Realm users authentication failure

Luca Corti cortez at tiscali.it
Wed Oct 19 23:54:31 CEST 2005


On Wed, 2005-10-19 at 00:10 +0200, Luca Corti wrote:

I've done further debugging on this with 'radiusd -X', here's what I
get:


  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: Looking up realm "otherrealm" for User-Name =
"user at otherrealm"
    rlm_realm: Found realm "otherrealm"
    rlm_realm: Proxying request from user user to realm othereralm
    rlm_realm: Adding Realm = "otherrealm"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 1
radius_xlat:  'user at otherrealm'
rlm_sql (sql): sql_set_user escaped user --> 'user at otherrealm'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'user at otherealm' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user at otherrealm' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'user at otherrealm' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'user at otherrealm' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): No matching entry in the database for request from user
[user at otherrealm]
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns notfound for request 1
modcall: group authorize returns noop for request 1
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user


I've searched the mailing-list archives and google looking for similar
problems, and they suggest to set Auth-Type := Local in the
radgroupcheck table. I've done this, but I get the same result.

Also my users in the stripped realm don't have Auth-Type set and they
authenticate correctly.

thanks

-- 
Luca Corti
PGP Key ID 1F38C091
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051019/2b44008d/attachment.pgp>


More information about the Freeradius-Users mailing list