Unknown or invalid value "Crypt-Local" for attribute Auth-Type"
Christoph Schwabl
christoph.schwabl at gmx.at
Fri Dec 30 09:56:07 CET 2016
Hello,
I am currently trying to upgrade from freeradius 1.x (which is running
for about 10 years) to freeradius 3.0.12.
The freeradius is used for shell access to Cisco routers.
I am using MySQL and the tables looks like:
mysql> select * from radgroupreply;
+----+-----------+--------------+----+-------------------+
| id | groupname | attribute | op | value |
+----+-----------+--------------+----+-------------------+
| 3 | lanmgmt | Cisco-AVPair | = | shell:priv-lvl=15 |
| 4 | lanmgmt | Service-Type | = | NAS-Prompt-User |
| 5 | readonly | Cisco-AVPair | = | shell:priv-lvl=2 |
| 6 | readonly | Service-Type | = | NAS-Prompt-User |
+----+-----------+--------------+----+-------------------+
mysql> select * from radcheck;
+----+------------------+----------------+----+------------------------
----------+
| id | username | attribute | op |
value |
+----+------------------+----------------+----+------------------------
----------+
| 2 | testusersql | Crypt-Password | := |
cc03e747a6afbbcbf8be7668acfebee5 |
| 3 | testuserdisabled | Crypt-Password | := |
cc03e747a6afbbcbf8be7668acfebee5 |
+----+------------------+----------------+----+------------------------
----------+
mysql> select * from radgroupcheck;
+----+-----------+-----------+----+-------------+
| id | groupname | attribute | op | value |
+----+-----------+-----------+----+-------------+
| 24 | lanmgmt | Auth-Type | := | Crypt-Local |
| 25 | disabled | Auth-Type | := | Reject |
+----+-----------+-----------+----+-------------+
mysql> select * from radusergroup;
+------------------+-----------+----------+
| username | groupname | priority |
+------------------+-----------+----------+
| testusersql | lanmgmt | 1 |
| testuserdisabled | disabled | 1 |
+------------------+-----------+----------+
In the debug it is possible to see the reason. Rejects because of:
"(0) sql: ERROR: Error parsing value: Unknown or invalid value
"Crypt-Local" for attribute Auth-Type"
The corespondig debug (freeradius -X) part:
...
(0) sql: SQL-User-Name set to 'testusersql'
rlm_sql (sql): Reserved connection (1)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'testusersql' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'testusersql' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched, merging assignment check
items
(0) sql: Crypt-Password := "cc03e747a6afbbcbf8be7668acfebee5"
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'testusersql' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value,
op FROM radreply WHERE username = 'testusersql' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username =
'testusersql' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup
WHERE username = 'testusersql' ORDER BY priority
(0) sql: User found in the group table
(0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(0) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'lanmgmt' ORDER BY id
(0) sql: Executing select query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname = 'lanmgmt' ORDER BY id
(0) sql: ERROR: Error parsing value: Unknown or invalid value
"Crypt-Local" for attribute Auth-Type
(0) sql: ERROR: Error parsing user data from database result
(0) sql: ERROR: Error retrieving check pairs for group lanmgmt
rlm_sql (sql): Released connection (1)
rlm_sql (sql): Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots
used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
socket, server version 5.5.53-0+deb8u1, protocol version 10
(0) [sql] = fail
(0) } # authorize = fail
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) sql: EXPAND .query
(0) sql: --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (2)
(0) sql: EXPAND %{User-Name}
(0) sql: --> testusersql
(0) sql: SQL-User-Name set to 'testusersql'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(0) sql: --> INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'testusersql', 'test123', 'Access-Reject',
'2016-12-30 09:43:02')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'testusersql', 'test123', 'Access-Reject',
'2016-12-30 09:43:02')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (2)
...
I know there is something wrong with the Auth-Type, but I am not aware
how to solve it,
even it is working under v1.x fine and also check already the
documentation (e.g. http://wiki.freeradius.org/config/Auth%20Type).
Is there some file where I need to specify Crypt-Local as Auth-Type?
Thx
br
Christoph
More information about the Freeradius-Users
mailing list