[Users] Re: group_radius radius_is_user_in
Tavis P
tavis.lists at galaxytelecom.net
Wed Oct 19 21:58:48 CEST 2005
Well either way the radius server is going to respond with an
"Access-Accept" because you have set the auth-type to "none" (which is
necessary because you are not authenticating and can not provide the
necessary credentials).
>From the trace you showed me below, i see two radius requests both for
the user 1000 and both of which respond as i would expect.
I'm not what you are trying to accomplish, are you using the
group_radius module or just loading the group information using avp_radius?
Lenir wrote:
>This is my users file:
>
>DEFAULT Auth-Type = System
> Fall-Through = 1
>
>DEFAULT Service-Type == Call-Check, Auth-Type := None
>
>DEFAULT Service-Type == Group-Check, Auth-Type := None
>
>DEFAULT Service-Type == SIP-Session, Auth-Type := Digest
>
>DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
>
>DEFAULT Service-Type == SIP-Caller-AVPs, Auth-Type := None
>
>
>mysql> select * from radcheck;
>+----+----------+-----------+----+----------+
>| id | UserName | Attribute | op | Value |
>+----+----------+-----------+----+----------+
>| 1 | Jhassell | Password | == | changeme |
>| 2 | Rneis | Password | == | changeme |
>| 3 | 1000 | Password | == | 1000 |
>| 4 | 2000 | Password | == | 2000 |
>| 5 | 3000 | Password | == | 3000 |
>+----+----------+-----------+----+----------+
>5 rows in set (0.00 sec)
>
>mysql> select * from radreply;
>Empty set (0.00 sec)
>
>mysql> select * from usergroup;
>+----+----------+------------+
>| id | UserName | GroupName |
>+----+----------+------------+
>| 1 | Jhassell | Dialin |
>| 2 | Rneis | Staticdial |
>| 3 | 1000 | Dialin |
>| 4 | 2000 | Dialin |
>| 5 | 3000 | Dialin |
>| 6 | 3000 | Dialin2 |
>+----+----------+------------+
>6 rows in set (0.00 sec)
>
>mysql> select * from radgroupcheck;
>Empty set (0.00 sec)
>
>mysql> select * from radgroupreply;
>+----+-----------+---------------+----+----------------------------------+--
>---+
>| id | GroupName | Attribute | op | Value |
>prio |
>+----+-----------+---------------+----+----------------------------------+--
>----+
>| 1 | Dialin | Reply-Message | = | "Authenticated by group Dialin" |
>0 |
>| 2 | Dialin2 | Reply-Message | = | "Authenticated by group Dialin2" |
>0 |
>| 3 | Dialin | SIP-AVP | = | Sip-Group:Dialin |
>0 |
>+----+-----------+---------------+----+----------------------------------+--
>----+
>3 rows in set (0.00 sec)
>
>mysql> select * from radpostauth;
>Empty set (0.00 sec)
>
>
>
>Here's the debug, notice how it returns access-accept whether its in the
>right group or not. Shouldn't it return access-reject for group Dialin2?
>-----------------
>rad_recv: Access-Request packet from host xx.xx.xx.xx:33167, id=152,
>length=66
> User-Name = "1000 at xx.xx.xx.xx"
> Sip-Group = "Dialin"
> Service-Type = Group-Check
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 4
> modcall[authorize]: module "preprocess" returns ok for request 4
> modcall[authorize]: module "chap" returns noop for request 4
> modcall[authorize]: module "mschap" returns noop for request 4
> modcall[authorize]: module "digest" returns noop for request 4
> rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
>"1000 at xx.xx.xx.xx"
> rlm_realm: Found realm "xx.xx.xx.xx"
> rlm_realm: Adding Stripped-User-Name = "1000"
> rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
> rlm_realm: Adding Realm = "xx.xx.xx.xx"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "suffix" returns noop for request 4
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 4
> users: Matched entry DEFAULT at line 156
> users: Matched entry DEFAULT at line 161
> modcall[authorize]: module "files" returns ok for request 4
>radius_xlat: '1000'
>rlm_sql (sql): sql_set_user escaped user --> '1000'
>radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
>radcheck WHERE Username = '1000' ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 0
>rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
>FROM radcheck WHERE Username = '1000' ORDER BY id
>radius_xlat: 'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query: SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
>radreply WHERE Username = '1000' ORDER BY id'
>rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
>FROM radreply WHERE Username = '1000' ORDER BY id
>radius_xlat: 'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query: SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Checking profile DEFAULT
>rlm_sql (sql): sql_set_user escaped user --> 'DEFAULT'
>radius_xlat: 'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query: SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat: 'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query: SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Released sql socket id: 0
> modcall[authorize]: module "sql" returns ok for request 4
>modcall: group authorize returns ok for request 4
> rad_check_password: Found Auth-Type None
> rad_check_password: Auth-Type = Accept, accepting the user
>radius_xlat: 'Authenticated by group Dialin'
>Sending Access-Accept of id 152 to xx.xx.xx.xx:33167
> Reply-Message = "Authenticated by group Dialin"
> SIP-AVP = "Sip-Group:Dialin"
>Finished request 4
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host xx.xx.xx.xx:33167, id=153,
>length=67
> User-Name = "1000 at xx.xx.xx.xx"
> Sip-Group = "Dialin2"
> Service-Type = Group-Check
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 5
> modcall[authorize]: module "preprocess" returns ok for request 5
> modcall[authorize]: module "chap" returns noop for request 5
> modcall[authorize]: module "mschap" returns noop for request 5
> modcall[authorize]: module "digest" returns noop for request 5
> rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
>"1000 at xx.xx.xx.xx"
> rlm_realm: Found realm "xx.xx.xx.xx"
> rlm_realm: Adding Stripped-User-Name = "1000"
> rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
> rlm_realm: Adding Realm = "xx.xx.xx.xx"
> rlm_realm: Authentication realm is LOCAL.
> modcall[authorize]: module "suffix" returns noop for request 5
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 5
> users: Matched entry DEFAULT at line 156
> users: Matched entry DEFAULT at line 161
> modcall[authorize]: module "files" returns ok for request 5
>radius_xlat: '1000'
>rlm_sql (sql): sql_set_user escaped user --> '1000'
>radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
>radcheck WHERE Username = '1000' ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 4
>rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
>FROM radcheck WHERE Username = '1000' ORDER BY id
>radius_xlat: 'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query: SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
>radreply WHERE Username = '1000' ORDER BY id'
>rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
>FROM radreply WHERE Username = '1000' ORDER BY id
>radius_xlat: 'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query: SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = '1000' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Checking profile DEFAULT
>rlm_sql (sql): sql_set_user escaped user --> 'DEFAULT'
>radius_xlat: 'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query: SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat: 'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query: SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Released sql socket id: 4
> modcall[authorize]: module "sql" returns ok for request 5
>modcall: group authorize returns ok for request 5
> rad_check_password: Found Auth-Type None
> rad_check_password: Auth-Type = Accept, accepting the user
>radius_xlat: 'Authenticated by group Dialin'
>Sending Access-Accept of id 153 to xx.xx.xx.xx:33167
> Reply-Message = "Authenticated by group Dialin"
> SIP-AVP = "Sip-Group:Dialin"
>Finished request 5
>
>-----Original Message-----
>From: Tavis P [mailto:tavis.lists at galaxytelecom.net]
>Sent: Friday, October 14, 2005 7:21 PM
>To: Lenir
>Cc: users at openser.org; serusers at iptel.org
>Subject: Re: group_radius radius_is_user_in
>
>Ugh the subject line is getting really munged up ;P
>
>Hmmm, what does the output from "radiusd -X" look like for the exchange?
>
>
>Lenir wrote:
>
>
>
>>Tavis,
>>
>>Thanks for your input, that did fix the problem. I did have the "files"
>>before "sql" in radiusd.conf. Also I followed your advice about taking out
>>"Auth-Type" out of mysql table and let DEFAULT in users file do the trick.
>>
>>However it's semi-working.
>>
>>Accourding to the snippet from my ser.cfg file, now I get the following in
>>stderr:
>>0(4866) 000d2890-d47f0003-4a230347-53c6189b at yy.yy.yy.yy -
>>sip:1000 at xx.xx.xx.xx - User authenticated...
>>0(4866) Credentials: User is in Radius Group Dialin!!!!
>>0(4866) Credentials: User is in Radius Group Dialin2!!!!
>>
>>No matter which parameter I use for the function radius_is_user_in(), it
>>always returns TRUE. When in fact it should return FALSE for Group Dialin2.
>>I've tried:
>>
>>if (radius_is_user_in("From", "Dialin2")){...
>>if (radius_is_user_in("Credentials", "Dialin2")){...
>>
>>
>>
>>
>>
>>Here's what I did to fix future problems:
>>
>>EFAULT Auth-Type = System
>> Fall-Through = 1
>>
>>DEFAULT Service-Type == Call-Check, Auth-Type := Digest
>>
>>DEFAULT Service-Type == Group-Check, Auth-Type := None
>>
>>DEFAULT Service-Type == SIP-Session, Auth-Type := Digest
>>
>>DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
>>
>>DEFAULT Service-Type == SIP-Caller-AVPs, Auth-Type := None
>>
>>
>>Also, for those of you using the latest version of freeradius, you may have
>>to comment out the following lines as they conflict with dictionary.ser
>>
>>
>(SER
>
>
>>CVS) and dictionary.sip (comes with radiusclient-NG)
>>
>>#VALUE Service-Type Voice 12
>>#VALUE Service-Type Fax 13
>>#VALUE Service-Type Modem-Relay 14
>>#VALUE Service-Type IAPP-Register 15
>>#VALUE Service-Type IAPP-AP-Check 16
>>
>>
>>Thanks,
>>
>>
>>Lenir
>>
>>
>>-----Original Message-----
>>From: serusers-bounces at iptel.org [mailto:serusers-bounces at iptel.org] On
>>Behalf Of Tavis P
>>Sent: Friday, October 14, 2005 1:49 PM
>>To: lsantiago at globalgatewaycom.com
>>Cc: serdev at iptel.org; serusers at iptel.org; devel at openser.org;
>>users at openser.org
>>Subject: [Serusers] Re: [Serdev] group_radius radius_is_user_in
>>
>>Oops, i spoke too soon
>>
>>It looks like you have placed the "files" module before the "sql" module
>>in your radiusd.conf
>>
>>Its matching your DEFAULT entry in files (setting the Auth-Type to none)
>>but the sql module is later changing the Auth-Type to "digest"
>>
>>Changing the order would solve this problem, as you want it to match the
>>SQL statement first and than the section in the files last (which
>>changes the Auth-Type)
>>
>>Also, you may want to reduce the load on your database by not setting
>>the Auth-Type in the database and instead setting in the users file with
>>a DEFAULT statement as (at least in my case) it isn't somthing that need
>>to be dynamic.
>>
>>lenirsantiago at yahoo.com wrote:
>>
>>
>>
>>
>>
>>>Hello list,
>>>
>>>I've been trying my hardest today to get group_radius to work, and its
>>>function radius_is_user_in().
>>>I'm running ser0.9.4 and freeradius 1.0.4 with the mysql backend and
>>>
>>>
>digest
>
>
>>>authentication.
>>>
>>>Radius authentication works fine.
>>>The problem is that when radius_is_user_in() function gets called, it
>>>
>>>
>sends
>
>
>>>a radius message but without the User-Password field and freeradius
>>>complains that it requires it since we are using Digest.
>>>I've seen a couple of posts here, but they were never answered:
>>>http://mail.iptel.org/pipermail/serusers/2005-March/017342.html
>>>http://mail.iptel.org/pipermail/serusers/2005-March/017075.html
>>>
>>>-----
>>>I have a small test in my ser.cfg file:
>>> if (!radius_www_authorize("")) {
>>> xlog("L_I","%ci - %fu - User not authenticated, Radius
>>>Authenticating...\n");
>>> www_challenge("","0");
>>> break;
>>> } else {
>>> xlog("L_I","%ci - %fu - User authenticated...\n");
>>> };
>>>
>>> if (radius_is_user_in("From", "Dialin")){
>>> xlog("L_I","From: User is in Radius Group Dialin!!!!\n");
>>> } else {
>>> xlog("L_I","From: User *IS NOT* Group Dialin!!!!!\n");
>>> };
>>>
>>> if (radius_is_user_in("Credentials", "Dialin2")){
>>> xlog("L_I","From: User is in Radius Group Dialin2!!!!\n");
>>> } else {
>>> xlog("L_I","From: User *IS NOT* Group Dialin2!!!!!\n");
>>> };
>>>
>>>-----
>>>In /etc/raddb/users file I have the following at line 152:
>>>DEFAULT Auth-Type = System
>>> Fall-Through = 1
>>>
>>>DEFAULT Service-Type == Group-Check, Auth-Type := None
>>>
>>>DEFAULT Service-Type == SIP-Callee-AVPs, Auth-Type := None
>>>
>>>-----
>>>
>>>These are mysql tables:
>>>
>>>+----+----------+-----------+----+----------+
>>>| id | UserName | Attribute | op | Value |
>>>+----+----------+-----------+----+----------+
>>>| 1 | Jhassell | Password | == | changeme |
>>>| 2 | Rneis | Password | == | changeme |
>>>| 3 | 1000 | Password | == | 1000 |
>>>| 4 | 2000 | Password | == | 2000 |
>>>| 5 | 3000 | Password | == | 3000 |
>>>| 8 | 1000 | Auth-Type | := | Digest |
>>>+----+----------+-----------+----+----------+
>>>
>>>+----+-----------+-----------+----+--------+
>>>| id | GroupName | Attribute | op | Value |
>>>+----+-----------+-----------+----+--------+
>>>| 6 | Dialin | Auth-Type | := | Accept |
>>>+----+-----------+-----------+----+--------+
>>>
>>>+----+-----------+---------------+----+----------------------------------+
>>>
>>>
>-
>
>
>>>
>>>
>>>
>>>
>>-
>>
>>
>>
>>
>>>----+
>>>| id | GroupName | Attribute | op | Value |
>>>prio |
>>>+----+-----------+---------------+----+----------------------------------+
>>>
>>>
>-
>
>
>>>
>>>
>>>
>>>
>>-
>>
>>
>>
>>
>>>----+
>>>| 1 | Dialin | Reply-Message | = | "Authenticated by group Dialin" |
>>>0 |
>>>| 2 | Dialin2 | Reply-Message | = | "Authenticated by group Dialin2" |
>>>0 |
>>>+----+-----------+---------------+----+----------------------------------+
>>>
>>>
>-
>
>
>>>
>>>
>>>
>>>
>>-
>>
>>
>>
>>
>>>----+
>>>
>>>+----+----------+---------------+----+------------------+
>>>| id | UserName | Attribute | op | Value |
>>>+----+----------+---------------+----+------------------+
>>>| 1 | 1000 | Reply-Message | = | "Authenticated" |
>>>| 2 | 1000 | Sip-Group | = | Dialin |
>>>| 3 | 1000 | SIP-AVP | = | Sip-Group:Dialin |
>>>+----+----------+---------------+----+------------------+
>>>
>>>+----+----------+------------+
>>>| id | UserName | GroupName |
>>>+----+----------+------------+
>>>| 1 | Jhassell | Dialin |
>>>| 2 | Rneis | Staticdial |
>>>| 3 | 1000 | Dialin |
>>>| 4 | 2000 | Dialin |
>>>| 5 | 3000 | Dialin |
>>>| 6 | 3000 | Dialin2 |
>>>+----+----------+------------+
>>>
>>>------
>>>
>>>This is the debug I get from freeradius for the group check:
>>>
>>>rad_recv: Access-Request packet from host xx.xx.xx.xx:33025, id=15,
>>>length=67
>>> User-Name = "1000 at xx.xx.xx.xx"
>>> Sip-Group = "Dialin2"
>>> Service-Type = Group-Check
>>> NAS-IP-Address = 127.0.0.1
>>> NAS-Port = 0
>>>Processing the authorize section of radiusd.conf
>>>modcall: entering group authorize for request 74
>>>modcall[authorize]: module "preprocess" returns ok for request 74
>>>modcall[authorize]: module "chap" returns noop for request 74
>>>modcall[authorize]: module "mschap" returns noop for request 74
>>>modcall[authorize]: module "digest" returns noop for request 74
>>> rlm_realm: Looking up realm "xx.xx.xx.xx" for User-Name =
>>>"1000 at xx.xx.xx.xx"
>>> rlm_realm: Found realm "xx.xx.xx.xx"
>>> rlm_realm: Adding Stripped-User-Name = "1000"
>>> rlm_realm: Proxying request from user 1000 to realm xx.xx.xx.xx
>>> rlm_realm: Adding Realm = "xx.xx.xx.xx"
>>> rlm_realm: Authentication realm is LOCAL.
>>>modcall[authorize]: module "suffix" returns noop for request 74
>>>rlm_eap: No EAP-Message, not doing EAP
>>>modcall[authorize]: module "eap" returns noop for request 74
>>> users: Matched entry DEFAULT at line 152
>>> users: Matched entry DEFAULT at line 158
>>>modcall[authorize]: module "files" returns ok for request 74
>>>radius_xlat: '1000'
>>>rlm_sql (sql): sql_set_user escaped user --> '1000'
>>>rlm_sql (sql): Released sql socket id: 0
>>>modcall[authorize]: module "sql" returns ok for request 74
>>>modcall: group authorize returns ok for request 74
>>>rad_check_password: Found Auth-Type Digest
>>>auth: type "digest"
>>>Processing the authenticate section of radiusd.conf
>>>modcall: entering group authenticate for request 74
>>>ERROR: No Digest-Nonce: Cannot perform Digest authentication
>>>modcall[authenticate]: module "digest" returns invalid for request 74
>>>modcall: group authenticate returns invalid for request 74
>>>auth: Failed to validate the user.
>>>Delaying request 74 for 1 seconds
>>>Finished request 74
>>>Going to the next request
>>>--- Walking the entire request list ---
>>>Waking up in 1 seconds...
>>>--- Walking the entire request list ---
>>>Waking up in 1 seconds...
>>>--- Walking the entire request list ---
>>>Sending Access-Reject of id 15 to xx.xx.xx.xx:33025
>>> Reply-Message = "Authenticated"
>>>Waking up in 4 seconds...
>>>--- Walking the entire request list ---
>>>Cleaning up request 74 ID 15 with timestamp 434f1121
>>>Nothing to do. Sleeping until we see a request.
>>>
>>>
>>>
>>>
>>>
>>>Any help in this matter would be deeply appreciated,
>>>
>>>
>>>
>>>
>>>Lenir
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>Serdev mailing list
>>>Serdev at iptel.org
>>>http://mail.iptel.org/mailman/listinfo/serdev
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>_______________________________________________
>>Serusers mailing list
>>Serusers at iptel.org
>>http://mail.iptel.org/mailman/listinfo/serusers
>>
>>
>>_______________________________________________
>>Serdev mailing list
>>Serdev at iptel.org
>>http://mail.iptel.org/mailman/listinfo/serdev
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
More information about the Users
mailing list