Free Radius Issues

Chris Kilian chris.kilian at seccomglobal.com
Tue Mar 1 23:48:47 CET 2011


Hi

I believe that I have setup the FR configs correctly for use with MYSQL,  I got it all working just fine when using a flat file and was able to authenticate etc with no issues, since moving to SQL I am getting this.

rad_recv: Access-Request packet from host 10.5.5.55 port 57593, id=3, length=46
        User-Name = "chrisk"
        User-Password = "user-password"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "chrisk", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
        expand: %{User-Name} -> chrisk
rlm_sql (sql): sql_set_user escaped user --> 'chrisk'
rlm_sql (sql): Reserving sql socket id: 4
        expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'chrisk'           ORDER BY id
        expand: SELECT groupname           FROM usergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM usergroup           WHERE username = 'chrisk'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): User chrisk not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [chrisk/user-password] (from client seccom port 0)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> chrisk
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 3 to 10.5.5.55 port 57593

So it appears that its using pap right? 
The database is very minimal and Im not sure if that's the issue,

All I am needing to do is have user authenticate based on username and password IM not worried about anything other than that. Its for auth from a web server

Thanks


-----Original Message-----
From: freeradius-users-bounces+chris.kilian=seccomglobal.com at lists.freeradius.org [mailto:freeradius-users-bounces+chris.kilian=seccomglobal.com at lists.freeradius.org] On Behalf Of Alan Buxey
Sent: Tuesday, 1 March 2011 9:03 PM
To: FreeRadius users mailing list
Subject: Re: Free Radius Issues

hi,

you havent given the full debug...so its pretty much guesswork here with whats going wrong..
have you added the sql to the authorize section of your server? (uncomment the entry thats commented by default) are you using EAP etc? in which case you will also need to uncomment it in the inner-tunnel server.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list