RE: PostreSQL Authentication

Michael Davidson Tue, 25 Mar 2003 03:40:35 -0800

Hi Dennis, I'm not familiar with the sql module at all but a quick look at
the code shows  there are two ways of exiting with a "notfound" error.


One is obvious:  that is the user wasn't found in the d"base

if (!found) {
                radlog(L_DBG, "rlm_sql (%s): User not found",
                       inst->config->xlat_name);
                <snips>
                return RLM_MODULE_NOTFOUND;
}

The other I don't pretend to follow but here's the snippet:

if (paircmp(request, request->packet->vps, check_tmp, &reply_tmp) != 0) {
                radlog(L_INFO, "rlm_sql (%s): Pairs do not match for user [%s]",
                       inst->config->xlat_name, sqlusername);
                <snips>
                return RLM_MODULE_NOTFOUND;
        }

You should be looking to see what's coming from your d'base.

This isn't a lot of help but I hope it points you in the right direction.

Cheers Mike D.


>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] Behalf Of
>Dennis S. Davidoff
>Sent: Tuesday, March 25, 2003 1:04 PM
>To: [EMAIL PROTECTED]
>Subject: Re: PostreSQL Authentication
>
>
>I've tired op with ':=', I guess problem not in op, however...
>
>radius=> select * from radcheck;
> id | username | attribute |  value  | op
>----+----------+-----------+---------+----
>  1 | den      | Password  | fuflo   | :=
>  2 | steve    | Password  | testing | :=
>
>> DSD>   modcall[authorize]: module "sql" returns notfound
>> DSD>   modcall[authorize]: module "mschap" returns notfound
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>Any more hints?
>
>On Tue, Mar 25, 2003 at 01:52:30PM +0300, 3APA3A wrote:
>> Dear Dennis S. Davidoff,
>>
>> use op := for password.
>>
>> --Tuesday, March 25, 2003, 1:49:01 PM, you wrote to
>[EMAIL PROTECTED]:
>>
>> DSD> This didn't help. :)
>>
>> DSD> authorize {
>> DSD>     sql
>> DSD>         mschap
>> DSD> }
>>
>> DSD> Try again:
>>
>> DSD> rlm_sql: Pairs do not match [steve]
>> DSD> rlm_sql: Released sql socket id: 4
>> DSD>   modcall[authorize]: module "sql" returns notfound
>> DSD>   modcall[authorize]: module "mschap" returns notfound
>>
>>
>> DSD> On Tue, Mar 25, 2003 at 12:04:03PM +0200, Michael Davidson wrote:
>> >> Hi
>> >> from your debug trace:-
>> >> "modcall[authorize]: module "mschap" returns notfound"
>> >> often means that a password was not found by the authorize
>function. This
>> >> cannot come from the request so it has to be provided by the d'base,
>> >> therefore,  you need to rearrange the order of module
>execution so that sql
>> >> is called before mschap. The password has to be text from
>which the mschap
>> >> authorize module generates Windows style passwords in
>preparation for the
>> >> mschap authenticate function.
>> >>
>> >>
>> >> Cheers Mike D.
>> >>
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >From: [EMAIL PROTECTED]
>> >> >[mailto:[EMAIL PROTECTED] Behalf Of
>> >> >Dennis S. Davidoff
>> >> >Sent: Tuesday, March 25, 2003 11:13 AM
>> >> >To: freeradius-users
>> >> >Subject: PostreSQL Authentication
>> >> >
>> >> >
>> >> >Hi all.
>> >> >I have a problem with postgresql authentication.
>> >> >Cuts from configs and log files:
>> >> >
>> >> >radiusd.conf
>> >> >============
>> >> >In 'modules' section:
>> >> >     mschap {
>> >> >             authtype = MS-CHAP
>> >> >             use_mppe = yes
>> >> >     }
>> >> >
>> >> >In 'authorize':
>> >> >     mschap
>> >> >     sql
>> >> >
>> >> >PostgreSQL
>> >> >==========
>> >> >
>> >> >radius=> select * from radcheck ;
>> >> > id | username | attribute |  value  | op
>> >> >----+----------+-----------+---------+----
>> >> >  1 | den      | Password  | fuflo   | ==
>> >> >  2 | steve    | Password  | testing | ==
>> >> >
>> >> >radius=> select * from radgroupcheck ;
>> >> > id | groupname | attribute | value | op
>> >> >----+-----------+-----------+-------+----
>> >> >  1 | static    | Auth-Type | Local | :=
>> >> >
>> >> >radius=> select * from radgroupreply;
>> >> > id | groupname |     attribute      |        value        | op
>> >> >----+-----------+--------------------+---------------------+----
>> >> >  1 | static    | Framed-Protocol    | PPP                 | :=
>> >> >  2 | static    | Service-Type       | Framed-User         | :=
>> >> >  3 | static    | Framed-Compression | Van-Jacobsen-TCP-IP | :=
>> >> >  4 | static    | Framed-IP-Netmask  | 255.255.255.252     | :=
>> >> >  5 | static    | Framed-MTU         | 1500                | :=
>> >> >
>> >> >radius=> select * from radreply;
>> >> > id | username |     attribute     |   value   | op
>> >> >----+----------+-------------------+-----------+----
>> >> >  1 | den      | Framed-IP-Address | 10.0.0.2+ | :=
>> >> >  2 | steve    | Framed-IP-Address | 10.0.0.2+ | :=
>> >> >
>> >> >radius=> select * from usergroup;
>> >> > id | username | groupname
>> >> >----+----------+-----------
>> >> >  1 | den      | static
>> >> >  2 | steve    | static
>> >> >
>> >> >Cuts from debug (-xxy):
>> >> >
>> >> >rad_recv: Access-Request packet from host 192.168.0.11:1540, id=98,
>> >> >length=147
>> >> >Thread 1 assigned request 0
>> >> >--- Walking the entire request list ---
>> >> >Threads: total/active/spare threads = 5/1/4
>> >> >Nothing to do.  Sleeping until we see a request.
>> >> >Thread 1 handling request 0, (1 handled so far)
>> >> >     NAS-Identifier = "localhost"
>> >> >     Service-Type = Framed-User
>> >> >     Framed-Protocol = PPP
>> >> >     Calling-Station-Id = "127.0.0.1"
>> >> >     User-Name = "steve"
>> >> >     MS-CHAP-Challenge = 0x42af3afa20ea9629
>> >> >     MS-CHAP-Response =
>> >> >0x01010000000000000000000000000000000000000000000000009a804422b871e
>> >> >f01193f0a48c0845aa24c7c27aa8c318841
>> >> >     Service-Type = Framed-User
>> >> >     Framed-Protocol = PPP
>> >> >modcall: entering group authorize
>> >> > modcall[authorize]: module "mschap" returns notfound
>> >> >radius_xlat:  'steve'
>> >> >sql_set_user:  escaped user --> 'steve'
>> >> >radius_xlat:  'SELECT id,UserName,Attribute,Value FROM radcheck
>> >> >WHERE Username = 'steve' ORDER BY id'
>> >> >rlm_sql: Reserving sql socket id: 4
>> >> >query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE
>> >> >Username = 'steve' ORDER BY id
>> >> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >> >sql_postgresql: affected rows =
>> >> >radius_xlat:  'SELECT
>> >> >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
>> >> >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
>> >> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >> >radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>> >> >query: SELECT
>> >> >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,ra
>> >> >dgroupcheck.Value FROM radgroupcheck,usergroup WHERE
>> >> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >> >radgroupcheck.GroupName ORDER BY radgroupcheck.id
>> >> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >> >sql_postgresql: affected rows =
>> >> >radius_xlat:  'SELECT id,UserName,Attribute,Value FROM radreply
>> >> >WHERE Username = 'steve' ORDER BY id'
>> >> >query: SELECT id,UserName,Attribute,Value FROM radreply WHERE
>> >> >Username = 'steve' ORDER BY id
>> >> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >> >sql_postgresql: affected rows =
>> >> >radius_xlat:  'SELECT
>> >> >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
>> >> >dgroupreply.Value FROM radgroupreply,usergroup WHERE
>> >> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >> >radgroupreply.GroupName ORDER BY radgroupreply.id'
>> >> >query: SELECT
>> >> >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,ra
>> >> >dgroupreply.Value FROM radgroupreply,usergroup WHERE
>> >> >usergroup.Username = 'steve' AND usergroup.GroupName =
>> >> >radgroupreply.GroupName ORDER BY radgroupreply.id
>> >> >rlm_postgresql Status: PGRES_TUPLES_OK
>> >> >sql_postgresql: affected rows =
>> >> >rlm_sql: Pairs do not match [steve]
>> >> >rlm_sql: Released sql socket id: 4
>> >> >  modcall[authorize]: module "sql" returns notfound
>> >> >modcall: group authorize returns notfound
>> >> >auth: No authenticate method (Auth-Type) configuration found for
>> >> >the request: Rejecting the user
>> >> >auth: Failed to validate the user.
>> >> >Login incorrect: [steve/<no  User-Password attribute>] (from
>> >> >client private port 0 cli 127.0.0.1)
>> >> >Delaying request 0 for 1 seconds
>> >> >Finished request 0
>> >> >Going to the next request
>> >> >Thread 1 waiting to be assigned a request
>> >> >rad_recv: Access-Request packet      from host
>> >> >192.168.0.11:1540, id=98, length=147
>> >> >Sending Access-Reject of id 98 to 192.168.0.11:1540
>> >> >             MS-CHAP-Error = "\001E=691 R=1"
>> >> >--- Walking the entire request list ---
>> >> >Threads: total/active/spare
>> >> >threads = 5/0/5
>> >> >Waking up in 3 seconds...
>> >> >--- Walking the entire request list ---
>> >> >Cleaning up request 0 ID 98  with timestamp 3e801223
>> >> >Nothing to do.  Sleeping until we see a request.
>> >> >
>> >> >Thanks for advices.
>> >> >
>> >> >--
>> >> >Sincerely,
>> >> >Dennis
>> >> >
>> >> >-
>> >> >List info/subscribe/unsubscribe? See
>> >> >http://www.freeradius.org/list/users.html
>> >>
>> >>
>> >> -
>> >> List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>
>>
>>
>> --
>>
>~/ZARAZA
>> You know my name - look up my number (Beatles)
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>--
>Sincerely,
>Dennis
>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: PostreSQL Authentication

Reply via email to