[OpenSER-Users] Problem with Openser-freeradius communication
Dan-Cristian Bogos
danb.lists at googlemail.com
Thu May 29 08:44:57 CEST 2008
Hi Pete,
if it still does not work, can u post somewhere your radiusd.conf + sql.conf
files?
Cheers,
DanB
On Wed, May 28, 2008 at 5:12 PM, Pete Kay <petedao at gmail.com> wrote:
> Hi Dan,
> If I change the attribute to user-password, I still can't authenticate. It
> is so strange since I am able to authenticate using my test client.
>
> Waking up in 4.9 seconds.
> User-Name = "1006 at 192.168.1.104"
> Digest-Attributes = 0x0a0631303036
> Digest-Attributes = 0x010f3139322e3136382e312e313034
> Digest-Attributes =
> 0x022a34383364653562636166376535646335323862373335643661393364363634636237376533396636
> Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
> Digest-Attributes = 0x030a5245474953544552
> Digest-Response = "9b614ed006554a3a7ea094b14237dae9"
> Service-Type = IAPP-Register
> X-Ascend-PW-Lifetime = 825241654
> NAS-Port = 5060
> NAS-IP-Address = 127.0.0.1
> +- entering group authorize
> ++[preprocess] returns ok
> expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
> rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/
> 127.0.0.1/auth-detail-20080529
> expand: %t -> Thu May 29 07:02:41 2008
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_digest: Adding Auth-Type = DIGEST
> ++[digest] returns ok
> rlm_realm: Looking up realm "192.168.1.104" for User-Name = "
> 1006 at 192.168.1.104"
> rlm_realm: Found realm "192.168.1.104"
> rlm_realm: Adding Stripped-User-Name = "1006"
> rlm_realm: Adding Realm = "192.168.1.104"
> rlm_realm: Authentication realm is LOCAL.
> ++[suffix] returns noop
> rlm_eap: No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> expand: %{Stripped-User-Name} -> 1006
> expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
> rlm_sql (sql): sql_set_user escaped user --> '1006'
> rlm_sql (sql): Reserving sql socket id: 1
> expand: SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
> -> SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '1006' ORDER BY id
> rlm_sql_mysql: query: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = '1006' ORDER BY id
> rlm_sql (sql): User found in radcheck table
> expand: SELECT id, username, attribute, value, op FROM
> radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
> -> SELECT id, username, attribute, value, op FROM
> radreply WHERE username = '1006' ORDER BY id
> rlm_sql_mysql: query: SELECT id, username, attribute, value, op
> FROM radreply WHERE username = '1006' ORDER BY id
> expand: SELECT groupname FROM radusergroup
> WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
> groupname FROM radusergroup WHERE username = '1006'
> ORDER BY priority
> rlm_sql_mysql: query: SELECT groupname FROM
> radusergroup WHERE username = '1006' ORDER BY priority
> expand: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname =
> '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
> attribute, Value, op FROM radgroupcheck WHERE
> groupname = 'openser' ORDER BY id
> rlm_sql_mysql: query: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): User found in group openser
> expand: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname =
> '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
> attribute, value, op FROM radgroupreply WHERE
> groupname = 'openser' ORDER BY id
> rlm_sql_mysql: query: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): Released sql socket id: 1
> ++[sql] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> rad_check_password: Found Auth-Type Local
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Replacing User-Password in config items with Cleartext-Password.
> !!!
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Please update your configuration so that the "known good"
> !!!
> !!! clear text password is in Cleartext-Password, and not in User-Password.
> !!!
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> auth: type Local
> auth: No User-Password or CHAP-Password attribute in the request
> auth: Failed to validate the user.
> Login incorrect: [1006 at 192.168.1.104/<via Auth-Type = Local>] (from client
> localhost port 5060)
> Found Post-Auth-Type Reject
> +- entering group REJECT
> expand: %{User-Name} -> 1006 at 192.168.1.104
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 227 for 1 seconds
> Going to the next request
>
> But even if I change to Digest-HA1, I still can't authenticate:
>
> Waking up in 0.8 seconds.
> User-Name = "1006 at 192.168.1.104"
> Digest-Attributes = 0x0a0631303036
> Digest-Attributes = 0x010f3139322e3136382e312e313034
> Digest-Attributes =
> 0x022a34383364653635643437393064306234623163626463333130653930633338383766393734653963
> Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
> Digest-Attributes = 0x030a5245474953544552
> Digest-Response = "1a8ef3e9646fc8fba9eb9b50b1e0187e"
> Service-Type = IAPP-Register
> X-Ascend-PW-Lifetime = 825241654
> NAS-Port = 5060
> NAS-IP-Address = 127.0.0.1
> +- entering group authorize
> ++[preprocess] returns ok
> expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
> rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/
> 127.0.0.1/auth-detail-20080529
> expand: %t -> Thu May 29 07:05:22 2008
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> rlm_digest: Adding Auth-Type = DIGEST
> ++[digest] returns ok
> rlm_realm: Looking up realm "192.168.1.104" for User-Name = "
> 1006 at 192.168.1.104"
> rlm_realm: Found realm "192.168.1.104"
> rlm_realm: Adding Stripped-User-Name = "1006"
> rlm_realm: Adding Realm = "192.168.1.104"
> rlm_realm: Authentication realm is LOCAL.
> ++[suffix] returns noop
> rlm_eap: No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> expand: %{Stripped-User-Name} -> 1006
> expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
> rlm_sql (sql): sql_set_user escaped user --> '1006'
> rlm_sql (sql): Reserving sql socket id: 1
> expand: SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
> -> SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '1006' ORDER BY id
> rlm_sql_mysql: query: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = '1006' ORDER BY id
> rlm_sql (sql): User found in radcheck table
> expand: SELECT id, username, attribute, value, op FROM
> radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
> -> SELECT id, username, attribute, value, op FROM
> radreply WHERE username = '1006' ORDER BY id
> rlm_sql_mysql: query: SELECT id, username, attribute, value, op
> FROM radreply WHERE username = '1006' ORDER BY id
> expand: SELECT groupname FROM radusergroup
> WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
> groupname FROM radusergroup WHERE username = '1006'
> ORDER BY priority
> rlm_sql_mysql: query: SELECT groupname FROM
> radusergroup WHERE username = '1006' ORDER BY priority
> expand: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname =
> '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
> attribute, Value, op FROM radgroupcheck WHERE
> groupname = 'openser' ORDER BY id
> rlm_sql_mysql: query: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): User found in group openser
> expand: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname =
> '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
> attribute, value, op FROM radgroupreply WHERE
> groupname = 'openser' ORDER BY id
> rlm_sql_mysql: query: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = 'openser'
> ORDER BY id
> rlm_sql (sql): Released sql socket id: 1
> ++[sql] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> rad_check_password: Found Auth-Type Local
> auth: type Local
> auth: No User-Password or CHAP-Password attribute in the request
> auth: Failed to validate the user.
> Login incorrect: [1006 at 192.168.1.104/<via Auth-Type = Local>] (from client
> localhost port 5060)
> Found Post-Auth-Type Reject
> +- entering group REJECT
> expand: %{User-Name} -> 1006 at 192.168.1.104
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 237 for 1 seconds
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080529/b5ef54e5/attachment.htm
More information about the Users
mailing list