[Serusers] Problem with radius-sql and ser-0.9.6

sip sip at infinideas.com
Fri Nov 10 14:59:59 CET 2006 

Do you have two entries for each user in the radcheck table? 

Each user needs two entries. One with the attribute User-Password containing the plaintext password, and one with the Attribute Auth-Type containing the Digest value (and a different OP). For instance:

id      user              domain              UserName              Attribute          Value      op
--------------------------------------------------------------------------------------
12      552      sip.proxy.com        552 at sip.proxy.com      User-Password   p4ssw0rd   ==
13      552      sip.proxy.com        552 at sip.proxu.com      Auth-Type        Digest        :=

Only with BOTH those lines will it work.  It looks from the error message that you have the second but not the first (since it can't find the User-Password attribute according to the error message)

N.

On Fri, 10 Nov 2006 11:49:45 -0000, Lokesh Kumar wrote
> Hello,
>  
> I am running old ser version 0.9.6, where I am authenticatingon radius and keeping the users record in default sql database of radius. Butit is not authenticating, the logs are mentioned below.
>  
> But it worked absolutely fine with radius users files.
>  
> I have the entry for the user in radcheck file but still itis saying user not found.
>  
> Can anyone give any hint where I am doing wrong.
>  
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> rad_recv: Access-Request packet from host 127.0.0.1:54086,id=241, length=262
>         User-Name ="211069020 at voip.nortenet.pt"
>         Digest-Attributes= 0x0a0b323131303639303230
>         Digest-Attributes= 0x0112766f69702e6e6f7274656e65742e7074
>         Digest-Attributes=0x022a34353534363466343439376235396563623463356332613233646564366565323939343565316432
>         Digest-Attributes= 0x04167369703a766f69702e6e6f7274656e65742e7074
>         Digest-Attributes= 0x030a5245474953544552
>         Digest-Attributes= 0x050661757468
>         Digest-Attributes= 0x090a3030303030303031
>         Digest-Attributes= 0x08103132373935383532383139343033
>         Digest-Response ="2ae0ba094f508b9dff7bb56d96649875"
>         Service-Type =Sip-Session
>         Sip-Uri-User= "211069020"
>         NAS-Port = 5060
>         NAS-IP-Address= 127.0.0.1
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
>   modcall[authorize]: module "preprocess"returns ok for request 1
>   modcall[authorize]: module "chap" returnsnoop for request 1
>   modcall[authorize]: module "mschap" returnsnoop for request 1
> rlm_digest: Adding Auth-Type = DIGEST
>   modcall[authorize]: module "digest" returnsok for request 1
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returnsnoop for request 1
> radius_xlat:  '211069020 at voip.nortenet.pt'
> rlm_sql (sql): sql_set_user escaped user --> '211069020 at voip.nortenet.pt'
> radius_xlat:  'SELECT id, UserName, Attribute, Value,op           FROMradcheck           WHEREUsername = '211069020 at voip.nortenet.pt'          ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 13
> rlm_sql (sql): User 211069020 at voip.nortenet.pt not found inradcheck
> radius_xlat:  'SELECTradgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username ='211069020 at voip.nortenet.pt' AND usergroup.GroupName = radgroupcheck.GroupNameORDER BY radgroupcheck.id'
> radius_xlat:  'SELECTradgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '211069020 at voip.nortenet.pt'AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): User 211069020 at voip.nortenet.pt not found inradgroupcheck
> rlm_sql (sql): Released sql socket id: 13
> rlm_sql (sql): User not found
>   modcall[authorize]: module "sql" returnsnotfound for request 1
> modcall: leaving group authorize (returns ok) for request 1
>   rad_check_password:  Found Auth-Type DIGEST
> auth: type "digest"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
> rlm_digest: Configuration item "User-Password" orDigest-HA1 is required for authentication.
>   modcall[authenticate]: module "digest"returns invalid for request 1
> modcall: leaving group authenticate (returns invalid) forrequest 1
> auth: Failed to validate the user.
> Login incorrect: [211069020 at voip.nortenet.pt] (from clientlocalhost port 5060)
> Delaying request 1 for 1 seconds
> Finished request 1
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 240 to 127.0.0.1 port 54085
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 241 to 127.0.0.1 port 54086
> Waking up in 3 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 240 with timestamp 455463c8
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 1 ID 241 with timestamp 455463c9
> Nothing to do.  Sleeping until we see a request.
>  
> Thanks very much
>  
> Lokesh
>  
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.409 / Virus Database: 268.14.1/527 - Release Date: 11/9/2006
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20061110/3d34f0fe/attachment.htm>

More information about the sr-users mailing list