How to Authenticate Mysql Users whit freeradius editing theusersfile

Juan Pablo Botero juanpabloboterolopez at gmail.com
Fri Feb 20 15:37:50 CET 2009


On Fri, Feb 20, 2009 at 9:12 AM, <tnt at kalik.net> wrote:

> >i didn't force any authentication, I left the users file by default, when
> i
> >tried to login i got this:
> >
> ..
> >++[files] returns noop
>
> OK. Files are empty now. But ...
>
> >        expand: %{User-Name} -> juanpal
> >rlm_sql (sql): sql_set_user escaped user --> 'juanpal'
> >rlm_sql (sql): Reserving sql socket id: 1
> >        expand: SELECT id, UserName, Attribute, Value, op           FROM
> >radcheck           WHERE Username = '%{SQL-User-Name}'           ORDER BY
> id
> >-> SELECT id, UserName, Attribute, Value, op           FROM
> >radcheck           WHERE Username = 'juanpal'           ORDER BY id
> >rlm_sql (sql): User found in radcheck table
>
> .. this should be the password. And ...
>
> ..
> >++[sql] returns ok
> >auth: No authenticate method (Auth-Type) configuration found for the
> >request: Rejecting the user
> >auth: Failed to validate the user.
>
> .. no pap module. Why did you remove the pap from authorize? Put it back.


I Put pap in  authorize section in radius.conf.
I got this:

rad_recv: Access-Request packet from host 127.0.0.1 port 32770, id=32,
length=212
        Vendor-14559-Attr-8 = 0x312e302e3132
        User-Name = "juanpal"
        User-Password = "juanpal"
        NAS-IP-Address = 192.168.181.1
        Service-Type = Login-User
        Framed-IP-Address = 192.168.181.2
        Calling-Station-Id = "08-00-27-0A-F7-67"
        Called-Station-Id = "08-00-27-C0-08-85"
        NAS-Identifier = "nas01"
        Acct-Session-Id = "499e742800000001"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        WISPr-Logoff-URL = "http://192.168.181.1:3990/logoff"
        Message-Authenticator = 0x0e0a63b0ee1fb9a95992d227586a9090
+- entering group authorize
++[preprocess] returns ok
        expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20090220
        expand: %t -> Fri Feb 20 04:24:43 2009
++[auth_log] returns ok
        expand: %{Realm} ->
++[attr_filter] returns noop
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "juanpal", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
        expand: %{User-Name} -> juanpal
rlm_sql (sql): sql_set_user escaped user --> 'juanpal'
rlm_sql (sql): Reserving sql socket id: 3
        expand: SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, UserName, Attribute, Value, op           FROM
radcheck           WHERE Username = 'juanpal'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, UserName, Attribute, Value, op           FROM
radreply           WHERE Username = 'juanpal'           ORDER BY id
        expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='juanpal'
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_pap: Normalizing MD5-Password from hex encoding
++[pap] returns updated
  rad_check_password:  Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "juanpal"
rlm_pap: No password configured for the user.  Cannot do authentication
++[pap] returns fail
auth: Failed to validate the user.
Login incorrect: [juanpal/juanpal] (from client localhost port 1 cli
08-00-27-0A-F7-67)
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 32 to 127.0.0.1 port 32770
        Session-Timeout := 2400



>
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Juan Pablo Botero
Administrador de Sistemas informáticos
http://jpill.wordpress.com
eSSuX: http://slcolombia.org/eSSuX
Linux Registered user #435293
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090220/cb432d50/attachment.html>


More information about the Freeradius-Users mailing list