freeradius 1.1.1 and mysql issues
Hi, I am having some issues getting users authenticated using a mysql database. Right now I simply have one user entered into the database, for testing purposes. If I use either NTRadPing from a remote machine or radtest on the actual server using the credentials in the database I get an Access-Accept packet. However, when I try to actually connect using a WinXP laptop, I continually get Access-Reject messages back. It looks like the password isn't making it across, even though I am entering this information on the laptop as it is trying to connect. When I use another user account (that is defined in the users file) to actually connect, everything works fine. Below is the output from the server running in debug mode when I tried to connect: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.1.1:2991, id=0, length=123 User-Name = "simon" NAS-IP-Address = 10.10.1.1 Called-Station-Id = "0014bff3dac8" Calling-Station-Id = "0013ce29c6d7" NAS-Identifier = "0014bff3dac8" NAS-Port = 56 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a0173696d6f6e Message-Authenticator = 0x45e7cf8668c2564bc36bea9616eced0e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 51 modcall[authorize]: module "preprocess" returns ok for request 51 modcall[authorize]: module "chap" returns noop for request 51 modcall[authorize]: module "mschap" returns noop for request 51 rlm_realm: No '@' in User-Name = "simon", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 51 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 51 users: Matched entry DEFAULT at line 157 modcall[authorize]: module "files" returns ok for request 51 radius_xlat: 'simon' rlm_sql (sql): sql_set_user escaped user --> 'simon' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'simon' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'simon' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'simon' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'simon' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 51 modcall: leaving group authorize (returns updated) for request 51 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [simon/<no User-Password attribute>] (from client linksys-434 port 56 cli 0013ce29c6d7) Delaying request 51 for 1 seconds Finished request 51 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 10.10.1.1 port 2991 Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 51 ID 0 with timestamp 447deb46 Nothing to do. Sleeping until we see a request. It seems as though the password isn't getting across, but only when I try to use credentials stored in the database. Any help here would be greatly appreciated. Thanks, Simon
hi, you say it works okay with NTRadPing and that when you use an entry in users file it works...however in the log you supplied its still matching an entry in the users file - and the server is then happy to use that matching entry rather than one in the DB. the log you posted also shows that it is attempting to use the files method...and that the match told it to use Local authentication..the database query is then superfluous. alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
simon@434canada.com