Problems Using Digest-HA1 with MySQL storage backend

Tavis P tavis.lists at galaxytelecom.net
Thu Jun 15 01:09:52 CEST 2006 

I just installed Freeradius 1.1.2 to see how the Digest-HA1
modifications work and i was unable get it to work when using a
sql/mysql storage backend.
Manually defining the user/attribute in the "users" file works

I had a look at the wiki on the freeradius site however it doesn't
mention anything regarding a SQL backend, am i missing somthing?



Output from radiusd -X:

rad_recv: Access-Request packet from host 127.0.0.1:32923, id=186,
length=258
    User-Name = "200110005339 at hq.galnet.ca"
    Digest-Attributes = 0x0a0e323030313130303035333339
    Digest-Attributes = 0x010e68712e67616c6e65742e6361
    Digest-Attributes =
0x022a34343930393537353134653736633735626235613463353361636163373161393264323365623339
    Digest-Attributes = 0x04177369703a737062332e68712e67616c6e65742e6361
    Digest-Attributes = 0x030a5245474953544552
    Digest-Attributes = 0x050661757468
    Digest-Attributes = 0x090a3030303030303031
    Digest-Attributes = 0x080a3764626539636533
    Digest-Response = "054d7dc7b2d6d969bcd60c5000d1bf3c"
    Service-Type = IAPP-Register
    Sip-Uri-User = "200110005339"
    NAS-Port = 5060
    NAS-IP-Address = 127.0.0.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 37
  modcall[authorize]: module "preprocess" returns ok for request 37
    rlm_realm: Looking up realm "hq.galnet.ca" for User-Name =
"200110005339 at hq.galnet.ca"
    rlm_realm: Found realm "DEFAULT"
    rlm_realm: Adding Stripped-User-Name = "200110005339"
    rlm_realm: Proxying request from user 200110005339 to realm DEFAULT
    rlm_realm: Adding Realm = "DEFAULT"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "DEFAULT" returns noop for request 37
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 37
radius_xlat:  '200110005339'
rlm_sql (sql): sql_set_user escaped user --> '200110005339'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radius_check
WHERE Username = '200110005339' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  ''
radius_xlat:  'SELECT
id,UserName,Attribute,CONCAT(IFNULL(SubAttribute,''), IFNULL(Value, ''))
AS Value,op FROM radius_reply WHERE Username = '200110005339' ORDER BY id'
radius_xlat:  ''
rlm_sql (sql): Released sql socket id: 2
rlm_sql (sql): No matching entry in the database for request from user
[200110005339]
  modcall[authorize]: module "sql" returns notfound for request 37
    users: Matched entry DEFAULT at line 11
  modcall[authorize]: module "files" returns ok for request 37
modcall: leaving group authorize (returns ok) for request 37
  rad_check_password:  Found Auth-Type Digest
auth: type "digest"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 37
rlm_digest: Configuration item "User-Password" or Digest-HA1 is required
for authentication.
  modcall[authenticate]: module "digest" returns invalid for request 37
modcall: leaving group authenticate (returns invalid) for request 37
auth: Failed to validate the user.
Sending Access-Reject of id 186 to 127.0.0.1 port 32923
Finished request 37

MySQL output when manually executing the queries defined above:

mysql> SELECT id,UserName,Attribute,Value,op FROM radius_check WHERE
Username = '200110005339' ORDER BY id;
+----+--------------+--------------+----------------------------------+----+
| id | UserName     | Attribute    | Value                            | op |
+----+--------------+--------------+----------------------------------+----+
| 17 | 200110005339 | Digest-HA1 | e5282fc6665a69aed77b7d0a42d8f544 | =  |
+----+--------------+--------------+----------------------------------+----+
1 row in set (0.00 sec)

mysql> SELECT id,UserName,Attribute,CONCAT(IFNULL(SubAttribute,''),
IFNULL(Value, '')) AS Value,op FROM radius_reply WHERE Username =
'200110005339' ORDER BY id
    -> ;
+----+--------------+-----------+------------+----+
| id | UserName     | Attribute | Value      | op |
+----+--------------+-----------+------------+----+
| 24 | 200110005339 | SIP-AVP   | is_local#1 | += |
+----+--------------+-----------+------------+----+
1 row in set (0.00 sec)


Database Schemas(MySQL 5.0.22):

CREATE TABLE `radius_check` (
  `id` int(11) unsigned NOT NULL auto_increment,
  `UserName` varchar(64) NOT NULL default '',
  `Attribute` varchar(32) NOT NULL default '',
  `op` char(2) NOT NULL default '==',
  `Value` varchar(253) NOT NULL default '',
  PRIMARY KEY  (`id`),
  KEY `UserName` (`UserName`(32))
) ENGINE=MyISAM DEFAULT CHARSET=latin1

CREATE TABLE `radius_reply` (
  `id` int(11) unsigned NOT NULL auto_increment,
  `UserName` varchar(64) NOT NULL default '',
  `Attribute` varchar(32) NOT NULL default '',
  `SubAttribute` varchar(64) default NULL,
  `op` char(2) NOT NULL default '=',
  `Value` varchar(253) NOT NULL default '',
  PRIMARY KEY  (`id`),
  KEY `UserName` USING BTREE (`UserName`(32),`SubAttribute`(32))
) ENGINE=MyISAM DEFAULT CHARSET=latin1

More information about the Freeradius-Users mailing list