[Users] Re: group_radius radius_is_user_in

Tavis P tavis.lists at galaxytelecom.net
Wed Oct 19 21:58:48 CEST 2005


Well either way the radius server is going to respond with an
"Access-Accept" because you have set the auth-type to "none" (which is
necessary because you are not authenticating and can not provide the
necessary credentials).

>From the trace you showed me below, i see two radius requests both for
the user 1000 and both of which respond as i would expect.

I'm not what you are trying to accomplish, are you using the
group_radius module or just loading the group information using avp_radius?


Lenir wrote:

>This is my users file:
>
>DEFAULT Auth-Type = System
>        Fall-Through = 1
>
>DEFAULT Service-Type == Call-Check, Auth-Type := None
>
>DEFAULT Service-Type == Group-Check, Auth-Type := None
>
>DEFAULT Service-Type == SIP-Session, Auth-Type := Digest
>
>DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
>
>DEFAULT Service-Type == SIP-Caller-AVPs, Auth-Type := None
>
>
>mysql> select * from radcheck;
>+----+----------+-----------+----+----------+
>| id | UserName | Attribute | op | Value    |
>+----+----------+-----------+----+----------+
>|  1 | Jhassell | Password  | == | changeme |
>|  2 | Rneis    | Password  | == | changeme |
>|  3 | 1000     | Password  | == | 1000     |
>|  4 | 2000     | Password  | == | 2000     |
>|  5 | 3000     | Password  | == | 3000     |
>+----+----------+-----------+----+----------+
>5 rows in set (0.00 sec)
>
>mysql> select * from radreply;
>Empty set (0.00 sec)
>
>mysql> select * from usergroup;
>+----+----------+------------+
>| id | UserName | GroupName  |
>+----+----------+------------+
>|  1 | Jhassell | Dialin     |
>|  2 | Rneis    | Staticdial |
>|  3 | 1000     | Dialin     |
>|  4 | 2000     | Dialin     |
>|  5 | 3000     | Dialin     |
>|  6 | 3000     | Dialin2    |
>+----+----------+------------+
>6 rows in set (0.00 sec)
>
>mysql> select * from radgroupcheck;
>Empty set (0.00 sec)
>
>mysql> select * from radgroupreply;
>+----+-----------+---------------+----+----------------------------------+--
>---+
>| id | GroupName | Attribute     | op | Value                            |
>prio |
>+----+-----------+---------------+----+----------------------------------+--
>----+
>|  1 | Dialin    | Reply-Message | =  | "Authenticated by group Dialin"  |
>0 |
>|  2 | Dialin2   | Reply-Message | =  | "Authenticated by group Dialin2" |
>0 |
>|  3 | Dialin    | SIP-AVP       | =  | Sip-Group:Dialin                 |
>0 |
>+----+-----------+---------------+----+----------------------------------+--
>----+
>3 rows in set (0.00 sec)
>
>mysql> select * from radpostauth;  
>Empty set (0.00 sec)
>
>
>
>Here's the debug, notice how it returns access-accept whether its in the
>right group or not. Shouldn't it return access-reject for group Dialin2?
>-----------------
>rad_recv: Access-Request packet from host xx.xx.xx.xx:33167, id=152,
>length=66
>        User-Name = "1000 at xx.xx.xx.xx"
>        Sip-Group = "Dialin"
>        Service-Type = Group-Check
>        NAS-IP-Address = 127.0.0.1
>        NAS-Port = 0
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 4
>  modcall[authorize]: module "preprocess" returns ok for request 4
>  modcall[authorize]: module "chap" returns noop for request 4
>  modcall[authorize]: module "mschap" returns noop for request 4
>  modcall[authorize]: module "digest" returns noop for request 4
>    rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
>"1000 at xx.xx.xx.xx"
>    rlm_realm: Found realm "xx.xx.xx.xx"
>    rlm_realm: Adding Stripped-User-Name = "1000"
>    rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
>    rlm_realm: Adding Realm = "xx.xx.xx.xx"
>    rlm_realm: Authentication realm is LOCAL.
>  modcall[authorize]: module "suffix" returns noop for request 4
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 4
>    users: Matched entry DEFAULT at line 156
>    users: Matched entry DEFAULT at line 161
>  modcall[authorize]: module "files" returns ok for request 4
>radius_xlat:  '1000'
>rlm_sql (sql): sql_set_user escaped user --> '1000'
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radcheck           WHERE Username = '1000'           ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 0
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radcheck           WHERE Username = '1000'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query:  SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radreply           WHERE Username = '1000'           ORDER BY id'
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radreply           WHERE Username = '1000'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query:  SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Checking profile DEFAULT
>rlm_sql (sql): sql_set_user escaped user --> 'DEFAULT'
>radius_xlat:  'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query:  SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat:  'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query:  SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Released sql socket id: 0
>  modcall[authorize]: module "sql" returns ok for request 4
>modcall: group authorize returns ok for request 4
>  rad_check_password:  Found Auth-Type None
>  rad_check_password: Auth-Type = Accept, accepting the user
>radius_xlat:  'Authenticated by group Dialin'
>Sending Access-Accept of id 152 to xx.xx.xx.xx:33167
>        Reply-Message = "Authenticated by group Dialin"
>        SIP-AVP = "Sip-Group:Dialin"
>Finished request 4
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host xx.xx.xx.xx:33167, id=153,
>length=67
>        User-Name = "1000 at xx.xx.xx.xx"
>        Sip-Group = "Dialin2"
>        Service-Type = Group-Check
>        NAS-IP-Address = 127.0.0.1
>        NAS-Port = 0
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 5
>  modcall[authorize]: module "preprocess" returns ok for request 5
>  modcall[authorize]: module "chap" returns noop for request 5
>  modcall[authorize]: module "mschap" returns noop for request 5
>  modcall[authorize]: module "digest" returns noop for request 5
>    rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
>"1000 at xx.xx.xx.xx"
>    rlm_realm: Found realm "xx.xx.xx.xx"
>    rlm_realm: Adding Stripped-User-Name = "1000"
>    rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
>    rlm_realm: Adding Realm = "xx.xx.xx.xx"
>    rlm_realm: Authentication realm is LOCAL.
>  modcall[authorize]: module "suffix" returns noop for request 5
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 5
>    users: Matched entry DEFAULT at line 156
>    users: Matched entry DEFAULT at line 161
>  modcall[authorize]: module "files" returns ok for request 5
>radius_xlat:  '1000'
>rlm_sql (sql): sql_set_user escaped user --> '1000'
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radcheck           WHERE Username = '1000'           ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 4
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radcheck           WHERE Username = '1000'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query:  SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radreply           WHERE Username = '1000'           ORDER BY id'
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radreply           WHERE Username = '1000'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query:  SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Checking profile DEFAULT
>rlm_sql (sql): sql_set_user escaped user --> 'DEFAULT'
>radius_xlat:  'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query:  SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat:  'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query:  SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Released sql socket id: 4
>  modcall[authorize]: module "sql" returns ok for request 5
>modcall: group authorize returns ok for request 5
>  rad_check_password:  Found Auth-Type None
>  rad_check_password: Auth-Type = Accept, accepting the user
>radius_xlat:  'Authenticated by group Dialin'
>Sending Access-Accept of id 153 to xx.xx.xx.xx:33167
>        Reply-Message = "Authenticated by group Dialin"
>        SIP-AVP = "Sip-Group:Dialin"
>Finished request 5
>
>-----Original Message-----
>From: Tavis P [mailto:tavis.lists at galaxytelecom.net] 
>Sent: Friday, October 14, 2005 7:21 PM
>To: Lenir
>Cc: users at openser.org; serusers at iptel.org
>Subject: Re: group_radius radius_is_user_in
>
>Ugh the subject line is getting really munged up ;P
>
>Hmmm, what does the output from "radiusd -X" look like for the exchange?
>
>
>Lenir wrote:
>
>  
>
>>Tavis,
>>
>>Thanks for your input, that did fix the problem. I did have the "files"
>>before "sql" in radiusd.conf. Also I followed your advice about taking out
>>"Auth-Type" out of mysql table and let DEFAULT in users file do the trick. 
>>
>>However it's semi-working.
>>
>>Accourding to the snippet from my ser.cfg file, now I get the following in
>>stderr:
>>0(4866) 000d2890-d47f0003-4a230347-53c6189b at yy.yy.yy.yy -
>>sip:1000 at xx.xx.xx.xx - User authenticated...
>>0(4866) Credentials: User is in Radius Group Dialin!!!!
>>0(4866) Credentials: User is in Radius Group Dialin2!!!!
>>
>>No matter which parameter I use for the function radius_is_user_in(), it
>>always returns TRUE. When in fact it should return FALSE for Group Dialin2.
>>I've tried:
>>
>>if (radius_is_user_in("From", "Dialin2")){...
>>if (radius_is_user_in("Credentials", "Dialin2")){...
>>
>>
>>
>>
>>
>>Here's what I did to fix future problems:
>>
>>EFAULT Auth-Type = System
>>       Fall-Through = 1
>>
>>DEFAULT Service-Type == Call-Check, Auth-Type := Digest
>>
>>DEFAULT Service-Type == Group-Check, Auth-Type := None
>>
>>DEFAULT Service-Type == SIP-Session, Auth-Type := Digest
>>
>>DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
>>
>>DEFAULT Service-Type == SIP-Caller-AVPs, Auth-Type := None
>>
>>
>>Also, for those of you using the latest version of freeradius, you may have
>>to comment out the following lines as they conflict with dictionary.ser
>>    
>>
>(SER
>  
>
>>CVS) and dictionary.sip (comes with radiusclient-NG)
>>
>>#VALUE          Service-Type            Voice                   12
>>#VALUE          Service-Type            Fax                     13
>>#VALUE          Service-Type            Modem-Relay             14
>>#VALUE          Service-Type            IAPP-Register           15
>>#VALUE          Service-Type            IAPP-AP-Check           16
>>
>>
>>Thanks,
>>
>>
>>Lenir
>>
>>
>>-----Original Message-----
>>From: serusers-bounces at iptel.org [mailto:serusers-bounces at iptel.org] On
>>Behalf Of Tavis P
>>Sent: Friday, October 14, 2005 1:49 PM
>>To: lsantiago at globalgatewaycom.com
>>Cc: serdev at iptel.org; serusers at iptel.org; devel at openser.org;
>>users at openser.org
>>Subject: [Serusers] Re: [Serdev] group_radius radius_is_user_in
>>
>>Oops, i spoke too soon
>>
>>It looks like you have placed the "files" module before the "sql" module
>>in your radiusd.conf
>>
>>Its matching your DEFAULT entry in files (setting the Auth-Type to none)
>>but the sql module is later changing the Auth-Type to "digest"
>>
>>Changing the order would solve this problem, as you want it to match the
>>SQL statement first and than the section in the files last (which
>>changes the Auth-Type)
>>
>>Also, you may want to reduce the load on your database by not setting
>>the Auth-Type in the database and instead setting in the users file with
>>a DEFAULT statement as (at least in my case) it isn't somthing that need
>>to be dynamic.
>>
>>lenirsantiago at yahoo.com wrote:
>>
>> 
>>
>>    
>>
>>>Hello list,
>>>
>>>I've been trying my hardest today to get group_radius to work, and its
>>>function radius_is_user_in().
>>>I'm running ser0.9.4 and freeradius 1.0.4 with the mysql backend and
>>>      
>>>
>digest
>  
>
>>>authentication. 
>>>
>>>Radius authentication works fine.
>>>The problem is that when radius_is_user_in() function gets called, it
>>>      
>>>
>sends
>  
>
>>>a radius message but without the User-Password field and freeradius
>>>complains that it requires it since we are using Digest.
>>>I've seen a couple of posts here, but they were never answered: 
>>>http://mail.iptel.org/pipermail/serusers/2005-March/017342.html
>>>http://mail.iptel.org/pipermail/serusers/2005-March/017075.html
>>>
>>>-----
>>>I have a small test in my ser.cfg file:
>>>      if (!radius_www_authorize("")) {
>>>              xlog("L_I","%ci - %fu - User not authenticated, Radius
>>>Authenticating...\n");
>>>              www_challenge("","0");
>>>              break;
>>>      } else {
>>>              xlog("L_I","%ci - %fu - User authenticated...\n");
>>>      };
>>>
>>>      if (radius_is_user_in("From", "Dialin")){
>>>              xlog("L_I","From: User is in Radius Group Dialin!!!!\n");
>>>      } else {
>>>              xlog("L_I","From: User *IS NOT* Group Dialin!!!!!\n");
>>>      };
>>>
>>>      if (radius_is_user_in("Credentials", "Dialin2")){
>>>              xlog("L_I","From: User is in Radius Group Dialin2!!!!\n");
>>>      } else {
>>>              xlog("L_I","From: User *IS NOT* Group Dialin2!!!!!\n");
>>>      };
>>>
>>>-----
>>>In /etc/raddb/users file I have the following at line 152:
>>>DEFAULT Auth-Type = System
>>>      Fall-Through = 1
>>>
>>>DEFAULT Service-Type == Group-Check, Auth-Type := None
>>>
>>>DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
>>>
>>>-----
>>>
>>>These are mysql tables:
>>>
>>>+----+----------+-----------+----+----------+
>>>| id | UserName | Attribute | op | Value    |
>>>+----+----------+-----------+----+----------+
>>>|  1 | Jhassell | Password  | == | changeme |
>>>|  2 | Rneis    | Password  | == | changeme |
>>>|  3 | 1000     | Password  | == | 1000     |
>>>|  4 | 2000     | Password  | == | 2000     |
>>>|  5 | 3000     | Password  | == | 3000     |
>>>|  8 | 1000     | Auth-Type | := | Digest   |
>>>+----+----------+-----------+----+----------+
>>>
>>>+----+-----------+-----------+----+--------+
>>>| id | GroupName | Attribute | op | Value  |
>>>+----+-----------+-----------+----+--------+
>>>|  6 | Dialin    | Auth-Type | := | Accept |
>>>+----+-----------+-----------+----+--------+
>>>
>>>+----+-----------+---------------+----+----------------------------------+
>>>      
>>>
>-
>  
>
>>>   
>>>
>>>      
>>>
>>-
>> 
>>
>>    
>>
>>>----+
>>>| id | GroupName | Attribute     | op | Value                            |
>>>prio |
>>>+----+-----------+---------------+----+----------------------------------+
>>>      
>>>
>-
>  
>
>>>   
>>>
>>>      
>>>
>>-
>> 
>>
>>    
>>
>>>----+
>>>|  1 | Dialin    | Reply-Message | =  | "Authenticated by group Dialin"  |
>>>0 |
>>>|  2 | Dialin2   | Reply-Message | =  | "Authenticated by group Dialin2" |
>>>0 |
>>>+----+-----------+---------------+----+----------------------------------+
>>>      
>>>
>-
>  
>
>>>   
>>>
>>>      
>>>
>>-
>> 
>>
>>    
>>
>>>----+
>>>
>>>+----+----------+---------------+----+------------------+
>>>| id | UserName | Attribute     | op | Value            |
>>>+----+----------+---------------+----+------------------+
>>>|  1 | 1000     | Reply-Message | =  | "Authenticated"  |
>>>|  2 | 1000     | Sip-Group     | =  | Dialin           |
>>>|  3 | 1000     | SIP-AVP       | =  | Sip-Group:Dialin |
>>>+----+----------+---------------+----+------------------+
>>>
>>>+----+----------+------------+
>>>| id | UserName | GroupName  |
>>>+----+----------+------------+
>>>|  1 | Jhassell | Dialin     |
>>>|  2 | Rneis    | Staticdial |
>>>|  3 | 1000     | Dialin     |
>>>|  4 | 2000     | Dialin     |
>>>|  5 | 3000     | Dialin     |
>>>|  6 | 3000     | Dialin2    |
>>>+----+----------+------------+
>>>
>>>------
>>>
>>>This is the debug I get from freeradius for the group check:
>>>
>>>rad_recv: Access-Request packet from host xx.xx.xx.xx:33025, id=15,
>>>length=67
>>>      User-Name = "1000 at xx.xx.xx.xx"
>>>      Sip-Group = "Dialin2"
>>>      Service-Type = Group-Check
>>>      NAS-IP-Address = 127.0.0.1
>>>      NAS-Port = 0
>>>Processing the authorize section of radiusd.conf
>>>modcall: entering group authorize for request 74
>>>modcall[authorize]: module "preprocess" returns ok for request 74
>>>modcall[authorize]: module "chap" returns noop for request 74
>>>modcall[authorize]: module "mschap" returns noop for request 74
>>>modcall[authorize]: module "digest" returns noop for request 74
>>>  rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
>>>"1000 at xx.xx.xx.xx"
>>>  rlm_realm: Found realm "xx.xx.xx.xx"
>>>  rlm_realm: Adding Stripped-User-Name = "1000"
>>>  rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
>>>  rlm_realm: Adding Realm = "xx.xx.xx.xx"
>>>  rlm_realm: Authentication realm is LOCAL.
>>>modcall[authorize]: module "suffix" returns noop for request 74
>>>rlm_eap: No EAP-Message, not doing EAP
>>>modcall[authorize]: module "eap" returns noop for request 74
>>>  users: Matched entry DEFAULT at line 152
>>>  users: Matched entry DEFAULT at line 158
>>>modcall[authorize]: module "files" returns ok for request 74
>>>radius_xlat:  '1000'
>>>rlm_sql (sql): sql_set_user escaped user --> '1000'
>>>rlm_sql (sql): Released sql socket id: 0
>>>modcall[authorize]: module "sql" returns ok for request 74
>>>modcall: group authorize returns ok for request 74
>>>rad_check_password:  Found Auth-Type Digest
>>>auth: type "digest"
>>>Processing the authenticate section of radiusd.conf
>>>modcall: entering group authenticate for request 74
>>>ERROR: No Digest-Nonce: Cannot perform Digest authentication
>>>modcall[authenticate]: module "digest" returns invalid for request 74
>>>modcall: group authenticate returns invalid for request 74
>>>auth: Failed to validate the user.
>>>Delaying request 74 for 1 seconds
>>>Finished request 74
>>>Going to the next request
>>>--- Walking the entire request list ---
>>>Waking up in 1 seconds...
>>>--- Walking the entire request list ---
>>>Waking up in 1 seconds...
>>>--- Walking the entire request list ---
>>>Sending Access-Reject of id 15 to xx.xx.xx.xx:33025
>>>      Reply-Message = "Authenticated"
>>>Waking up in 4 seconds...
>>>--- Walking the entire request list ---
>>>Cleaning up request 74 ID 15 with timestamp 434f1121
>>>Nothing to do.  Sleeping until we see a request.
>>>
>>>
>>>
>>>
>>>
>>>Any help in this matter would be deeply appreciated,
>>>
>>>
>>>
>>>
>>>Lenir 
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>Serdev mailing list
>>>Serdev at iptel.org
>>>http://mail.iptel.org/mailman/listinfo/serdev
>>>
>>>
>>>
>>>
>>>   
>>>
>>>      
>>>
>>_______________________________________________
>>Serusers mailing list
>>Serusers at iptel.org
>>http://mail.iptel.org/mailman/listinfo/serusers
>>
>>
>>_______________________________________________
>>Serdev mailing list
>>Serdev at iptel.org
>>http://mail.iptel.org/mailman/listinfo/serdev
>>
>>
>> 
>>
>>    
>>
>
>
>
>
>  
>





More information about the sr-users mailing list