chap rlm_sql authentication problem

Kevin Bonner keb at pa.net
Fri Mar 30 16:41:48 CEST 2007


On Friday 30 March 2007 09:13:17 Andrew Long wrote:
> In NTRADPING:
> username: hiegalleria
...
> rad_recv: Access-Request packet from host 192.168.10.100:49259, id=5,
> length=59
>         User-Name = "hiegalleria_cn3200"
>         CHAP-Password = 0xac0b9199834a040866dd0050c44d4fdf35

Am I missing something obvious?  How is "_cn3200" getting appended to the 
username?

> --------------------------------------------------------------
> 1176	hiegalleria_cn3200	password	PASSWORD_HERE	==
> --------------------------------------------------------------

You've heard several times that the attribute and operator need to be fixed.  
I'm just listing it again for emphasis.

> radius_xlat:  'SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupch
>e ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
> usergroup.Username = 'hiegalleria_cn3200' AND usergroup.GroupName =
> radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> --------------------------------------------------------------
> 9	colubris	Service-Type	Administrative-User	==
> --------------------------------------------------------------

If this is correct, your request will not match unless you send this 
particular Service-Type.  Looking at the request above, I don't see this 
attribute being sent in the access-request.

Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070330/66152336/attachment.pgp>


More information about the Freeradius-Users mailing list