I've setup freeradius by following the "Using Oracle as a Backend DB for a Radius Server" document at www.ceta.ufm.edu.gt. The server will load the rlm_sql_oracle module and start. It is also communicating with the database properly. However, It will not authenticate users from that database. I get the following messages by watching the output of "radiusd -X" <snip> modcall[authorize]: module "sql" returns ok for request 8 modcall: group authorize returns ok for request 8 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 modcall[authenticate]: module "unix" returns notfound for request 8 modcall: group authenticate returns notfound for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.28.4.10:32770, id=13, length=102 Sending Access-Reject of id 13 to 10.28.4.10:32770 <snip> It will authenticate usernames that exist on the local system. It seems that it is defaulting to checking the password on the system instead of the password stored in the database table. Should I set a specific Auth-Type in the radreply table or is my problem due to misconfiguration of radiusd.conf? Thanks in advance, Sam
1. Update - 1.0.2 is years out of date. 2. Delete (comment out) DEFAULT entry setting Auth-Type System from the users file (if you don't plan to use it). 3. Post the debug from the request. Ivan Kalik Kalik Informatika ISP Dana 8/10/2007, "Sam Gibbs" <spgibbs@gmail.com> piše:
I've setup freeradius by following the "Using Oracle as a Backend DB for a Radius Server" document at www.ceta.ufm.edu.gt. The server will load the rlm_sql_oracle module and start. It is also communicating with the database properly. However, It will not authenticate users from that database.
I get the following messages by watching the output of "radiusd -X" <snip> modcall[authorize]: module "sql" returns ok for request 8 modcall: group authorize returns ok for request 8 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 modcall[authenticate]: module "unix" returns notfound for request 8 modcall: group authenticate returns notfound for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.28.4.10:32770, id=13, length=102 Sending Access-Reject of id 13 to 10.28.4.10:32770 <snip>
It will authenticate usernames that exist on the local system. It seems that it is defaulting to checking the password on the system instead of the password stored in the database table.
Should I set a specific Auth-Type in the radreply table or is my problem due to misconfiguration of radiusd.conf?
Thanks in advance, Sam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 10/8/07, tnt@kalik.co.yu <tnt@kalik.co.yu> wrote:
1. Update - 1.0.2 is years out of date.
Thanks, I will update. The doc I followed specified 1.0.2.
2. Delete (comment out) DEFAULT entry setting Auth-Type System from the users file (if you don't plan to use it).
I've commented out these two lines: DEFAULT Auth-Type = System Fall-Through = 1
3. Post the debug from the request.
It now works with oracle users! rad_recv: Access-Request packet from host 10.1.9.92:2879, id=12, length=46 User-Name = "guest2" User-Password = "guest2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "guest2", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 radius_xlat: 'guest2' rlm_sql (sql): sql_set_user escaped user --> 'guest2' <several sql select statements> rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 12 to 10.1.9.92:2879 Finished request 0 Thanks for your help, Ivan. Sam
participants (2)
-
Sam Gibbs -
tnt@kalik.co.yu