Multiple Authentication REALMS - I hope in Plain Text

Shepherd, Dave Dave.Shepherd at compass-group.co.uk
Mon Jun 20 15:13:17 CEST 2005 

Alan,

   Thanks for the advice;

	"As always, start with the default configuration: it works"

   As I've now got it working for my standard config. 

   However, I still seem to be getting the request marked as complete
after the authorize section:-

Thread 1 handling request 0, (1 handled so far)
Waking up in 5 seconds...
        User-Name = "unextest20"
        User-Password = "*****"
        Called-Station-Id = "**********"
rad_lowerpair:  User-Name now 'unextest20'
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
    users: Matched DEFAULT at 21
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'unextest20'
rlm_sql (sql): sql_set_user escaped user --> 'unextest20'
radius_xlat:  'SELECT id, UserName, Attribute, Value, Op ??FROM radcheck
??WHERE Username = 'unextest20' ??ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 9
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
??FROM radcheck ??WHERE Username = 'unextest20' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat:  'SELECT radgroupcheck.id, radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup ??WHERE usergroup.Username = 'unextest20' AND
usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY
radgroupcheck.id'
rlm_sql_postgresql: query: SELECT radgroupcheck.id,
radgroupcheck.GroupName, ??radgroupcheck.Attribute,
radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup
??WHERE usergroup.Username = 'unextest20' AND usergroup.GroupName =
radgroupcheck.GroupName ??ORDER BY radgroupcheck.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat:  'SELECT id, UserName, Attribute, Value, Op ??FROM radreply
??WHERE Username = 'unextest20' ??ORDER BY id'
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
??FROM radreply ??WHERE Username = 'unextest20' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
radius_xlat:  'SELECT radgroupreply.id, radgroupreply.GroupName,
radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup ??WHERE usergroup.Username = 'unextest20' AND
usergroup.GroupName = radgroupreply.GroupName ??ORDER BY
radgroupreply.id'
rlm_sql_postgresql: query: SELECT radgroupreply.id,
radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value,
radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE
usergroup.Username = 'unextest20' AND usergroup.GroupName =
radgroupreply.GroupName ??ORDER BY radgroupreply.id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): Released sql socket id: 9
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
Finished request 0

This only occurs when I match the following in my users file:

# NexUS RAS
DEFAULT Called-Station-Id == "********", Proxy-To-Realm := "sloxldap"
        Fall-Through = No

If I match on my other statements, the user authenticates as expected.

Any thoughts as to why this might be happening.

I'm on version 0.9.3.

TIA

Dave Shepherd

> -----Original Message-----
> From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-
> users-bounces at lists.freeradius.org] On Behalf Of Alan DeKok
> Sent: 14 June 2005 18:33
> To: FreeRadius users mailing list
> Subject: Re: Multiple Authentication REALMS - I hope in Plain Text
> 
> "Shepherd, Dave" <Dave.Shepherd at compass-group.co.uk> wrote:
> >     realm SPECIAL {
> >         type    = radius
> >         authhost        = LOCAL
> >         accthost        = LOCAL
> >     }
> 
>   In the latest versions, this is realm "LOCAL", but that doesn't make
> too much difference.
> 
> >         Auth-Type {
> >                 mschap
> >         }
> 
>   Are you sure?  How about "Auth-Type mschap {" ...
> 
> > modcall: group authorize returns updated for request 14
> > Finished request 14
> 
>   Hmm... something is marking the request as done, without calling the
> "authenticate" section.  I have no idea why, and I don't recall ever
> seeing anything like that.
> 
> > If one of you guys has had to do something similar, or can see any
> > glaring omissions in my config (which I seem to think there is)
could
> > you please point me in the right direction.
> 
>   As always, start with the default configuration: it works.
> 
>   Then, gradually add your edits, testing after every edit, to be sure
> that it still works.  Once you're done, you should have your local
> configuration , and it should still work.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list