chap rlm_sql authentication problem
Andrew Long
along at escapewire.com
Fri Mar 30 15:13:17 CEST 2007
Now we're taking a step back because I tried changing the username
on the NAS and in the SQL and can no longer authenticate with :( NTRADPING.
In NTRADPING:
username: hiegalleria
password: PASSWORD_HERE
secret: unchanged, matches clients.conf
Had this working yesterday... All I changed was username in radreply,
username in radcheck, username in usergroup
rad_recv: Access-Request packet from host 192.168.10.100:49259, id=5,
length=59
User-Name = "hiegalleria_cn3200"
CHAP-Password = 0xac0b9199834a040866dd0050c44d4fdf35
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "hiegalleria_cn3200", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 13
radius_xlat: 'hiegalleria_cn3200'
rlm_sql (sql): sql_set_user escaped user --> 'hiegalleria_cn3200'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'hiegalleria_cn3200' ORDER BY
id'
--------------------------------------------------------------
1176 hiegalleria_cn3200 password PASSWORD_HERE ==
--------------------------------------------------------------
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'hiegalleria_cn3200' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
--------------------------------------------------------------
9 colubris Service-Type Administrative-User ==
--------------------------------------------------------------
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'hiegalleria_cn3200' ORDER BY
id'
--------------------------------------------------------------
195 hiegalleria_cn3200 Colubris-AVPair
access-list=loginserver,ACCEPT,tcp,xx.yy.zz.aa,all +=
196 hiegalleria_cn3200 Colubris-AVPair
default-user-smtp-redirect=xx.yy.zz.aa +=
197 hiegalleria_cn3200 Colubris-AVPair
fail-page=http://xx.yy.zz.aa/hotspots/hiegalleria/fail.html +=
198 hiegalleria_cn3200 Colubris-AVPair
login-url=http://xx.yy.zz.aa/hotspots/hiegalleria/terms.html?loginurl=%l
+=
199 hiegalleria_cn3200 Colubris-AVPair
logo=http://xx.yy.zz.aa/hotspots/hiegalleria/escapewire.gif +=
200 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-0A-B7-9D-4A-0B,bufctAP4,escapewire +=
202 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-40-96-36-09-9B,bufctAP5,escapewire +=
203 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-40-96-36-5B-8C,bufctAP8,escapewire +=
204 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-40-96-36-60-93,bufctAP7,escapewire +=
205 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-40-96-36-6D-1A,bufctAP1,escapewire +=
206 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-40-96-36-6D-FB,bufctAP6,escapewire +=
207 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-40-96-36-76-CF,bufctAP2,escapewire +=
208 hiegalleria_cn3200 Colubris-AVPair
mac-address=00-40-96-43-35-00,bufctAP3,escapewire +=
212 hiegalleria_cn3200 Colubris-AVPair
mac-address=44-45-53-54-00-00,bufmt_linksys,connect +=
213 hiegalleria_cn3200 Colubris-AVPair
session-page=http://xx.yy.zz.aa/hotspots/hiegalleria/session.html +=
214 hiegalleria_cn3200 Colubris-AVPair
transport-page=http://xx.yy.zz.aa/hotspots/hiegalleria/transport.html +=
215 hiegalleria_cn3200 Colubris-AVPair use-access-list=loginserver
+=
216 hiegalleria_cn3200 Colubris-AVPair
welcome-url=http://www.xxxxxxxx.com/h/d/ex/1/en/hotel/bufct?irs=null +=
-------------------------------------------------------------
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'hiegalleria_cn3200' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
-------------------------------------------------------------
NULL
-------------------------------------------------------------
rlm_sql (sql): Released sql socket id: 1
rlm_sql (sql): No matching entry in the database for request from user
[hiegalleria_cn3200]
modcall[authorize]: module "sql" returns notfound for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "noresetcounter" returns noop for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "dailycounter" returns noop for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "monthlycounter" returns noop for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "daypasscounter" returns noop for request 13
modcall: leaving group authorize (returns ok) for request 13
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 13
rlm_chap: login attempt by "hiegalleria_cn3200" with CHAP password
rlm_chap: Could not find clear text password for user hiegalleria_cn3200
modcall[authenticate]: module "chap" returns invalid for request 13
modcall: leaving group CHAP (returns invalid) for request 13
auth: Failed to validate the user.
Delaying request 13 for 1 seconds
Finished request 13
Going to the next request
--- Walking the entire request list ---
Regards,
Andrew Long
More information about the Freeradius-Users
mailing list