RLM_PERL Integration Issue
FreeRadius-ML
freeradius at zap2link.com
Tue Jul 17 23:25:07 CEST 2007
Hi Alan,
Ok, after removing everything, reverting back to FreeRadius 1.1.6 release, re-writing the configs, synchronizing the dictionaries properly - I managed to make the radclient test work for me correctly, which means that the FreeRadius server is working properly for me.
Now, I've attached the OpenSER SIP proxy, and now upon registration of a SIP phone, the following can be seen from in the debug log:
--- Walking the entire request list ---
Cleaning up request 16 ID 204 with timestamp 469a4341
Sending Access-Reject of id 205 to 192.168.2.80 port 50226
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.2.80:50227, id=206, length=67
User-Name = "101 at 192.168.2.80"
X-Ascend-PPP-VJ-1172 = 0x73757370656e646564
Service-Type = Voice
NAS-Port = 0
NAS-IP-Address = 192.168.2.80
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
modcall[authorize]: module "preprocess" returns ok for request 18
modcall[authorize]: module "chap" returns noop for request 18
modcall[authorize]: module "mschap" returns noop for request 18
modcall[authorize]: module "digest" returns noop for request 18
rlm_realm: Looking up realm "192.168.2.80" for User-Name = "101 at 192.168.2.80"
rlm_realm: No such realm "192.168.2.80"
modcall[authorize]: module "suffix" returns noop for request 18
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 18
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 236
modcall[authorize]: module "files" returns ok for request 18
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 18
modcall: leaving group authorize (returns ok) for request 18
rad_check_password: Found Auth-Type Reject
rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect: [101 at 192.168.2.80/<no User-Password attribute>] (from client private-network-1 port 0)
Delaying request 18 for 1 seconds
Finished request 18
Going to the next request
Waking up in 4 seconds...
I can understand now that authorize is working nicely, but the Authentication section is wrong.
I know there's alot of shit in radiusd.conf, however, it shouldn't prevent from the basics to work
correctly, no?
Z2L
----- Original Message -----
From: "Alan DeKok" <aland at deployingradius.com>
To: freeradius at zap2link.com, "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: 21:31:08 (GMT+0200) Asia/Jerusalem יום שלישי 17 יולי 2007
Subject: Re: RLM_PERL Integration Issue
FreeRadius-ML wrote:
> 1. I've removed all the rlm_perl configurations from the radiusd.conf file, and
> enabled the digest authentication back.
> 2. I've added to my users file the following lines:
>
> 101 at 192.168.2.80 Auth-Type := Digest, User-Password == "101"
> Reply-Message = "Authenticated"
Don't set Auth-Type. The server will figure it out on it's own.
Hmm.. the "digest" module wasn't updated to use Cleartext-Password.
Still, you should be using:
10 at 192.168.2.80 Cleartext-Password := "101"
Reply-Message = "Authenticated".
> I'm using version 1.1.7pre3
Huh? 1.1.7 isn't out, and nothing we've released is called "-pre3".
Alan DeKok.
More information about the Freeradius-Users
mailing list