chap rlm_sql authentication problem

Andrew Long along at escapewire.com
Fri Mar 30 15:13:17 CEST 2007


Now we're taking a step back because I tried changing the username 
on the NAS and in the SQL and can no longer authenticate with :( NTRADPING.

In NTRADPING:
username: hiegalleria
password: PASSWORD_HERE
secret: unchanged, matches clients.conf


Had this working yesterday... All I changed was username in radreply,
username in radcheck, username in usergroup

rad_recv: Access-Request packet from host 192.168.10.100:49259, id=5,
length=59
        User-Name = "hiegalleria_cn3200"
        CHAP-Password = 0xac0b9199834a040866dd0050c44d4fdf35
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
  modcall[authorize]: module "preprocess" returns ok for request 13
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 13
  modcall[authorize]: module "mschap" returns noop for request 13
    rlm_realm: No '@' in User-Name = "hiegalleria_cn3200", looking up realm
NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 13
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 13
radius_xlat:  'hiegalleria_cn3200'
rlm_sql (sql): sql_set_user escaped user --> 'hiegalleria_cn3200'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'hiegalleria_cn3200'           ORDER BY
id'
--------------------------------------------------------------
1176	hiegalleria_cn3200	password	PASSWORD_HERE	==
--------------------------------------------------------------
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'hiegalleria_cn3200' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
--------------------------------------------------------------
9	colubris	Service-Type	Administrative-User	==
--------------------------------------------------------------
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'hiegalleria_cn3200'           ORDER BY
id'
--------------------------------------------------------------
195	hiegalleria_cn3200	Colubris-AVPair
access-list=loginserver,ACCEPT,tcp,xx.yy.zz.aa,all	+=
196	hiegalleria_cn3200	Colubris-AVPair
default-user-smtp-redirect=xx.yy.zz.aa	+=
197	hiegalleria_cn3200	Colubris-AVPair
fail-page=http://xx.yy.zz.aa/hotspots/hiegalleria/fail.html	+=
198	hiegalleria_cn3200	Colubris-AVPair
login-url=http://xx.yy.zz.aa/hotspots/hiegalleria/terms.html?loginurl=%l
+=
199	hiegalleria_cn3200	Colubris-AVPair
logo=http://xx.yy.zz.aa/hotspots/hiegalleria/escapewire.gif	+=
200	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-0A-B7-9D-4A-0B,bufctAP4,escapewire	+=
202	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-40-96-36-09-9B,bufctAP5,escapewire	+=
203	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-40-96-36-5B-8C,bufctAP8,escapewire	+=
204	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-40-96-36-60-93,bufctAP7,escapewire	+=
205	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-40-96-36-6D-1A,bufctAP1,escapewire	+=
206	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-40-96-36-6D-FB,bufctAP6,escapewire	+=
207	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-40-96-36-76-CF,bufctAP2,escapewire	+=
208	hiegalleria_cn3200	Colubris-AVPair
mac-address=00-40-96-43-35-00,bufctAP3,escapewire	+=
212	hiegalleria_cn3200	Colubris-AVPair
mac-address=44-45-53-54-00-00,bufmt_linksys,connect	+=
213	hiegalleria_cn3200	Colubris-AVPair
session-page=http://xx.yy.zz.aa/hotspots/hiegalleria/session.html	+=
214	hiegalleria_cn3200	Colubris-AVPair
transport-page=http://xx.yy.zz.aa/hotspots/hiegalleria/transport.html	+=
215	hiegalleria_cn3200	Colubris-AVPair	use-access-list=loginserver
+=
216	hiegalleria_cn3200	Colubris-AVPair
welcome-url=http://www.xxxxxxxx.com/h/d/ex/1/en/hotel/bufct?irs=null	+=
-------------------------------------------------------------
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = 'hiegalleria_cn3200' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
-------------------------------------------------------------
NULL
-------------------------------------------------------------
rlm_sql (sql): Released sql socket id: 1
rlm_sql (sql): No matching entry in the database for request from user
[hiegalleria_cn3200]
  modcall[authorize]: module "sql" returns notfound for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "noresetcounter" returns noop for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "dailycounter" returns noop for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 13
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "daypasscounter" returns noop for request 13
modcall: leaving group authorize (returns ok) for request 13
  rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 13
  rlm_chap: login attempt by "hiegalleria_cn3200" with CHAP password
  rlm_chap: Could not find clear text password for user hiegalleria_cn3200
  modcall[authenticate]: module "chap" returns invalid for request 13
modcall: leaving group CHAP (returns invalid) for request 13
auth: Failed to validate the user.
Delaying request 13 for 1 seconds
Finished request 13
Going to the next request
--- Walking the entire request list ---

Regards,

Andrew Long





More information about the Freeradius-Users mailing list