I fixed this.
I did the following:
in sql.conf:
I uncommented:
sql_user_name = "%{Stripped-User-Name:-%{User-Name:-none}}"
and commented out:
sql_user_name = "%{User-Name}"
causing Stripped-User-Name to be checked as well against the sql database.
In radiusd.conf:
I added
suffix
in the preprocess section right before the hints file is specified so that
a hinted username can be properly stripped if it is also realmed.
username.ppp@domain wouldn't work before.
--
Mark P. Hennessy [EMAIL PROTECTED]
On Wed, 21 Aug 2002, Mark Hennessy wrote:
> Date: Wed, 21 Aug 2002 10:20:39 -0400 (EDT)
> From: Mark Hennessy <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: hints file somehow not processed against users in sql database?
>
> For some reason, the hints file doesn't seem to get honored when a user
> with an entry the sql database is trying to authenticate on my system.
>
> Here's my hints file:
>
> DEFAULT Suffix = ".ppp", Strip-User-Name = Yes
> Hint = "PPP",
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Fall-Through = Yes
>
> DEFAULT Suffix = ".roaming", Strip-User-Name = Yes
> Hint = "PPP",
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Fall-Through = Yes
>
> It doesn't seem to be authenticating properly if the realm is specified
> either, even though the realm is specified in the realms file.
>
> huntgroups is being honored, so it would appear that preprocess is
> being used.
>
> This is debug output from an attempt with the realm name, the debug output
> from an attempt with .ppp suffix is the next one below this.
>
> rad_recv: Access-Request packet from host 192.168.1.20:2465, id=96, length=82
> User-Name = "[EMAIL PROTECTED]"
> User-Password = "<snipped>"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-IP-Address = 192.168.1.20
> NAS-Port = 0
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_realm: Looking up realm cloud9.net for User-Name =
> "[EMAIL PROTECTED]"
> rlm_realm: Found realm cloud9.net
> rlm_realm: Adding Stripped-User-Name = "foo"
> rlm_realm: Proxying request from user foo to realm cloud9.net
> rlm_realm: Adding Realm = "cloud9.net"
> rlm_realm: Authentication realm is LOCAL.
> rlm_realm: auth_port is not set. proxy cancelled
> modcall[authorize]: module "suffix" returns noop
> radius_xlat: '[EMAIL PROTECTED]'
> sql_set_user: escaped user --> '[EMAIL PROTECTED]'
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = '[EMAIL PROTECTED]' ORDER BY id'
> rlm_sql: Reserving sql socket id: 4
> rlm_sql: User [EMAIL PROTECTED] not found
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username =
> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName
> ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username =
> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName
> ORDER BY radgroupreply.id'
> sql_set_user: escaped user --> 'DEFAULT'
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql: DEFAULT not found
> rlm_sql: Released sql socket id: 4
> modcall[authorize]: module "sql" returns notfound
> huntgroups: Matched local at 50
> users: Matched DEFAULT at 19
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> rad_lowerpair: Stripped-User-Name now 'foo'
> rad_rmspace_pair: Stripped-User-Name now 'foo'
> rad_rmspace_pair: User-Password now 'BAR'
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_realm: Request already proxied. Ignoring.
> modcall[authorize]: module "suffix" returns noop
> radius_xlat: '[EMAIL PROTECTED]'
> sql_set_user: escaped user --> '[EMAIL PROTECTED]'
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = '[EMAIL PROTECTED]' ORDER BY id'
> rlm_sql: Reserving sql socket id: 3
> rlm_sql: User [EMAIL PROTECTED] not found
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username =
> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName
> ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username =
> '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName
> ORDER BY radgroupreply.id'
> sql_set_user: escaped user --> 'DEFAULT'
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql: DEFAULT not found
> rlm_sql: Released sql socket id: 3
> modcall[authorize]: module "sql" returns notfound
> huntgroups: Matched local at 50
> users: Matched DEFAULT at 19
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
>
> .ppp in the username:
>
> rad_recv: Access-Request packet from host 192.168.1.20:2558, id=225, length=75
> User-Name = "foo.ppp"
> User-Password = "<snipped>"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-IP-Address = 192.168.1.20
> NAS-Port = 0
> modcall: entering group authorize
> hints: Matched DEFAULT at 27
> modcall[authorize]: module "preprocess" returns ok
> rlm_realm: Looking up realm NULL for User-Name = "foo"
> rlm_realm: Found realm NULL
> rlm_realm: Setting Stripped-User-Name = "foo"
> rlm_realm: Proxying request from user foo to realm NULL
> rlm_realm: Adding Realm = "NULL"
> rlm_realm: Authentication realm is LOCAL.
> rlm_realm: auth_port is not set. proxy cancelled
> modcall[authorize]: module "suffix" returns noop
> radius_xlat: 'foo.ppp'
> sql_set_user: escaped user --> 'foo.ppp'
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = 'foo.ppp' ORDER BY id'
> rlm_sql: Reserving sql socket id: 3
> rlm_sql: User foo.ppp not found
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'foo.ppp' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username = 'foo.ppp' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> sql_set_user: escaped user --> 'DEFAULT'
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql: DEFAULT not found
> rlm_sql: Released sql socket id: 3
> modcall[authorize]: module "sql" returns notfound
> huntgroups: Matched local at 50
> users: Matched DEFAULT at 19
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> rad_lowerpair: Stripped-User-Name now 'foo'
> rad_rmspace_pair: Stripped-User-Name now 'foo'
> rad_rmspace_pair: User-Password now 'BAR'
> modcall: entering group authorize
> hints: Matched DEFAULT at 27
> modcall[authorize]: module "preprocess" returns ok
> rlm_realm: Request already proxied. Ignoring.
> modcall[authorize]: module "suffix" returns noop
> radius_xlat: 'foo.ppp'
> sql_set_user: escaped user --> 'foo.ppp'
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = 'foo.ppp' ORDER BY id'
> rlm_sql: Reserving sql socket id: 2
> rlm_sql: User foo.ppp not found
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'foo.ppp' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username = 'foo.ppp' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> sql_set_user: escaped user --> 'DEFAULT'
> radius_xlat: 'SELECT
>
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
>
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username = 'DEFAULT' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql: DEFAULT not found
> rlm_sql: Released sql socket id: 2
> modcall[authorize]: module "sql" returns notfound
> huntgroups: Matched local at 50
> users: Matched DEFAULT at 19
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Delaying request 5 for 1 seconds
> Finished request 5
> Going to the next request
>
> --
> Mark P. Hennessy [EMAIL PROTECTED]
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
