[Serusers] Authentication problems....

Darren Bentley darren at bcgroup.net
Mon Sep 13 21:41:00 CEST 2004 

After having problems with the older RPMs I figured I'd try the latest
cvs ser/libradiusclient-ng. I'm also using freeradius 0.9.3 with a MySQL
backend.

Here's what I get when I try to authenticate a Granstream BT-100 phone:

rad_recv: Access-Request packet from host 127.0.0.1:38309, id=191,
length=249
        User-Name = "test at 204.244.xxx.xxx"
        Digest-Attributes = "\n\006test"
        Digest-Attributes = "\001\020204.244.xxx.xxx"
        Digest-Attributes =
"\002*4145f7038382c631a7baed91f6ea3be2e39008c2"
        Digest-Attributes = "\004\024sip:204.244.xxx.xxx"
        Digest-Attributes = "\003\nREGISTER"
        Digest-Response = "5a80057b08229421b11034f0c9066de5"
        Service-Type = Sip-Session
        Sip-URI-User = "8020"
        Cisco-AVPair = "call-id=d66787010e24eacd at 204.244.xxx.xxx"
        NAS-IP-Address = 127.0.0.1
        NAS-Port-Id = 5060
modcall: entering group authorize for request 15
  modcall[authorize]: module "preprocess" returns ok for request 15
  modcall[authorize]: module "chap" returns noop for request 15
  modcall[authorize]: module "eap" returns noop for request 15
    rlm_digest: Converting Digest-Attributes to something sane...
        Digest-User-Name = "test"
        Digest-Realm = "204.244.xxx.xxx"
        Digest-Nonce = "4145f7038382c631a7baed91f6ea3be2e39008c2"
        Digest-URI = "sip:204.244.xxx.xxx"
        Digest-Method = "REGISTER"
rlm_digest: Adding Auth-Type = DIGEST
  modcall[authorize]: module "digest" returns ok for request 15
radius_xlat:  'test at 204.244.xxx.xxx'
rlm_sql (sql): sql_set_user escaped user --> 'test at 204.244.xxx.xxx'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test at 204.244.xxx.xxx' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User test at 204.244.xxx.xxx not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test at 204.244.xxx.xxx' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'test at 204.244.xxx.xxx' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User test at 204.244.xxx.xxx not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns notfound for request 15
    rlm_realm: Looking up realm "204.244.xxx.xxx" for User-Name =
"test at 204.244.xxx.xxx"
    rlm_realm: No such realm "204.244.xxx.xxx"
  modcall[authorize]: module "suffix" returns noop for request 15
  modcall[authorize]: module "files" returns notfound for request 15
  modcall[authorize]: module "mschap" returns noop for request 15
modcall: group authorize returns ok for request 15
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
modcall: entering group authenticate for request 15
rlm_digest: Configuration item "User-Password" is required for
authentication.
  modcall[authenticate]: module "digest" returns invalid for request 15
modcall: group authenticate returns invalid for request 15
auth: Failed to validate the user.
Login incorrect: [test at 204.244.xxx.xxx/<no User-Password attribute>]
(from client localhost port 5060)

-----------------------------

So first off it's trying to authenticate with the username of
"test at 204.244.xxx.xxx". I don't want to use realms, so I've gone in the
sql.conf changed:

sql_user_name = "%{User-Name}"
to
sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"

However, it didn't help. It's not stripping away the realm.

Also I still keep getting the "Configuration item "User-Password" is
required for authentication." and "Login incorrect:
[test at 204.244.xxx.xxx/<no User-Password attribute>]"

I don't understand why. I'm using the proper dictionary.ser file. Here's
my radcheck table:

(`id`, `UserName`, `Attribute`, `op`, `Value`) VALUES (1, 'test',
'User-Password', '==', 'test');

Any help is appreciated.

Thanks,

- Darren

More information about the sr-users mailing list