authentication problem with sql

hadi golestani hadi.golestani at gmail.com
Tue Oct 23 15:27:23 CEST 2007 

Hi,
my freeradius works well with users files users but when I test it with one
of my users that is stored in db, the authentication fails.
what is needed to authenticate users that are stored in db.

two debug mode output is attached:
it's debug response for a user that is stored in db:

rad_recv: Access-Request packet from host 127.0.0.1:1029, id=90, length=58
        User-Name = "n2test"
        User-Password = "n2test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1645
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "n2test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry DEFAULT at line 154
  modcall[authorize]: module "files" returns ok for request 1
radius_xlat:  'n2test'
rlm_sql (sql): sql_set_user escaped user --> 'n2test'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'n2test'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'n2test' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'n2test'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
radgroupreply,usergroup WHERE usergroup.Username = 'n2test' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 1
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  modcall[authenticate]: module "unix" returns notfound for request 1
modcall: leaving group authenticate (returns notfound) for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 90 to 127.0.0.1 port 1029
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 90 with timestamp 471de1e9
Nothing to do.  Sleeping until we see a request.



and it's the output for a normal user that is stored in users file:

rad_recv: Access-Request packet from host 127.0.0.1:1029, id=43, length=62
        User-Name = "normaltest"
        User-Password = "normaltest"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1645
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "normaltest", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry normaltest at line 1
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'normaltest'
rlm_sql (sql): sql_set_user escaped user --> 'normaltest'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'normaltest'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User normaltest not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'normaltest' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
radgroupreply,usergroup WHERE usergroup.Username = 'normaltest' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User normaltest not found in radgroupcheck
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): User not found
  modcall[authorize]: module "sql" returns notfound for request 0
  modcall[authorize]: module "pap" returns updated for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type pap
auth: type "PAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group PAP for request 0
rlm_pap: login attempt with password normaltest
rlm_pap: Using clear text password "normaltest".
rlm_pap: User authenticated successfully
  modcall[authenticate]: module "pap" returns ok for request 0
modcall: leaving group PAP (returns ok) for request 0
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'normaltest'
rlm_sql (sql): sql_set_user escaped user --> 'normaltest'
radius_xlat:  'INSERT into radpostauth (user, pass, reply, date) values
('normaltest', 'normaltest', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (user, pass,
reply, date) values ('normaltest', 'normaltest', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
  modcall[post-auth]: module "sql" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 43 to 127.0.0.1 port 1029
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 43 with timestamp 471de179
Nothing to do.  Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071023/b997a0bc/attachment.html>

More information about the Freeradius-Users mailing list