Problem with authentication
Pablo Lucchetti
pablo at lnx.org.ar
Thu Dec 13 23:16:24 CET 2007
gessuttia:/etc/freeradius# vim sql.conf
sql {
driver = "rlm_sql_mysql"
server = "127.0.0.1"
login = "dbuser"
password = "dbpass"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
deletestalesessions = yes
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
}
~
tnt at kalik.co.yu wrote:
> sqltrace = yes?
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 13/12/2007, "Pablo Lucchetti" <pablo at lnx.org.ar> piše:
>
>> I tuned On sqltrace but nothing occurs :(
>>
>> mysql> select * from radreply;
>> +----+-----------+-------------------+----+---------------+
>> | id | UserName | Attribute | op | Value |
>> +----+-----------+-------------------+----+---------------+
>> | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 |
>> | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 |
>> +----+-----------+-------------------+----+---------------+
>> 2 rows in set (0.00 sec)
>>
>> mysql> select * from radcheck;
>> +----+-----------+---------------+----+-----------+
>> | id | UserName | Attribute | op | Value |
>> +----+-----------+---------------+----+-----------+
>> | 1 | test-user | user-password | == | test-pass |
>> +----+-----------+---------------+----+-----------+
>> 1 row in set (0.00 sec)
>>
>>
>>
>>
>>
>>
>> tnt at kalik.co.yu wrote:
>>> Switch on sqltrace in sql.conf and see what happened with the queries.
>>> You do have a password for this user in radcheck table? You have posted
>>> just radreply table.
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>> Dana 13/12/2007, "Pablo Lucchetti" <pablo at lnx.org.ar> piše:
>>>
>>>> rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6,
>>>> length=49
>>>> User-Name = "test-user"
>>>> User-Password = "test-pass"
>>>> rad_lowerpair: User-Name now 'test-user'
>>>> rad_lowerpair: User-Password now 'test-pass'
>>>> rad_rmspace_pair: User-Name now 'test-user'
>>>> rad_rmspace_pair: User-Password now 'test-pass'
>>>> Processing the authorize section of radiusd.conf
>>>> modcall: entering group authorize for request 0
>>>> modcall[authorize]: module "chap" returns noop for request 0
>>>> modcall[authorize]: module "mschap" returns noop for request 0
>>>> radius_xlat: ''
>>>> rlm_sql (sql): Reserving sql socket id: 4
>>>> rlm_sql (sql): SQL query error; rejecting user
>>>> rlm_sql (sql): Released sql socket id: 4
>>>> modcall[authorize]: module "sql" returns fail for request 0
>>>> modcall: leaving group authorize (returns fail) for request 0
>>>> There was no response configured: rejecting request 0
>>>> Server rejecting request 0.
>>>> Sending Access-Reject of id 6 to 192.168.1.109 port 1601
>>>> Finished request 0
>>>> Going to the next request
>>>> --- Walking the entire request list ---
>>>> Waking up in 6 seconds...
>>>> --- Walking the entire request list ---
>>>> Cleaning up request 0 ID 6 with timestamp 47619d3f
>>>> Nothing to do. Sleeping until we see a request.
>>>>
>>>>
>>>> tnt at kalik.co.yu wrote:
>>>>> OK. Capital X ==> radiusd -X. And send from the point the request is
>>>>> received - you can skip the server startup.
>>>>>
>>>>> Ivan Kalik
>>>>> Kalik Informatika ISP
>>>>>
>>>>>
>>>>> Dana 13/12/2007, "Pablo Lucchetti" <pablo at lnx.org.ar> piše:
>>>>>
>>>>>> gessuttia:~# freeradius -x
>>>>>> Starting - reading configuration files ...
>>>>>> Using deprecated naslist file. Support for this will go away soon.
>>>>>> Module: Loaded PAP
>>>>>> Module: Instantiated pap (pap)
>>>>>> Module: Loaded CHAP
>>>>>> Module: Instantiated chap (chap)
>>>>>> Module: Loaded MS-CHAP
>>>>>> Module: Instantiated mschap (mschap)
>>>>>> Module: Loaded SQL
>>>>>> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
>>>>>> rlm_sql (sql): Attempting to connect to root at 127.0.0.1:/radius
>>>>>> rlm_sql (sql): starting 0
>>>>>> rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
>>>>>> rlm_sql_mysql: Starting connect to MySQL server for #0
>>>>>> rlm_sql (sql): Connected new DB handle, #0
>>>>>> rlm_sql (sql): starting 1
>>>>>> rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
>>>>>> rlm_sql_mysql: Starting connect to MySQL server for #1
>>>>>> rlm_sql (sql): Connected new DB handle, #1
>>>>>> rlm_sql (sql): starting 2
>>>>>> rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
>>>>>> rlm_sql_mysql: Starting connect to MySQL server for #2
>>>>>> rlm_sql (sql): Connected new DB handle, #2
>>>>>> rlm_sql (sql): starting 3
>>>>>> rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
>>>>>> rlm_sql_mysql: Starting connect to MySQL server for #3
>>>>>> rlm_sql (sql): Connected new DB handle, #3
>>>>>> rlm_sql (sql): starting 4
>>>>>> rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
>>>>>> rlm_sql_mysql: Starting connect to MySQL server for #4
>>>>>> rlm_sql (sql): Connected new DB handle, #4
>>>>>> Module: Instantiated sql (sql)
>>>>>> Module: Loaded Acct-Unique-Session-Id
>>>>>> Module: Instantiated acct_unique (acct_unique)
>>>>>> Initializing the thread pool...
>>>>>> Listening on authentication *:1812
>>>>>> Listening on accounting *:1813
>>>>>> Ready to process requests.
>>>>>>
>>>>>> sql.conf
>>>>>>
>>>>>> sql {
>>>>>> driver = "rlm_sql_mysql"
>>>>>>
>>>>>> server = "127.0.0.1"
>>>>>> login = "dbuser"
>>>>>> password = "dbpass"
>>>>>> radius_db = "radius"
>>>>>>
>>>>>> acct_table1 = "radacct"
>>>>>> acct_table2 = "radacct"
>>>>>>
>>>>>> postauth_table = "radpostauth"
>>>>>> authcheck_table = "radcheck"
>>>>>> authreply_table = "radreply"
>>>>>> groupcheck_table = "radgroupcheck"
>>>>>> groupreply_table = "radgroupreply"
>>>>>> usergroup_table = "usergroup"
>>>>>>
>>>>>> deletestalesessions = yes
>>>>>>
>>>>>> sqltrace = no
>>>>>> sqltracefile = ${logdir}/sqltrace.sql
>>>>>>
>>>>>> num_sql_socks = 5
>>>>>> connect_failure_retry_delay = 60
>>>>>>
>>>>>> }
>>>>>>
>>>>>> radreoply table
>>>>>>
>>>>>> mysql> select * from radreply;
>>>>>> +----+-----------+-------------------+----+---------------+
>>>>>> | id | UserName | Attribute | op | Value |
>>>>>> +----+-----------+-------------------+----+---------------+
>>>>>> | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 |
>>>>>> | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 |
>>>>>> +----+-----------+-------------------+----+---------------+
>>>>>> 2 rows in set (0.00 sec)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> tnt at kalik.co.yu wrote:
>>>>>>> Send radiusd -X output. Have you done something to sql.conf apart from
>>>>>>> database connection details?
>>>>>>>
>>>>>>> Ivan Kalik
>>>>>>> Kalik Informatika ISP
>>>>>>>
>>>>>>>
>>>>>>> Dana 13/12/2007, "Pablo Lucchetti" <pablo at lnx.org.ar> piše:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I've a Freeradius on a Debian Etch with Mysql but when I'm triying to
>>>>>>>> test with NTRadPing always got the same error.
>>>>>>>> The user already exists in database
>>>>>>>>
>>>>>>>>
>>>>>>>> rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2,
>>>>>>>> length=49
>>>>>>>> User-Name = "test-user"
>>>>>>>> User-Password = "test-pass"
>>>>>>>> rlm_sql (sql): Reserving sql socket id: 4
>>>>>>>> rlm_sql (sql): SQL query error; rejecting user
>>>>>>>> rlm_sql (sql): Released sql socket id: 4
>>>>>>>> Sending Access-Reject of id 2 to 192.168.1.109 port 4027
>>>>>>>>
>>>>>>>>
>>>>>>>> Any help please?
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks in advance,
>>>>>>>> Pablo
>>>>>>>> -
>>>>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>>>>>>
>>>>>>>>
>>>>>>> -
>>>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>>>>
>>>>>>> __________ Información de NOD32, revisión 2721 (20071213) __________
>>>>>>>
>>>>>>> Este mensaje ha sido analizado con NOD32 antivirus system
>>>>>>> http://www.nod32.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> -
>>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>>>>
>>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>>
>>>>> __________ Información de NOD32, revisión 2721 (20071213) __________
>>>>>
>>>>> Este mensaje ha sido analizado con NOD32 antivirus system
>>>>> http://www.nod32.com
>>>>>
>>>>>
>>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>>
>>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>> __________ Información de NOD32, revisión 2721 (20071213) __________
>>>
>>> Este mensaje ha sido analizado con NOD32 antivirus system
>>> http://www.nod32.com
>>>
>>>
>>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> __________ Información de NOD32, revisión 2721 (20071213) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
>
>
More information about the Freeradius-Users
mailing list