Hi from your debug trace:- "modcall[authorize]: module "mschap" returns notfound" often means that a password was not found by the authorize function. This cannot come from the request so it has to be provided by the d'base, therefore, you need to rearrange the order of module execution so that sql is called before mschap. The password has to be text from which the mschap authorize module generates Windows style passwords in preparation for the mschap authenticate function.
Cheers Mike D. >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of >Dennis S. Davidoff >Sent: Tuesday, March 25, 2003 11:13 AM >To: freeradius-users >Subject: PostreSQL Authentication > > >Hi all. >I have a problem with postgresql authentication. >Cuts from configs and log files: > >radiusd.conf >============ >In 'modules' section: > mschap { > authtype = MS-CHAP > use_mppe = yes > } > >In 'authorize': > mschap > sql > >PostgreSQL >========== > >radius=> select * from radcheck ; > id | username | attribute | value | op >----+----------+-----------+---------+---- > 1 | den | Password | fuflo | == > 2 | steve | Password | testing | == > >radius=> select * from radgroupcheck ; > id | groupname | attribute | value | op >----+-----------+-----------+-------+---- > 1 | static | Auth-Type | Local | := > >radius=> select * from radgroupreply; > id | groupname | attribute | value | op >----+-----------+--------------------+---------------------+---- > 1 | static | Framed-Protocol | PPP | := > 2 | static | Service-Type | Framed-User | := > 3 | static | Framed-Compression | Van-Jacobsen-TCP-IP | := > 4 | static | Framed-IP-Netmask | 255.255.255.252 | := > 5 | static | Framed-MTU | 1500 | := > >radius=> select * from radreply; > id | username | attribute | value | op >----+----------+-------------------+-----------+---- > 1 | den | Framed-IP-Address | 10.0.0.2+ | := > 2 | steve | Framed-IP-Address | 10.0.0.2+ | := > >radius=> select * from usergroup; > id | username | groupname >----+----------+----------- > 1 | den | static > 2 | steve | static > >Cuts from debug (-xxy): > >rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98, >length=147 >Thread 1 assigned request 0 >--- Walking the entire request list --- >Threads: total/active/spare threads = 5/1/4 >Nothing to do. Sleeping until we see a request. >Thread 1 handling request 0, (1 handled so far) > NAS-Identifier = "localhost" > Service-Type = Framed-User > Framed-Protocol = PPP > Calling-Station-Id = "127.0.0.1" > User-Name = "steve" > MS-CHAP-Challenge = 0x42af3afa20ea9629 > MS-CHAP-Response = >0x01010000000000000000000000000000000000000000000000009a804422b871e >f01193f0a48c0845aa24c7c27aa8c318841 > Service-Type = Framed-User > Framed-Protocol = PPP >modcall: entering group authorize > modcall[authorize]: module "mschap" returns notfound >radius_xlat: 'steve' >sql_set_user: escaped user --> 'steve' >radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck >WHERE Username = 'steve' ORDER BY id' >rlm_sql: Reserving sql socket id: 4 >query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE >Username = 'steve' ORDER BY id >rlm_postgresql Status: PGRES_TUPLES_OK >sql_postgresql: affected rows = >radius_xlat: 'SELECT >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE >usergroup.Username = 'steve' AND usergroup.GroupName = >radgroupcheck.GroupName ORDER BY radgroupcheck.id' >query: SELECT >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE >usergroup.Username = 'steve' AND usergroup.GroupName = >radgroupcheck.GroupName ORDER BY radgroupcheck.id >rlm_postgresql Status: PGRES_TUPLES_OK >sql_postgresql: affected rows = >radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply >WHERE Username = 'steve' ORDER BY id' >query: SELECT id,UserName,Attribute,Value FROM radreply WHERE >Username = 'steve' ORDER BY id >rlm_postgresql Status: PGRES_TUPLES_OK >sql_postgresql: affected rows = >radius_xlat: 'SELECT >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra >dgroupreply.Value FROM radgroupreply,usergroup WHERE >usergroup.Username = 'steve' AND usergroup.GroupName = >radgroupreply.GroupName ORDER BY radgroupreply.id' >query: SELECT >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra >dgroupreply.Value FROM radgroupreply,usergroup WHERE >usergroup.Username = 'steve' AND usergroup.GroupName = >radgroupreply.GroupName ORDER BY radgroupreply.id >rlm_postgresql Status: PGRES_TUPLES_OK >sql_postgresql: affected rows = >rlm_sql: Pairs do not match [steve] >rlm_sql: Released sql socket id: 4 > modcall[authorize]: module "sql" returns notfound >modcall: group authorize returns notfound >auth: No authenticate method (Auth-Type) configuration found for >the request: Rejecting the user >auth: Failed to validate the user. >Login incorrect: [steve/<no User-Password attribute>] (from >client private port 0 cli 127.0.0.1) >Delaying request 0 for 1 seconds >Finished request 0 >Going to the next request >Thread 1 waiting to be assigned a request >rad_recv: Access-Request packet from host >192.168.0.11:1540, id=98, length=147 >Sending Access-Reject of id 98 to 192.168.0.11:1540 > MS-CHAP-Error = "\001E=691 R=1" >--- Walking the entire request list --- >Threads: total/active/spare >threads = 5/0/5 >Waking up in 3 seconds... >--- Walking the entire request list --- >Cleaning up request 0 ID 98 with timestamp 3e801223 >Nothing to do. Sleeping until we see a request. > >Thanks for advices. > >-- >Sincerely, >Dennis > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
