[OpenSER-Users] Problem with Openser-freeradius communication

Pete Kay petedao at gmail.com
Wed May 28 17:12:49 CEST 2008


Hi Dan,
If I change the attribute to user-password, I still can't authenticate.  It
is so strange since I am able to authenticate using my test client.

Waking up in 4.9 seconds.
        User-Name = "1006 at 192.168.1.104"
        Digest-Attributes = 0x0a0631303036
        Digest-Attributes = 0x010f3139322e3136382e312e313034
        Digest-Attributes =
0x022a34383364653562636166376535646335323862373335643661393364363634636237376533396636
        Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
        Digest-Attributes = 0x030a5245474953544552
        Digest-Response = "9b614ed006554a3a7ea094b14237dae9"
        Service-Type = IAPP-Register
        X-Ascend-PW-Lifetime = 825241654
        NAS-Port = 5060
        NAS-IP-Address = 127.0.0.1
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
        expand: %t -> Thu May 29 07:02:41 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_digest: Adding Auth-Type = DIGEST
++[digest] returns ok
    rlm_realm: Looking up realm "192.168.1.104" for User-Name = "
1006 at 192.168.1.104"
    rlm_realm: Found realm "192.168.1.104"
    rlm_realm: Adding Stripped-User-Name = "1006"
    rlm_realm: Adding Realm = "192.168.1.104"
    rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
        expand: %{Stripped-User-Name} -> 1006
        expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
rlm_sql (sql): sql_set_user escaped user --> '1006'
rlm_sql (sql): Reserving sql socket id: 1
        expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '1006'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = '1006'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '1006'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radreply           WHERE username = '1006'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname      FROM radusergroup           WHERE username = '1006'
ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM
radusergroup           WHERE username = '1006'           ORDER BY priority
        expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck           WHERE
groupname = 'openser'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
op       FROM radgroupcheck           WHERE groupname = 'openser'
ORDER BY id
rlm_sql (sql): User found in group openser
        expand: SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           value, op           FROM radgroupreply           WHERE
groupname = 'openser'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           value,
op       FROM radgroupreply           WHERE groupname = 'openser'
ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type Local
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [1006 at 192.168.1.104/<via Auth-Type = Local>] (from client
localhost port 5060)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> 1006 at 192.168.1.104
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 227 for 1 seconds
Going to the next request

But even if I change to Digest-HA1, I still can't authenticate:

Waking up in 0.8 seconds.
        User-Name = "1006 at 192.168.1.104"
        Digest-Attributes = 0x0a0631303036
        Digest-Attributes = 0x010f3139322e3136382e312e313034
        Digest-Attributes =
0x022a34383364653635643437393064306234623163626463333130653930633338383766393734653963
        Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
        Digest-Attributes = 0x030a5245474953544552
        Digest-Response = "1a8ef3e9646fc8fba9eb9b50b1e0187e"
        Service-Type = IAPP-Register
        X-Ascend-PW-Lifetime = 825241654
        NAS-Port = 5060
        NAS-IP-Address = 127.0.0.1
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
        expand: %t -> Thu May 29 07:05:22 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_digest: Adding Auth-Type = DIGEST
++[digest] returns ok
    rlm_realm: Looking up realm "192.168.1.104" for User-Name = "
1006 at 192.168.1.104"
    rlm_realm: Found realm "192.168.1.104"
    rlm_realm: Adding Stripped-User-Name = "1006"
    rlm_realm: Adding Realm = "192.168.1.104"
    rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
        expand: %{Stripped-User-Name} -> 1006
        expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
rlm_sql (sql): sql_set_user escaped user --> '1006'
rlm_sql (sql): Reserving sql socket id: 1
        expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '1006'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = '1006'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '1006'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radreply           WHERE username = '1006'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname      FROM radusergroup           WHERE username = '1006'
ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM
radusergroup           WHERE username = '1006'           ORDER BY priority
        expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck           WHERE
groupname = 'openser'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
op       FROM radgroupcheck           WHERE groupname = 'openser'
ORDER BY id
rlm_sql (sql): User found in group openser
        expand: SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           value, op           FROM radgroupreply           WHERE
groupname = 'openser'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           value,
op       FROM radgroupreply           WHERE groupname = 'openser'
ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [1006 at 192.168.1.104/<via Auth-Type = Local>] (from client
localhost port 5060)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> 1006 at 192.168.1.104
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 237 for 1 seconds
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080528/cc784dd7/attachment.htm>


More information about the sr-users mailing list