can't auth

Somanath Mishra somanath.mishra at planetsbrain.com
Wed Aug 29 11:50:12 CEST 2018


Hi,
  When we are installing first time freeradius3, we are pushing data into
radcheck only, not in other tables. That user we are passing in radtest.
It worked before for version 2 .



On Wed, August 29, 2018 2:22 pm, Martin Edge wrote:
> Hi,
>
>
> Perhaps this has something to do with it?
>
>
>> (0) sql: Executing select query: SELECT groupname FROM radusergroup
>> WHERE username = 'testuser' ORDER BY priority (0) sql: User not found
>>
>
> Best read the logs .. they offer some valuable insight.
>
>
> Thanks
> Martin.
>
>
> -----Original Message-----
> From: Freeradius-Users
> <freeradius-users-bounces+medge=emersion.com at lists.freeradius.org> On
> Behalf Of Somanath Mishra
> Sent: Wednesday, 29 August 2018 5:34 PM
> To: freeradius-users at lists.freeradius.org
> Subject:
>
>
> Hi All,
>
>
> I have configured freeradius3. Now i am facing issue with radtest.
> I am getting Accept-Reject response.
>
>
>
> My request:
>
>
>
> radius3 at radius3:~$ radtest testuser testpassword localhost 1812
> testing123 Sent Access-Request Id 141 from 0.0.0.0:57910 to
> 127.0.0.1:1812 length 78
> User-Name = "testuser"
> User-Password = "testpassword"
> NAS-IP-Address = 127.0.1.1
> NAS-Port = 1812
> Message-Authenticator = 0x00
> Cleartext-Password = "testpassword"
> Received Access-Reject Id 141 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
> (0) -: Expected Access-Accept got Access-Reject
>
>
>
> radius DB:
>
>
>
> +----+--------------------+--------------------+----+--------------+
> | id | username           | attribute          | op | value        |
> +----+--------------------+--------------------+----+--------------+
> |  1 | testuser           | Cleartext-Password | := | testpassword |
> |  2 | testuser at gmail.com | Cleartext-Password | := | testpassword |
> |  3 | user at gmail.com     | user-password      | := | password     |
>
>
>
>
> and my debug log:
>
>
>
> Ready to process requests
> (0) Received Access-Request Id 141 from 127.0.0.1:57910 to 127.0.0.1:1812
> length 78
> (0)   User-Name = "testuser"
> (0)   User-Password = "testpassword"
> (0)   NAS-IP-Address = 127.0.1.1
> (0)   NAS-Port = 1812
> (0)   Message-Authenticator = 0x8c4403cf542c7a3facd04010b82c4b76
> (0) # Executing section authorize from file
> /etc/freeradius/sites-enabled/defaul
> t(0)   authorize {
> (0)     policy filter_username {
> (0)       if (&User-Name) {
> (0)       if (&User-Name)  -> TRUE
> (0)       if (&User-Name)  {
> (0)         if (&User-Name =~ / /) {
> (0)         if (&User-Name =~ / /)  -> FALSE
> (0)         if (&User-Name =~ /@[^@]*@/ ) {
> (0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
> (0)         if (&User-Name =~ /\.\./ ) {
> (0)         if (&User-Name =~ /\.\./ )  -> FALSE
> (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
> (0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))
> -> FALS
> E
> (0)         if (&User-Name =~ /\.$/)  {
> (0)         if (&User-Name =~ /\.$/)   -> FALSE
> (0)         if (&User-Name =~ /@\./)  {
> (0)         if (&User-Name =~ /@\./)   -> FALSE
> (0)       } # if (&User-Name)  = notfound
> (0)     } # policy filter_username = notfound
> (0)     [preprocess] = ok
> (0)     [chap] = noop
> (0)     [mschap] = noop
> (0)     [digest] = noop
> (0) suffix: Checking for suffix after "@"
> (0) suffix: No '@' in User-Name = "testuser", looking up realm NULL
> (0) suffix: No such realm "NULL"
> (0)     [suffix] = noop
> (0) eap: No EAP-Message, not doing EAP
> (0)     [eap] = noop
> (0)     [files] = noop
> (0) sql: EXPAND %{User-Name}
> (0) sql:    --> testuser
> (0) sql: SQL-User-Name set to 'testuser'
> rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND SELECT id, username,
> attribute, value, op FROM radcheck WHERE us
> ername = '%{SQL-User-Name}' ORDER BY id (0) sql:    --> SELECT id,
> username, attribute, value, op FROM radcheck WHERE us
> ername = 'testuser' ORDER BY id (0) sql: Executing select query: SELECT id,
> username, attribute, value, op FROM
> radcheck WHERE username = 'testuser' ORDER BY id (0) sql: EXPAND SELECT
> groupname FROM radusergroup WHERE username = '%{SQL-User-
> Name}' ORDER BY priority
> (0) sql:    --> SELECT groupname FROM radusergroup WHERE username =
> 'testuser' O
> RDER BY priority
> (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
> userna me = 'testuser' ORDER BY priority (0) sql: User not found in any
> groups rlm_sql (sql): Released connection (1) Need 4 more connections to
> reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26
> pending slots used (0)     [sql] = notfound
> (0)     [expiration] = noop
> (0)     [logintime] = noop
> (0) pap: WARNING: No "known good" password found for the user.  Not
> setting Auth -Type
> (0) pap: WARNING: Authentication will fail unless a "known good" password
> is ava ilable (0)     [pap] = noop
> (0)   } # authorize = ok
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
> Reject
> (0) Failed to authenticate the user
> (0) Using Post-Auth-Type Reject
> (0) # Executing group from file /etc/freeradius/sites-enabled/default
> (0)   Post-Auth-Type REJECT {
> (0) sql: EXPAND .query
> (0) sql:    --> .query
> (0) sql: Using query template 'query'
> rlm_sql (sql): Reserved connection (2) (0) sql: EXPAND %{User-Name}
> (0) sql:    --> testuser
> (0) sql: SQL-User-Name set to 'testuser'
> (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
> VALUES
> ( '%{SQL-User-Name}',
> '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-
>
>
> Type}', '%S')
> (0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
> VALUES
> ( 'testuser', 'testpassword', 'Access-Reject',
> '2018-08-29 08:26:50')
> (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
> authda te) VALUES ( 'testuser', 'testpassword', 'Access-Reject',
> '2018-08-29 08:26:50')
> (0) sql: SQL query returned: success
> (0) sql: 1 record(s) updated
> rlm_sql (sql): Released connection (2) (0)     [sql] = ok
> (0) attr_filter.access_reject: EXPAND %{User-Name}
> (0) attr_filter.access_reject:    --> testuser
> (0) attr_filter.access_reject: Matched entry DEFAULT at line 11
> (0)     [attr_filter.access_reject] = updated
> (0)     [eap] = noop
> (0)     policy remove_reply_message_if_eap {
> (0)       if (&reply:EAP-Message && &reply:Reply-Message) {
> (0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
> (0)       else {
> (0)         [noop] = noop
> (0)       } # else = noop
> (0)     } # policy remove_reply_message_if_eap = noop
> (0)   } # Post-Auth-Type REJECT = updated
> (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds.
> Waking up in 0.6 seconds.
> (0) Sending delayed response
> (0) Sent Access-Reject Id 141 from 127.0.0.1:1812 to 127.0.0.1:57910
> length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 141
> with timestamp +47 Ready to process requests
>
>
> Please help me on that.Thanks
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list