[Serusers] radius_is_user_in failure

Rodrigo P. Telles telles at devel-it.com.br
Sat Oct 16 19:46:34 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jan,

Jan Janak wrote:
| This might be the problem:
|
|  rlm_realm: No '@' in User-Name = "1213", looking up realm NULL
|  rlm_realm: No such realm "NULL"
|
|    Jan.
|

I've been striped '@domain' (realm) in freeradius to authenticate ours
users without major problems.
Are you saying that I want to not strip the '@domain' part in freeradius?

Tx

| On 07-10 10:29, Rodrigo P. Telles wrote:
|
|>Hi Jan,
|>
|>Jan Janak wrote:
|>| Try to se what is going on in the radius server, if you are using
|>| freeradius then start it with -X cmdline option.
|>|
|>
|>I did that and I received this:
|>----
|>rad_recv: Access-Request packet from host xxx.yyy.zzz.www:37861, id=204, length=51
|>~ User-Name = "1213"
|>~ Sip-Group = "Active"
|>~ Service-Type = Group-Check
|>~ NAS-IP-Address = xxx.yyy.zzz.www
|>~ NAS-Port = 0
|>~  Processing the authorize section of radiusd.conf
|>modcall: entering group authorize for request 28
|>~  modcall[authorize]: module "preprocess" returns ok for request 28
|>~  modcall[authorize]: module "chap" returns noop for request 28
|>~  modcall[authorize]: module "mschap" returns noop for request 28
|>~  modcall[authorize]: module "digest" returns noop for request 28
|>~    rlm_realm: No '@' in User-Name = "1213", looking up realm NULL
|>~    rlm_realm: No such realm "NULL"
|>~  modcall[authorize]: module "suffix" returns noop for request 28
|>radius_xlat:  ''
|>~  modcall[authorize]: module "sql" returns fail for request 28
|>modcall: group authorize returns fail for request 28
|>Finished request 28
|>Going to the next request
|>Waking up in 2 seconds...
|>--- Walking the entire request list ---
|>Cleaning up request 27 ID 203 with timestamp 416541dc
|>Waking up in 4 seconds...
|>--- Walking the entire request list ---
|>Cleaning up request 28 ID 204 with timestamp 416541e0
|>Nothing to do.  Sleeping until we see a request.
|>---
|>
|>I think that the problem is on
|>modcall[authorize]: module "sql" returns fail for request 28
|>
|>but I don't know why module sql return "fail" for the request.
|>I saw the mysql log file too and freeradius doesn't do any query
|>about that request!
|>
|>Do you have any idea?
|>Thanks for your answer.
|>
|>
|>Telles
|>
|>|   Jan.
|>|
|>| On 05-10 23:08, Rodrigo P. Telles wrote:
|>|
|>|>Hi Folks,
|>|>
|>|>I've been testing SER 0.8.14 Auth and ACC (radiusclient-0.4.4)
|>|>in radius (freeradius 1.0.1) and its working fine.
|>|>Now I tried to use group_radius module to check if a user is in a especific
|>|>group and it failed.
|>|>First I received a error about missing "Sip-Group" attribute and I found a mail
|>|>about this error and howto correct it
|>|>(http://lists.iptel.org/pipermail/serdev/2004-July/002339.html).
|>|>Now SER doesn't return any error, just
|>|>
|>|>radius_is_user_in(): Failure
|>|>
|>|>after a long time.
|>|>
|>|>I have a user "1213" in group "general" on radius database like this:
|>|>
|>|>mysql> select * from radgroupcheck;
|>|>+----+-----------+-----------+----+--------+
|>|>| id | GroupName | Attribute | op | Value  |
|>|>+----+-----------+-----------+----+--------+
|>|>|  1 | general     | Auth-Type | := | Digest |
|>|>+----+-----------+-----------+----+--------+
|>|>
|>|>mysql> select * from radcheck;
|>|>+----+----------+---------------+----+-------+
|>|>| id | UserName | Attribute     | op | Value |
|>|>+----+----------+---------------+----+-------+
|>|>|  2 | 1213     | User-Password | == | testonly  |
|>|>+----+----------+---------------+----+-------+
|>|>
|>|>mysql> select * from usergroup;
|>|>+----+----------+-----------+
|>|>| id | UserName | GroupName |
|>|>+----+----------+-----------+
|>|>|  1 | 1213     | general     |
|>|>+----+----------+-----------+
|>|>
|>|>mysql> select * from radgroupreply;
|>|>+----+-----------+---------------+----+------------+------+
|>|>| id | GroupName | Attribute     | op | Value      | prio |
|>|>+----+-----------+---------------+----+------------+------+
|>|>|  3 | general     | Reply-Message | =  | Authorized |    0 |
|>|>+----+-----------+---------------+----+------------+------+
|>|>
|>|>
|>|>I googled this but I couldn't find anything about that.
|>|>Am I missing something?
|>|>Thanks in advance.
|>|>
|>|>_______________________________________________
|>|>Serusers mailing list
|>|>serusers at lists.iptel.org
|>|>http://lists.iptel.org/mailman/listinfo/serusers
|>|>
|>|
|>|
|>|
|>
|>_______________________________________________
|>Serusers mailing list
|>serusers at lists.iptel.org
|>http://lists.iptel.org/mailman/listinfo/serusers
|>
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBcV56iLK8unYgEMQRAodwAJ97wI/ljzjqM/yOE09a8oZXiLcungCfV9c8
+s25WGzz1A9H60Oo6Rn4p+k=
=h3Eq
-----END PGP SIGNATURE-----

More information about the sr-users mailing list