Re: [OpenSER-Users] Problem with Openser-freeradius communication

Hi Pete,

if it still does not work, can u post somewhere your radiusd.conf + sql.conf files?

Cheers, DanB

On Wed, May 28, 2008 at 5:12 PM, Pete Kay petedao@gmail.com wrote:

Hi Dan, If I change the attribute to user-password, I still can't authenticate. It is so strange since I am able to authenticate using my test client.

Waking up in 4.9 seconds. User-Name = "1006@192.168.1.104" Digest-Attributes = 0x0a0631303036 Digest-Attributes = 0x010f3139322e3136382e312e313034 Digest-Attributes = 0x022a34383364653562636166376535646335323862373335643661393364363634636237376533396636 Digest-Attributes = 0x04137369703a3139322e3136382e312e313034 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "9b614ed006554a3a7ea094b14237dae9" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 825241654 NAS-Port = 5060 NAS-IP-Address = 127.0.0.1 +- entering group authorize ++[preprocess] returns ok expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/ 127.0.0.1/auth-detail-20080529 expand: %t -> Thu May 29 07:02:41 2008 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_digest: Adding Auth-Type = DIGEST ++[digest] returns ok rlm_realm: Looking up realm "192.168.1.104" for User-Name = " 1006@192.168.1.104" rlm_realm: Found realm "192.168.1.104" rlm_realm: Adding Stripped-User-Name = "1006" rlm_realm: Adding Realm = "192.168.1.104" rlm_realm: Authentication realm is LOCAL. ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{Stripped-User-Name} -> 1006 expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006 rlm_sql (sql): sql_set_user escaped user --> '1006' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id rlm_sql (sql): User found in group openser expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type Local

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [1006@192.168.1.104/<via Auth-Type = Local>] (from client localhost port 5060) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> 1006@192.168.1.104 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 227 for 1 seconds Going to the next request

But even if I change to Digest-HA1, I still can't authenticate:

Waking up in 0.8 seconds. User-Name = "1006@192.168.1.104" Digest-Attributes = 0x0a0631303036 Digest-Attributes = 0x010f3139322e3136382e312e313034 Digest-Attributes = 0x022a34383364653635643437393064306234623163626463333130653930633338383766393734653963 Digest-Attributes = 0x04137369703a3139322e3136382e312e313034 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "1a8ef3e9646fc8fba9eb9b50b1e0187e" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 825241654 NAS-Port = 5060 NAS-IP-Address = 127.0.0.1 +- entering group authorize ++[preprocess] returns ok expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/ 127.0.0.1/auth-detail-20080529 expand: %t -> Thu May 29 07:05:22 2008 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_digest: Adding Auth-Type = DIGEST ++[digest] returns ok rlm_realm: Looking up realm "192.168.1.104" for User-Name = " 1006@192.168.1.104" rlm_realm: Found realm "192.168.1.104" rlm_realm: Adding Stripped-User-Name = "1006" rlm_realm: Adding Realm = "192.168.1.104" rlm_realm: Authentication realm is LOCAL. ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{Stripped-User-Name} -> 1006 expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006 rlm_sql (sql): sql_set_user escaped user --> '1006' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id rlm_sql (sql): User found in group openser expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [1006@192.168.1.104/<via Auth-Type = Local>] (from client localhost port 5060) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> 1006@192.168.1.104 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 237 for 1 seconds