sistemas informáticos http://jpill.wordpress.com eSSuX: http://slcolombia.org/eSSuX Linux Registered user #435293
i didn't force any authentication, I left the users file by default, when i tried to login i got this:
..
++[files] returns noop
OK. Files are empty now. But ...
expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'juanpal' ORDER BY id rlm_sql (sql): User found in radcheck table
.. this should be the password. And ... ..
++[sql] returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user.
.. no pap module. Why did you remove the pap from authorize? Put it back. Ivan Kalik Kalik Informatika ISP
On Fri, Feb 20, 2009 at 9:12 AM, <tnt@kalik.net> wrote:
i didn't force any authentication, I left the users file by default, when i tried to login i got this:
..
++[files] returns noop
OK. Files are empty now. But ...
expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY
id
-> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'juanpal' ORDER BY id rlm_sql (sql): User found in radcheck table
.. this should be the password. And ...
..
++[sql] returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user.
.. no pap module. Why did you remove the pap from authorize? Put it back.
I Put pap in authorize section in radius.conf. I got this: rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=32, length=212 Vendor-14559-Attr-8 = 0x312e302e3132 User-Name = "juanpal" User-Password = "juanpal" NAS-IP-Address = 192.168.181.1 Service-Type = Login-User Framed-IP-Address = 192.168.181.2 Calling-Station-Id = "08-00-27-0A-F7-67" Called-Station-Id = "08-00-27-C0-08-85" NAS-Identifier = "nas01" Acct-Session-Id = "499e742800000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Logoff-URL = "http://192.168.181.1:3990/logoff" Message-Authenticator = 0x0e0a63b0ee1fb9a95992d227586a9090 +- entering group authorize ++[preprocess] returns ok expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220 rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220 expand: %t -> Fri Feb 20 04:24:43 2009 ++[auth_log] returns ok expand: %{Realm} -> ++[attr_filter] returns noop ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'juanpal' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'juanpal' ORDER BY id expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='juanpal' rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rlm_pap: Normalizing MD5-Password from hex encoding ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "juanpal" rlm_pap: No password configured for the user. Cannot do authentication ++[pap] returns fail auth: Failed to validate the user. Login incorrect: [juanpal/juanpal] (from client localhost port 1 cli 08-00-27-0A-F7-67) Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 32 to 127.0.0.1 port 32770 Session-Timeout := 2400
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Juan Pablo Botero Administrador de Sistemas informáticos http://jpill.wordpress.com eSSuX: http://slcolombia.org/eSSuX Linux Registered user #435293
I change the password user from md5 to User-Password and can login. I don't know if that was the suggestion, but thanks a lot On Fri, Feb 20, 2009 at 10:00 AM, <tnt@kalik.net> wrote:
rlm_pap: Normalizing MD5-Password from hex encoding ++[pap] returns updated
Try with Cleartext-Password first. And use := not == as operator.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Juan Pablo Botero Administrador de Sistemas informáticos http://jpill.wordpress.com eSSuX: http://slcolombia.org/eSSuX Linux Registered user #435293
I change the password user from md5 to User-Password and can login.
I don't know if that was the suggestion, but thanks a lot
Try with Cleartext-Password first. And use := not == as operator.
No. I ment what I wrote. User-Password shouldn't be used. Use Cleartext-Password. Ivan Kalik Kalik Informatika ISP
Ok. I made that wiht Cleartex-Password and it serves too: rad_recv: Access-Request packet from host 127.0.0.1 port 32793, id=55, length=212 Vendor-14559-Attr-8 = 0x312e302e3132 User-Name = "juanpal" User-Password = "juanpal" NAS-IP-Address = 192.168.181.1 Service-Type = Login-User Framed-IP-Address = 192.168.181.3 Calling-Station-Id = "08-00-27-D6-27-3B" Called-Station-Id = "08-00-27-C0-08-85" NAS-Identifier = "nas01" Acct-Session-Id = "499ee06c00000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 WISPr-Logoff-URL = "http://192.168.181.1:3990/logoff" Message-Authenticator = 0x16771e0e536870155a6ea764daae4c34 +- entering group authorize ++[preprocess] returns ok expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220 rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220 expand: %t -> Fri Feb 20 11:55:31 2009 ++[auth_log] returns ok expand: %{Realm} -> ++[attr_filter] returns noop ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'juanpal' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'juanpal' ORDER BY id expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='juanpal' rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [juanpal/juanpal] (from client localhost port 1 cli 08-00-27-D6-27-3B) +- entering group post-auth expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/reply-detail-20090220 rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/reply-detail-20090220 expand: %t -> Fri Feb 20 11:55:31 2009 ++[reply_log] returns ok rlm_sql (sql): Processing sql_postauth expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) -> INSERT into radpostauth (id, user, pass, reply, date) values ('', 'juanpal', 'juanpal', 'Access-Accept', NOW()) rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'juanpal', 'juanpal', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok Sending Access-Accept of id 55 to 127.0.0.1 port 32793 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 127.0.0.1 port 3779, id=4, length=146 Vendor-14559-Attr-8 = 0x312e302e3132 Acct-Status-Type = Start User-Name = "juanpal" Calling-Station-Id = "08-00-27-D6-27-3B" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" Framed-IP-Address = 192.168.181.3 Acct-Session-Id = "499ee06c00000001" NAS-IP-Address = 192.168.181.1 Called-Station-Id = "08-00-27-C0-08-85" NAS-Identifier = "nas01" +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 192.168.181.1,Acct-Session-Id = "499ee06c00000001",User-Name = "juanpal"' rlm_acct_unique: Acct-Unique-Session-ID = "d2c306121c0bde41". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/detail-20090220 rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/detail-20090220 expand: %t -> Fri Feb 20 11:55:31 2009 ++[detail] returns ok expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp expand: %{User-Name} -> juanpal ++[radutmp] returns ok expand: %{User-Name} -> juanpal rlm_sql (sql): sql_set_user escaped user --> 'juanpal' expand: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') -> INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('499ee06c00000001', 'd2c306121c0bde41', 'juanpal', '', '192.168.181.1', '1', 'Wireless-802.11', '2009-02-20 11:55:31', '0', '0', '', '', '', '0', '0', '08-00-27-C0-08-85', '08-00-27-D6-27-3B', '', '', '', '192.168.181.3', '', '0') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok Sending Accounting-Response of id 4 to 127.0.0.1 port 3779 Finished request 5. Cleaning up request 5 ID 4 with timestamp +171 Going to the next request Waking up in 4.7 seconds. Cleaning up request 4 ID 55 with timestamp +171 Ready to process requests. Thanks a Lot On Fri, Feb 20, 2009 at 12:49 PM, <tnt@kalik.net> wrote:
I change the password user from md5 to User-Password and can login.
I don't know if that was the suggestion, but thanks a lot
Try with Cleartext-Password first. And use := not == as operator.
No. I ment what I wrote. User-Password shouldn't be used. Use Cleartext-Password.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Juan Pablo Botero Administrador de Sistemas informáticos http://jpill.wordpress.com eSSuX: http://slcolombia.org/eSSuX Linux Registered user #435293
participants (2)
-
Juan Pablo Botero -
tnt@kalik.net