13 Sep
2004
13 Sep
'04
3:41 p.m.
After having problems with the older RPMs I figured I'd try the latest
cvs ser/libradiusclient-ng. I'm also using freeradius 0.9.3 with a MySQL
backend.
Here's what I get when I try to authenticate a Granstream BT-100 phone:
rad_recv: Access-Request packet from host 127.0.0.1:38309, id=191,
length=249
User-Name = "test(a)204.244.xxx.xxx"
Digest-Attributes = "\n\006test"
Digest-Attributes = "\001\020204.244.xxx.xxx"
Digest-Attributes =
"\002*4145f7038382c631a7baed91f6ea3be2e39008c2"
Digest-Attributes = "\004\024sip:204.244.xxx.xxx"
Digest-Attributes = "\003\nREGISTER"
Digest-Response = "5a80057b08229421b11034f0c9066de5"
Service-Type = Sip-Session
Sip-URI-User = "8020"
Cisco-AVPair = "call-id=d66787010e24eacd(a)204.244.xxx.xxx"
NAS-IP-Address = 127.0.0.1
NAS-Port-Id = 5060
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "eap" returns noop for request 15
rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "test"
Digest-Realm = "204.244.xxx.xxx"
Digest-Nonce = "4145f7038382c631a7baed91f6ea3be2e39008c2"
Digest-URI = "sip:204.244.xxx.xxx"
Digest-Method = "REGISTER"
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returns ok for request 15
radius_xlat: 'test(a)204.244.xxx.xxx'
rlm_sql (sql): sql_set_user escaped user --> 'test(a)204.244.xxx.xxx'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test(a)204.244.xxx.xxx' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User test(a)204.244.xxx.xxx not found in radcheck
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test(a)204.244.xxx.xxx'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'test(a)204.244.xxx.xxx'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User test(a)204.244.xxx.xxx not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound for request 15
rlm_realm: Looking up realm "204.244.xxx.xxx" for User-Name =
"test(a)204.244.xxx.xxx"
rlm_realm: No such realm "204.244.xxx.xxx"
modcall[authorize]: module "suffix" returns noop for request 15
modcall[authorize]: module "files" returns notfound for request 15
modcall[authorize]: module "mschap" returns noop for request 15
modcall: group authorize returns ok for request 15
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
modcall: entering group authenticate for request 15
rlm_digest: Configuration item "User-Password" is required for
authentication.
modcall[authenticate]: module "digest" returns invalid for request 15
modcall: group authenticate returns invalid for request 15
auth: Failed to validate the user.
Login incorrect: [test(a)204.244.xxx.xxx/<no User-Password attribute>]
(from client localhost port 5060)
-----------------------------
So first off it's trying to authenticate with the username of
"test(a)204.244.xxx.xxx".xxx". I don't want to use realms, so I've gone in the
sql.conf changed:
sql_user_name = "%{User-Name}"
to
sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
However, it didn't help. It's not stripping away the realm.
Also I still keep getting the "Configuration item "User-Password" is
required for authentication." and "Login incorrect:
[test(a)204.244.xxx.xxx/<no User-Password attribute>]"
I don't understand why. I'm using the proper dictionary.ser file. Here's
my radcheck table:
(`id`, `UserName`, `Attribute`, `op`, `Value`) VALUES (1, 'test',
'User-Password', '==', 'test');
Any help is appreciated.
Thanks,
- Darren