read_groups in cvs

Duane Cox duanec at mail.illicom.net
Mon Aug 14 16:14:43 CEST 2006 

> > On the todo list for Monday, if additional debug output is needed.
>
> I wouldn't have asked for it if I didn't need it...
>

<debug radiusd -X>
rad_recv: Access-Request packet from host 10.0.0.11 port 1145, id=104, length=56
        User-Name = "dcox at illicom.net"
        User-Password = "XXXX"
  Processing the authorize section of radiusd.conf
modcall:  entering group authorize for request 1
    rlm_realm: Looking up realm "illicom.net" for User-Name = "dcox at illicom.net"
    rlm_realm: Found realm "illicom.net"
    rlm_realm: Adding Stripped-User-Name = "dcox"
    rlm_realm: Proxying request from user dcox to realm illicom.net
    rlm_realm: Adding Realm = "illicom.net"
    rlm_realm: Authentication realm is LOCAL.
    rlm_realm: Request already proxied.  Ignoring.
radius_xlat:  'dcox'
radius_xlat:  'dcox'
rlm_sql (sql): sql_set_user escaped user --> 'dcox'
rlm_sql (sql): Reserving sql socket id: 7
radius_xlat:  'select id, username, attribute, value, op                                   from radcheck
where username = 'dcox'                                   order by id'
rlm_sql (sql): User found in radcheck table
radius_xlat:  'select id, username, attribute, value, op                                   from radreply   where username = 'dcox'
order by id'
rlm_sql (sql): Released sql socket id: 7
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type pap
auth: type "PAP"
  Processing the authenticate section of radiusd.conf
modcall:  entering group PAP for request 1
rlm_pap: login attempt with password eldon
rlm_pap: Using clear text password.
rlm_pap: User authenticated succesfully
modcall: group PAP returns ok for request 1
Login OK: [dcox at illicom.net] (from client webclient port 0)
  Processing the post-auth section of radiusd.conf
modcall:  entering group post-auth for request 1
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'dcox'
rlm_sql (sql): sql_set_user escaped user --> 'dcox'
radius_xlat: Running registered xlat function of module config for string 'client[%{Packet-Src-IP-Address}].shortname'
radius_xlat:  'client[10.0.0.11]'
radius_xlat:  'exec radpostauth 'dcox at illicom.net',                                        'XXX',    'Access-Accept',
'10.0.0.11',                                        '',    '',                                     '',
'',                                     '',    'webclient''
rlm_sql (sql) in sql_postauth: query is exec radpostauth 'dcox at illicom.net',                                       'XXX',
'Access-Accept',                                        '10.0.0.11',                                        '',    '',
'',                                     '',                                     '',    'webclient'
rlm_sql (sql): Reserving sql socket id: 6
rlm_sql (sql): Released sql socket id: 6
modcall: group post-auth returns ok for request 1
Sending Access-Accept of id 104 to 10.0.0.11 port 1145
        Service-Type = Authenticate-Only
        Session-Timeout = 86400
Finished request 1
Going to the next request


>
> > But I am using a recent (-7 days ago) cvs checkout of 2.0.0pre0
> >
> > I don't have any debug output right now, but it's rather obvious to
> > me that the server doesn't process the radcheckgroup /
> > radreplygroup in rlm_sql unless the fall-through = yes is found in
> > the radreply for the user, which contradicts the docs (3d) as
> > posted below.
>
> That's all well and good, but I need the debug output to see *what*
> the server is doing for/to you and *why* its doing it, especially if
> you want *me* to fix it...
>
>
> > Meanwhile, I have set the fall-through = yes during the radreply
> > for now to get it to process the groups...
>
> Make sure your debug output is *without* having "Fall-Through" set in
> radreply.

done as requested.

>
>
> --Mike

More information about the Freeradius-Users mailing list