Please HELP!!! Any ideas??? MySQL and users file... Difference???

Gerry Dalton gerry at wts.net
Sat Feb 25 14:53:01 CET 2006


This is just a quess......
Since you are doing a sql look-up, I will bet it does the select * 
from xxx where username like btest.  It returns both records, but 
only processes the first record, the passwords don't match and 
fails.  I'll bet if you only have a single encrypted entry that will work.

This is just a guess on my part but give it a shot.

Gerry


At 12:25 AM 2/25/2006, you wrote:
>Please anybody help me... I am reposting this message, since I am
>hitting the dead end with this issue....
>
>Thanks in advance...
>
>
>Hi to all...
>Does anyone have any idea why placing the following two lines into
>users file works perfectly with both PAP and CHAP
>users
>btest   User-Password == Master1
>btest   Crypt-Password == "$1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1"
>
>whereas  placing the same two records into radcheck table doesn't work
>for PAP it does however work for  CHAP?
>username |      att                | op |    val
>--------------+-------------------------+----+-----------
>btest        | User-Password  | == | Master1
>btest        | Crypt-Password | == | $1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1
>
>It seems that rlm_sql is hitting the unencrypted password only,
>whereas encryption-scheme in radiusd.conf is defined crypt...
>Am I missing something?
>
>Any help will be appreciated
>Alex Savguira
>
>radius -X  (version 1.0.4 ) says
>
>rad_recv: Access-Request packet from host 192.168.0.8:4544, id=47, length=45
>        User-Name = "btest"
>        User-Password = "Master1"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>    rlm_realm: No '@' in User-Name = "btest", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>    users: Matched entry DEFAULT at line 171
>    users: Matched entry DEFAULT at line 173
>  modcall[authorize]: module "files" returns ok for request 0
>radius_xlat:  'btest'
>rlm_sql (sql): sql_set_user escaped user --> 'btest'
>radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck
>WHERE Username = 'btest' ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 4
>radius_xlat:  'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
>  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND
>usergroup.GroupName = radgroupcheck.GroupName ORDER BY
>radgroupcheck.id'
>radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply
>WHERE Username = 'btest' ORDER BY id'
>radius_xlat:  'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
>  FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND
>usergroup.GroupName = radgroupreply.GroupName ORDER BY
>radgroupreply.id'
>rlm_sql (sql): Released sql socket id: 4
>  modcall[authorize]: module "sql" returns ok for request 0
>  modcall[authorize]: module "domainmschap" returns noop for request 0
>modcall: group authorize returns ok for request 0
>  rad_check_password:  Found Auth-Type PAP
>auth: type "PAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group Auth-Type for request 0
>rlm_pap: login attempt by "btest" with password Master1
>rlm_pap: Using password "Master1" for user btest authentication.
>rlm_pap: Using CRYPT encryption.
>rlm_pap: Passwords don't match
>  modcall[authenticate]: module "pap" returns reject for request 0
>modcall: group Auth-Type returns reject for request 0
>auth: Failed to validate the user.
>Login incorrect (rlm_pap: CRYPT password check failed):
>[btest/Master1] (from client rasdata port 0)
>Delaying request 0 for 1 seconds
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 47 to 192.168.0.8:4544
>Waking up in 4 seconds...
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list