RE: Re: freeradius 1.1.1 and mysql issues
Hi, I have tried reordering the elements in the radiusd.conf file so that the database is tried first, and then commented out the section to check the users file, and I am still having the same issues. Here is the output again: Ready to process requests. rad_recv: Access-Request packet from host 10.10.1.1:1320, id=0, length=123 User-Name = "simon" NAS-IP-Address = 10.10.1.1 Called-Station-Id = "0014bff3dac8" Calling-Station-Id = "0013ce29c6d7" NAS-Identifier = "0014bff3dac8" NAS-Port = 56 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a0173696d6f6e Message-Authenticator = 0x68b3f01e605eb032281dd6c99dfd9e52 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "simon", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'simon' rlm_sql (sql): sql_set_user escaped user --> 'simon' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'simon' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'simon' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'simon' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'simon' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [simon/<no User-Password attribute>] (from client linksys-434 port 56 cli 0013ce29c6d7) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 10.10.1.1 port 1320 Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 447ef7e2 Nothing to do. Sleeping until we see a request. As before, it still authenticates perfectly when I try it with either NTRadPing or radtest. Thanks again, Simon
hi,
you say it works okay with NTRadPing and that when you use an entry in users file it works...however in the log you supplied its still matching an entry in the users file - and the server is then happy to use that matching entry rather than one in the DB. the log you posted also shows that it is attempting to use the files method...and that the match told it to use Local authentication..the database query is then superfluous.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [simon/<no User-Password attribute>] (from client linksys->434 port 56 cli 0013ce29c6d7)
There is no password ? Is that okay? You can set Auth-Type to Accept if the user is found in sql ! If that is what you actually want. Regards, Edvin
Hi,
I have tried reordering the elements in the radiusd.conf file so that the database is tried first, and then commented out the section to check the users file, and I am still having the same issues.
Here is the output again:
modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
auth: Failed to validate the user. Login incorrect: [simon/<no User-Password attribute>] (from client linksys-434 port 56 cli 0013ce29c6d7) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
check the logs when you run NTRadPing etc - it looks like the linksys isnt sending all it needs to send. alan
simon@434canada.com wrote:
I have tried reordering the elements in the radiusd.conf file so that the database is tried first, and then commented out the section to check the users file, and I am still having the same issues.
Re-ordering radiusd.conf won't help. The problem is the broken configuration. 1) The server is receiving an EAP request 2) You're forcing it to do Auth-Type of Local. 3) therefore it's not doing EAP, *or* Local. Stop setting Auth-Type. You're breaking the server. Alan DeKok.
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Seferovic Edvin -
simon@434canada.com