Problem about "Chap-Password" and "User-Password"
Kun Niu
haoniukun at gmail.com
Fri Jun 30 09:37:44 CEST 2006
Dear all,
I've just installed freeradius 1.0.2 on my debian3.1 system.
I've got two radius clients.
One can be authorized normally and the other one failed to be authorized.
Here's my log.
Would anyone be kind enough to analyze it for me?
Thanks in advance and any help would be appreciated.
The failing one:
rad_recv: Access-Request packet from host 192.168.1.2:1026, id=199, length=239
User-Name = "abc"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-IP-Address = 192.168.1.2
WISPr-Logoff-URL = "https://10.10.10.1/logout.user"
WISPr-Location-Name = "GEMTEK_SYSTEMS,Terminal_Worldwide"
WISPr-Location-ID = "isocc=us,cc=1,ac=408,network=GEMTEK_SYSTEMS"
Framed-IP-Address = 10.10.10.10
Calling-Station-Id = "0060B325AB48"
Called-Station-Id = "00904BBDFAD0"
Acct-Session-Id = "44A4C9148546"
User-Password = "Ye~\2409"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "abc", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 1
radius_xlat: 'abc'
rlm_sql (sql): sql_set_user escaped user --> 'abc'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'abc' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'abc' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): No matching entry in the database for request from user [abc]
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns notfound for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
modcall[authenticate]: module "unix" returns notfound for request 1
modcall: group authenticate returns notfound for request 1
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Delaying request 1 for 1 seconds
Finished request 1
The successful one:
rad_recv: Access-Request packet from host 192.168.1.1:32812, id=0, length=84
User-Name = "abc"
CHAP-Password = 0x04f97271e7e12220a7f6397cc15a62f7e2
NAS-IP-Address = 192.168.1.1
Acct-Session-Id = "5b010000"
NAS-Port = 3
CHAP-Challenge = 0x00ac45bdd7e79c6af29ee0b413c874a8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "abc", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 2
radius_xlat: 'abc'
rlm_sql (sql): sql_set_user escaped user --> 'abc'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'abc' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'abc' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'abc' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 2
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'abc'
rlm_sql (sql): sql_set_user escaped user --> 'abc'
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date)
values ('', 'abc', 'Chap-Password', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id,
user, pass, reply, date) values ('', 'abc', 'Chap-Password',
'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
modcall[post-auth]: module "sql" returns ok for request 2
modcall: group post-auth returns ok for request 2
Sending Access-Accept of id 0 to 192.168.1.1:32812
NAS-IP-Address := 255.255.255.255
Finished request 2
Sincerely,
Kun
More information about the Freeradius-Users
mailing list