Dear Dennis S. Davidoff,
use op := for password.
--Tuesday, March 25, 2003, 1:49:01 PM, you wrote to [EMAIL PROTECTED]:
DSD> This didn't help. :)
DSD> authorize {
DSD> sql
DSD> mschap
DSD> }
DSD> Try again:
DSD> rlm_sql: Pairs do not match [steve]
DSD> rlm_sql: Released sql socket id: 4
DSD> modcall[authorize]: module "sql" returns notfound
DSD> modcall[authorize]: module "mschap" returns notfound
DSD> On Tue, Mar 25, 2003 at 12:04:03PM +0200, Michael Davidson wrote:
>> Hi
>> from your debug trace:-
>> "modcall[authorize]: module "mschap" returns notfound"
>> often means that a password was not found by the authorize function. This
>> cannot come from the request so it has to be provided by the d'base,
>> therefore, you need to rearrange the order of module execution so that sql
>> is called before mschap. The password has to be text from which the mschap
>> authorize module generates Windows style passwords in preparation for the
>> mschap authenticate function.
>>
>>
>> Cheers Mike D.
>>
>>
>>
>> >-----Original Message-----
>> >From: [EMAIL PROTECTED]
>> >[mailto:[EMAIL PROTECTED] Behalf Of
>> >Dennis S. Davidoff
>> >Sent: Tuesday, March 25, 2003 11:13 AM
>> >To: freeradius-users
>> >Subject: PostreSQL Authentication
>> >
>> >
>> >Hi all.
>> >I have a problem with postgresql authentication.
>> >Cuts from configs and log files:
>> >
>> >radiusd.conf
>> >============
>> >In 'modules' section:
>> > mschap {
>> > authtype = MS-CHAP
>> > use_mppe = yes
>> > }
>> >
>> >In 'authorize':
>> > mschap
>> > sql
>> >
>> >PostgreSQL
>> >==========
>> >
>> >radius=> select * from radcheck ;
>> > id | username | attribute | value | op
>> >----+----------+-----------+---------+----
>> > 1 | den | Password | fuflo | ==
>> > 2 | steve | Password | testing | ==
>> >
>> >radius=> select * from radgroupcheck ;
>> > id | groupname | attribute | value | op
>> >----+-----------+-----------+-------+----
>> > 1 | static | Auth-Type | Local | :=
>> >
>> >radius=> select * from radgroupreply;
>> > id | groupname | attribute | value | op
>> >----+-----------+--------------------+---------------------+----
>> > 1 | static | Framed-Protocol | PPP | :=
>> > 2 | static | Service-Type | Framed-User | :=
>> > 3 | static | Framed-Compression | Van-Jacobsen-TCP-IP | :=
>> > 4 | static | Framed-IP-Netmask | 255.255.255.252 | :=
>> > 5 | static | Framed-MTU | 1500 | :=
>> >
>> >radius=> select * from radreply;
>> > id | username | attribute | value | op
>> >----+----------+-------------------+-----------+----
>> > 1 | den | Framed-IP-Address | 10.0.0.2+ | :=
>> > 2 | steve | Framed-IP-Address | 10.0.0.2+ | :=
>> >
>> >radius=> select * from usergroup;
>> > id | username | groupname
>> >----+----------+-----------
>> > 1 | den | static
>> > 2 | steve | static
>> >
>> >Cuts from debug (-xxy):
>> >
>> >rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98,
>> >length=147
>> >Thread 1 assigned request 0
>> >--- Walking the entire request list ---
>> >Threads: total/active/spare threads = 5/1/4
>> >Nothing to do. Sleeping until we see a request.
>> >Thread 1 handling request 0, (1 handled so far)
>> > NAS-Identifier = "localhost"
>> > Service-Type = Framed-User
>> > Framed-Protocol = PPP
>> > Calling-Station-Id = "127.0.0.1"
>> > User-Name = "steve"
>> > MS-CHAP-Challenge = 0x42af3afa20ea9629
>> > MS-CHAP-Response =
>> >0x01010000000000000000000000000000000000000000000000009a804422b871e
>> >f01193f0a48c0845aa24c7c27aa8c318841
>> > Service-Type = Framed-User
>> > Framed-Protocol = PPP
>> >modcall: entering group authorize
>> > modcall[authorize]: module "mschap" returns notfound
>> >radius_xlat: 'steve'
>> >sql_set_user: escaped user --> 'steve'
>> >radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck
>> >WHERE Username = 'steve' ORDER BY id'
>> >rlm_sql: Reserving sql socket id: 4
>> >query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE
>> >Username = 'steve' ORDER BY id
>> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >sql_postgresql: affected rows =
>> >radius_xlat: 'SELECT
>> >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
>> >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
>> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>> >query: SELECT
>> >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
>> >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
>> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >radgroupcheck.GroupName ORDER BY radgroupcheck.id
>> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >sql_postgresql: affected rows =
>> >radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply
>> >WHERE Username = 'steve' ORDER BY id'
>> >query: SELECT id,UserName,Attribute,Value FROM radreply WHERE
>> >Username = 'steve' ORDER BY id
>> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >sql_postgresql: affected rows =
>> >radius_xlat: 'SELECT
>> >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
>> >dgroupreply.Value FROM radgroupreply,usergroup WHERE
>> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >radgroupreply.GroupName ORDER BY radgroupreply.id'
>> >query: SELECT
>> >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
>> >dgroupreply.Value FROM radgroupreply,usergroup WHERE
>> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >radgroupreply.GroupName ORDER BY radgroupreply.id
>> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >sql_postgresql: affected rows =
>> >rlm_sql: Pairs do not match [steve]
>> >rlm_sql: Released sql socket id: 4
>> > modcall[authorize]: module "sql" returns notfound
>> >modcall: group authorize returns notfound
>> >auth: No authenticate method (Auth-Type) configuration found for
>> >the request: Rejecting the user
>> >auth: Failed to validate the user.
>> >Login incorrect: [steve/<no User-Password attribute>] (from
>> >client private port 0 cli 127.0.0.1)
>> >Delaying request 0 for 1 seconds
>> >Finished request 0
>> >Going to the next request
>> >Thread 1 waiting to be assigned a request
>> >rad_recv: Access-Request packet from host
>> >192.168.0.11:1540, id=98, length=147
>> >Sending Access-Reject of id 98 to 192.168.0.11:1540
>> > MS-CHAP-Error = "\001E=691 R=1"
>> >--- Walking the entire request list ---
>> >Threads: total/active/spare
>> >threads = 5/0/5
>> >Waking up in 3 seconds...
>> >--- Walking the entire request list ---
>> >Cleaning up request 0 ID 98 with timestamp 3e801223
>> >Nothing to do. Sleeping until we see a request.
>> >
>> >Thanks for advices.
>> >
>> >--
>> >Sincerely,
>> >Dennis
>> >
>> >-
>> >List info/subscribe/unsubscribe? See
>> >http://www.freeradius.org/list/users.html
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
You know my name - look up my number (Beatles)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
