[OpenSER-Users] Problem with Openser-freeradius communication

Dan-Cristian Bogos danb.lists at googlemail.com
Wed May 28 16:37:22 CEST 2008


Pete,

this query should return an attribute named password, which will be used
later for creating a digest hash and compare it with the one received over
the request:
SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '1006'           ORDER BY id.
What does it return for you?

DanB

On Wed, May 28, 2008 at 4:19 PM, Pete Kay <petedao at gmail.com> wrote:

> Hi Dan,
>
> Please kindly take a look at the following radius-X output.  Thanks alot
> for all your help.
>
>         User-Name = "1006 at 192.168.1.104"
>         Digest-Attributes = 0x0a0631303036
>         Digest-Attributes = 0x010f3139322e3136382e312e313034
>         Digest-Attributes =
> 0x022a34383364646135323939343738313830333633356136633964383131386336313039333930656461
>         Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
>         Digest-Attributes = 0x030a5245474953544552
>         Digest-Response = "1130e5ed3a8e7266cbe8fa9d4463fdf4"
>         Service-Type = IAPP-Register
>         X-Ascend-PW-Lifetime = 825241654
>         NAS-Port = 5060
>         NAS-IP-Address = 127.0.0.1
> +- entering group authorize
> ++[preprocess] returns ok
>         expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
> rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/
> 127.0.0.1/auth-detail-20080529
>         expand: %t -> Thu May 29 06:13:58 2008
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_digest: Adding Auth-Type = DIGEST
> ++[digest] returns ok
>     rlm_realm: Looking up realm "192.168.1.104" for User-Name = "
> 1006 at 192.168.1.104"
>     rlm_realm: Found realm "192.168.1.104"
>     rlm_realm: Adding Stripped-User-Name = "1006"
>     rlm_realm: Adding Realm = "192.168.1.104"
>     rlm_realm: Authentication realm is LOCAL.
> ++[suffix] returns noop
>   rlm_eap: No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
>         expand: %{Stripped-User-Name} -> 1006
>         expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
> rlm_sql (sql): sql_set_user escaped user --> '1006'
> rlm_sql (sql): Reserving sql socket id: 2
>         expand: SELECT id, username, attribute, value, op           FROM
> radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
> -> SELECT id, username, attribute, value, op           FROM
> radcheck           WHERE username = '1006'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
> FROM radcheck           WHERE username = '1006'           ORDER BY id
> rlm_sql (sql): User found in radcheck table
>         expand: SELECT id, username, attribute, value, op           FROM
> radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
> -> SELECT id, username, attribute, value, op           FROM
> radreply           WHERE username = '1006'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
> FROM radreply           WHERE username = '1006'           ORDER BY id
>         expand: SELECT groupname           FROM radusergroup
> WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
> groupname      FROM radusergroup           WHERE username = '1006'
> ORDER BY priority
> rlm_sql_mysql: query:  SELECT groupname           FROM
> radusergroup           WHERE username = '1006'           ORDER BY priority
>         expand: SELECT id, groupname, attribute,           Value,
> op           FROM radgroupcheck           WHERE groupname =
> '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
> attribute,           Value, op           FROM radgroupcheck           WHERE
> groupname = 'openser'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
> op       FROM radgroupcheck           WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): User found in group openser
>         expand: SELECT id, groupname, attribute,           value,
> op           FROM radgroupreply           WHERE groupname =
> '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
> attribute,           value, op           FROM radgroupreply           WHERE
> groupname = 'openser'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, groupname, attribute,           value,
> op       FROM radgroupreply           WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): Released sql socket id: 2
> ++[sql] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type Local
> auth: type Local
> auth: No User-Password or CHAP-Password attribute in the request
> auth: Failed to validate the user.
> Login incorrect: [1006 at 192.168.1.104/<via Auth-Type = Local>] (from client
> localhost port 5060)
>   Found Post-Auth-Type Reject
> +- entering group REJECT
>         expand: %{User-Name} -> 1006 at 192.168.1.104
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 189 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 189
> Waking up in 4.9 seconds.
>         User-Name = "1006 at 192.168.1.104"
>         Digest-Attributes = 0x0a0631303036
>         Digest-Attributes = 0x010f3139322e3136382e312e313034
>         Digest-Attributes =
> 0x022a34383364646135323939343738313830333633356136633964383131386336313039333930656461
>         Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
>         Digest-Attributes = 0x030a5245474953544552
>         Digest-Response = "1130e5ed3a8e7266cbe8fa9d4463fdf4"
>         Service-Type = IAPP-Register
>         X-Ascend-PW-Lifetime = 825241654
>         NAS-Port = 5060
>         NAS-IP-Address = 127.0.0.1
> +- entering group authorize
> ++[preprocess] returns ok
>         expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
> rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/
> 127.0.0.1/auth-detail-20080529
>         expand: %t -> Thu May 29 06:13:59 2008
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_digest: Adding Auth-Type = DIGEST
> ++[digest] returns ok
>     rlm_realm: Looking up realm "192.168.1.104" for User-Name = "
> 1006 at 192.168.1.104"
>     rlm_realm: Found realm "192.168.1.104"
>     rlm_realm: Adding Stripped-User-Name = "1006"
>     rlm_realm: Adding Realm = "192.168.1.104"
>     rlm_realm: Authentication realm is LOCAL.
> ++[suffix] returns noop
>   rlm_eap: No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
>         expand: %{Stripped-User-Name} -> 1006
>         expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
> rlm_sql (sql): sql_set_user escaped user --> '1006'
> rlm_sql (sql): Reserving sql socket id: 1
>         expand: SELECT id, username, attribute, value, op           FROM
> radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
> -> SELECT id, username, attribute, value, op           FROM
> radcheck           WHERE username = '1006'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
> FROM radcheck           WHERE username = '1006'           ORDER BY id
> rlm_sql (sql): User found in radcheck table
>         expand: SELECT id, username, attribute, value, op           FROM
> radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
> -> SELECT id, username, attribute, value, op           FROM
> radreply           WHERE username = '1006'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
> FROM radreply           WHERE username = '1006'           ORDER BY id
>         expand: SELECT groupname           FROM radusergroup
> WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
> groupname      FROM radusergroup           WHERE username = '1006'
> ORDER BY priority
> rlm_sql_mysql: query:  SELECT groupname           FROM
> radusergroup           WHERE username = '1006'           ORDER BY priority
>         expand: SELECT id, groupname, attribute,           Value,
> op           FROM radgroupcheck           WHERE groupname =
> '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
> attribute,           Value, op           FROM radgroupcheck           WHERE
> groupname = 'openser'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
> op       FROM radgroupcheck           WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): User found in group openser
>         expand: SELECT id, groupname, attribute,           value,
> op           FROM radgroupreply           WHERE groupname =
> '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
> attribute,           value, op           FROM radgroupreply           WHERE
> groupname = 'openser'           ORDER BY id
> rlm_sql_mysql: query:  SELECT id, groupname, attribute,           value,
> op       FROM radgroupreply           WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): Released sql socket id: 1
> ++[sql] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type Local
> auth: type Local
> auth: No User-Password or CHAP-Password attribute in the request
> auth: Failed to validate the user.
> Login incorrect: [1006 at 192.168.1.104/<via Auth-Type = Local>] (from client
> localhost port 5060)
>   Found Post-Auth-Type Reject
> +- entering group REJECT
>         expand: %{User-Name} -> 1006 at 192.168.1.104
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 190 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 190
> Waking up in 3.9 seconds.
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080528/04ff1999/attachment.htm>


More information about the sr-users mailing list