This didn't help. :)
authorize {
sql
mschap
}
Try again:
rlm_sql: Pairs do not match [steve]
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound
modcall[authorize]: module "mschap" returns notfound
On Tue, Mar 25, 2003 at 12:04:03PM +0200, Michael Davidson wrote:
> Hi
> from your debug trace:-
> "modcall[authorize]: module "mschap" returns notfound"
> often means that a password was not found by the authorize function. This
> cannot come from the request so it has to be provided by the d'base,
> therefore, you need to rearrange the order of module execution so that sql
> is called before mschap. The password has to be text from which the mschap
> authorize module generates Windows style passwords in preparation for the
> mschap authenticate function.
>
>
> Cheers Mike D.
>
>
>
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED] Behalf Of
> >Dennis S. Davidoff
> >Sent: Tuesday, March 25, 2003 11:13 AM
> >To: freeradius-users
> >Subject: PostreSQL Authentication
> >
> >
> >Hi all.
> >I have a problem with postgresql authentication.
> >Cuts from configs and log files:
> >
> >radiusd.conf
> >============
> >In 'modules' section:
> > mschap {
> > authtype = MS-CHAP
> > use_mppe = yes
> > }
> >
> >In 'authorize':
> > mschap
> > sql
> >
> >PostgreSQL
> >==========
> >
> >radius=> select * from radcheck ;
> > id | username | attribute | value | op
> >----+----------+-----------+---------+----
> > 1 | den | Password | fuflo | ==
> > 2 | steve | Password | testing | ==
> >
> >radius=> select * from radgroupcheck ;
> > id | groupname | attribute | value | op
> >----+-----------+-----------+-------+----
> > 1 | static | Auth-Type | Local | :=
> >
> >radius=> select * from radgroupreply;
> > id | groupname | attribute | value | op
> >----+-----------+--------------------+---------------------+----
> > 1 | static | Framed-Protocol | PPP | :=
> > 2 | static | Service-Type | Framed-User | :=
> > 3 | static | Framed-Compression | Van-Jacobsen-TCP-IP | :=
> > 4 | static | Framed-IP-Netmask | 255.255.255.252 | :=
> > 5 | static | Framed-MTU | 1500 | :=
> >
> >radius=> select * from radreply;
> > id | username | attribute | value | op
> >----+----------+-------------------+-----------+----
> > 1 | den | Framed-IP-Address | 10.0.0.2+ | :=
> > 2 | steve | Framed-IP-Address | 10.0.0.2+ | :=
> >
> >radius=> select * from usergroup;
> > id | username | groupname
> >----+----------+-----------
> > 1 | den | static
> > 2 | steve | static
> >
> >Cuts from debug (-xxy):
> >
> >rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98,
> >length=147
> >Thread 1 assigned request 0
> >--- Walking the entire request list ---
> >Threads: total/active/spare threads = 5/1/4
> >Nothing to do. Sleeping until we see a request.
> >Thread 1 handling request 0, (1 handled so far)
> > NAS-Identifier = "localhost"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Calling-Station-Id = "127.0.0.1"
> > User-Name = "steve"
> > MS-CHAP-Challenge = 0x42af3afa20ea9629
> > MS-CHAP-Response =
> >0x01010000000000000000000000000000000000000000000000009a804422b871e
> >f01193f0a48c0845aa24c7c27aa8c318841
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> >modcall: entering group authorize
> > modcall[authorize]: module "mschap" returns notfound
> >radius_xlat: 'steve'
> >sql_set_user: escaped user --> 'steve'
> >radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck
> >WHERE Username = 'steve' ORDER BY id'
> >rlm_sql: Reserving sql socket id: 4
> >query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE
> >Username = 'steve' ORDER BY id
> >rlm_postgresql Status: PGRES_TUPLES_OK
> >sql_postgresql: affected rows =
> >radius_xlat: 'SELECT
> >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
> >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
> >usergroup.Username = 'steve' AND usergroup.GroupName =
> >radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> >query: SELECT
> >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
> >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
> >usergroup.Username = 'steve' AND usergroup.GroupName =
> >radgroupcheck.GroupName ORDER BY radgroupcheck.id
> >rlm_postgresql Status: PGRES_TUPLES_OK
> >sql_postgresql: affected rows =
> >radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply
> >WHERE Username = 'steve' ORDER BY id'
> >query: SELECT id,UserName,Attribute,Value FROM radreply WHERE
> >Username = 'steve' ORDER BY id
> >rlm_postgresql Status: PGRES_TUPLES_OK
> >sql_postgresql: affected rows =
> >radius_xlat: 'SELECT
> >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
> >dgroupreply.Value FROM radgroupreply,usergroup WHERE
> >usergroup.Username = 'steve' AND usergroup.GroupName =
> >radgroupreply.GroupName ORDER BY radgroupreply.id'
> >query: SELECT
> >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
> >dgroupreply.Value FROM radgroupreply,usergroup WHERE
> >usergroup.Username = 'steve' AND usergroup.GroupName =
> >radgroupreply.GroupName ORDER BY radgroupreply.id
> >rlm_postgresql Status: PGRES_TUPLES_OK
> >sql_postgresql: affected rows =
> >rlm_sql: Pairs do not match [steve]
> >rlm_sql: Released sql socket id: 4
> > modcall[authorize]: module "sql" returns notfound
> >modcall: group authorize returns notfound
> >auth: No authenticate method (Auth-Type) configuration found for
> >the request: Rejecting the user
> >auth: Failed to validate the user.
> >Login incorrect: [steve/<no User-Password attribute>] (from
> >client private port 0 cli 127.0.0.1)
> >Delaying request 0 for 1 seconds
> >Finished request 0
> >Going to the next request
> >Thread 1 waiting to be assigned a request
> >rad_recv: Access-Request packet from host
> >192.168.0.11:1540, id=98, length=147
> >Sending Access-Reject of id 98 to 192.168.0.11:1540
> > MS-CHAP-Error = "\001E=691 R=1"
> >--- Walking the entire request list ---
> >Threads: total/active/spare
> >threads = 5/0/5
> >Waking up in 3 seconds...
> >--- Walking the entire request list ---
> >Cleaning up request 0 ID 98 with timestamp 3e801223
> >Nothing to do. Sleeping until we see a request.
> >
> >Thanks for advices.
> >
> >--
> >Sincerely,
> >Dennis
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Sincerely,
Dennis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
