> Hi everyone,
>
> Using Freeradius 0.7 and mySQL 3.23.47.
> Have spent the last few days configuring the radius server, mysql
> database and the php dialup_admin. I have created a user with password
> using the dialup_admin webpage - successful. Password is encrypted.
> I then test the user using dialup_admin but it will not authenticate
as per
> my radius log shows below -
>
> Thu Oct 3 15:29:22 2002 : Info: Ready to process requests. Thu Oct 3
> 15:29:33 2002 : Auth: Login incorrect (rlm_pap: User password not
> available): [scott/iT\240\337C\231!\241\336\253\330\265\307\365^Y]
> (from client localhost port 0) <snip>
> SELECT * FROM radcheck WHERE UserName = 'scott';
> SELECT * FROM radreply WHERE UserNmae = 'scott';
> Run radiusd in debug mode (radiusd -X) and send the output of an
access request.
Ok ... Have followed your advice ... Radius.txt attached.
Thanks again,
Scott Harris
Cairns, Queensland, Australia
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = "******"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile = "/var/log/sqltrace.sql"
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName =
'%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR
Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE
AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0"
sql: accounting_start_query = "INSERT into radacct (RadAcctId, AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay,
AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0',
'0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S',
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime
= '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets =
'%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay
= '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress =
'%{NAS-IP-Address}' AND AcctStopTime = 0"
sql: accounting_stop_query_alt = "INSERT into radacct (RadAcctId, AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay,
AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '0', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{Acct-Delay-Time}')"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress,
NASPortId, FramedIPAddress, CalledStationId FROM radacct WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: simul_zap_query = "DELETE FROM radacct WHERE RadAcctId = '%s'"
rlm_sql: Driver rlm_sql_mysql loaded and linked
rlm_sql: Attempting to connect to root@localhost:/radius
rlm_sql: starting 0
rlm_sql: Attempting to connect #0
rlm_sql: Starting connect to MySQL server for #0
rlm_sql: Connected new DB handle, #0
rlm_sql: starting 1
rlm_sql: Attempting to connect #1
rlm_sql: Starting connect to MySQL server for #1
rlm_sql: Connected new DB handle, #1
rlm_sql: starting 2
rlm_sql: Attempting to connect #2
rlm_sql: Starting connect to MySQL server for #2
rlm_sql: Connected new DB handle, #2
rlm_sql: starting 3
rlm_sql: Attempting to connect #3
rlm_sql: Starting connect to MySQL server for #3
rlm_sql: Connected new DB handle, #3
rlm_sql: starting 4
rlm_sql: Attempting to connect #4
rlm_sql: Starting connect to MySQL server for #4
rlm_sql: Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded detail
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "(null)"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
HASH: Reinitializing hash structures and lists for caching...
rlm_unix: Username too long in line: #
HASH: Stored 86 entries from /etc/passwd
HASH: Stored 37 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = "/var/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:3584, id=150, length=51
Service-Type = Framed-User
User-Name = "scott"
User-Password = "\030\317\313\370N\000&J\275\020\017\345\303\260"r"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "scott"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
radius_xlat: 'scott'
sql_set_user: escaped user --> 'scott'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'scott' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'scott' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'scott' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'scott' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'scott' AND (
Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password'
) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
auth: type Crypt
auth: Failed to validate the user.
Login incorrect: [scott/\263\027\313\3471\271\032\255H\373\374\361#\274w\240] (from
client localhost port 0)
WARNING: Unprintable characters in the password. ? Double-check the shared secret
on the server and the NAS!
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 150 to 127.0.0.1:3584
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 150 with timestamp 3d9c3075
Nothing to do. Sleeping until we see a request.
MASTER: exit on signal (2)
