auth-type problem

liran tal liransgarage at gmail.com
Sat May 5 19:22:57 CEST 2007


Hey everyone,

I've used an older version of FreeRADIUS before (I think 1.1.0) with mysql
as a backend and all I had to do
to authenticate users is have the following entry in radcheck table: |  1 |
admin    | Password        | == | admin |
although I see some errors when using radiusd -X and the error received is
username/password not correct.
The log from freeradius is:

  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry DEFAULT at line 183
  modcall[authorize]: module "files" returns ok for request 1
radius_xlat:  'admin'
rlm_sql (sql): sql_set_user escaped user --> 'admin'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'admin'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'admin' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'admin'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
radgroupreply,usergroup WHERE usergroup.Username = 'admin' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 1
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 1
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
radius_xlat:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='admin''
sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='admin'}'
radius_xlat: Running registered xlat function of module sql for string
'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='admin''
rlm_sql (sql): - sql_xlat
radius_xlat:  'admin'
rlm_sql (sql): sql_set_user escaped user --> 'admin'
radius_xlat:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='admin''
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 1
radius_xlat:  '27'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user admin, check_item=86400, counter=27
rlm_sqlcounter: Sent Reply-Item for user admin, Type=Session-Timeout,
value=300
  modcall[authorize]: module "noresetcounter" returns ok for request 1
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "dailycounter" returns noop for request 1
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested
action.
auth: Failed to validate the user.
Login incorrect: [admin/admin] (from client localhost port 1)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...



It mentions some error about Auth-Type so I added another entry for that
user in the table which is:
|  2 | admin     | Auth-Type       | := | Local |

And then it works fine.
My question is why does it require the Auth-Type entry to be added? I've
used freeradius with mysql before without having
to enter an Auth-Type entry for each user in the radcheck table.

My radiusd.conf authenticate { } section has no sql mentioning there.
Could that be it?


Thanks in advance,
Liran.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070505/2e9b64fb/attachment.html>


More information about the Freeradius-Users mailing list