Re: empty password / dhcpd
Hey! I just added Auth-Type := Local for this group, and it worked. Is there any clever/cleaner way to do it? Thank you. Felipe Ceglia - PY1NB wrote: Hi again... I am now trying to authenticate a DHCPd request from a mikrotik box. My freeradius server says that there is a problem with user's password. How can I tell him (PAP) that this should be ok? Something strange that I noticed is that the calling station id got changed from the original mac address value. Anyway, I just put this as a calling-station id attribute on radcheck. mysql SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id; +--+---++---++ | id | UserName | Attribute | Value | op | +--+---++---++ | 2047 | 00:0B:CD:EC:63:50 | Calling-Station-Id | 1:0:b:cd:ec:63:50 | := | | 2050 | 00:0B:CD:EC:63:50 | User-Password | | := | +--+---++---++ 2 rows in set (0.00 sec) SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id; Empty set (0.00 sec) mysql SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id; ++---+---+-++ | id | UserName | Attribute | Value | op | ++---+---+-++ | 42 | 00:0B:CD:EC:63:50 | Framed-IP-Address | 192.168.254.101 | == | | 43 | 00:0B:CD:EC:63:50 | Framed-IP-Netmask | 255.255.255.0 | == | ++---+---+-++ 2 rows in set (0.00 sec) SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id; Empty set (0.00 sec) Ready to process requests. rad_recv: Access-Request packet from host 172.16.3.5:32768, id=71, length=113 NAS-Port-Type = Ethernet NAS-Port = 2205155400 Calling-Station-Id = 1:0:b:cd:ec:63:50 Called-Station-Id = server1 User-Name = 00:0B:CD:EC:63:50 User-Password = NAS-Identifier = MikroTik NAS-IP-Address = 172.16.3.5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = 00:0B:CD:EC:63:50, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = 00:0B:CD:EC:63:50 rlm_realm: Proxying request from user 00:0B:CD:EC:63:50 to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 174 modcall[authorize]: module files returns ok for request 0 radius_xlat: '00:0B:CD:EC:63:50' rlm_sql (sql): sql_set_user escaped user -- '00:0B:CD:EC:63:50' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module pap returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 ** rad_check_password: Found Auth-Type PAP auth: type PAP
Re: empty password / dhcpd
Just delete that User-Password entry from the radcheck table. Ivan Kalik Kalik Informatika ISP Dana 20/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED] piše: Hi again... I am now trying to authenticate a DHCPd request from a mikrotik box. My freeradius server says that there is a problem with user's password. How can I tell him (PAP) that this should be ok? Something strange that I noticed is that the calling station id got changed from the original mac address value. Anyway, I just put this as a calling-station id attribute on radcheck. mysql SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id; +--+---++---++ | id | UserName | Attribute | Value | op | +--+---++---++ | 2047 | 00:0B:CD:EC:63:50 | Calling-Station-Id | 1:0:b:cd:ec:63:50 | := | | 2050 | 00:0B:CD:EC:63:50 | User-Password | | := | +--+---++---++ 2 rows in set (0.00 sec) SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id; Empty set (0.00 sec) mysql SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id; ++---+---+-++ | id | UserName | Attribute | Value | op | ++---+---+-++ | 42 | 00:0B:CD:EC:63:50 | Framed-IP-Address | 192.168.254.101 | == | | 43 | 00:0B:CD:EC:63:50 | Framed-IP-Netmask | 255.255.255.0 | == | ++---+---+-++ 2 rows in set (0.00 sec) SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id; Empty set (0.00 sec) Ready to process requests. rad_recv: Access-Request packet from host 172.16.3.5:32768, id=71, length=113 NAS-Port-Type = Ethernet NAS-Port = 2205155400 Calling-Station-Id = 1:0:b:cd:ec:63:50 Called-Station-Id = server1 User-Name = 00:0B:CD:EC:63:50 User-Password = NAS-Identifier = MikroTik NAS-IP-Address = 172.16.3.5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = 00:0B:CD:EC:63:50, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = 00:0B:CD:EC:63:50 rlm_realm: Proxying request from user 00:0B:CD:EC:63:50 to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 174 modcall[authorize]: module files returns ok for request 0 radius_xlat: '00:0B:CD:EC:63:50' rlm_sql (sql): sql_set_user escaped user -- '00:0B:CD:EC:63:50' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00:0B:CD:EC:63:50' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00:0B:CD:EC:63:50' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module pap returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 ** rad_check_password: Found Auth-Type PAP auth: type PAP Processing the authenticate section of radiusd.conf modcall: entering group PAP for request 0 modcall[authenticate]: module pap
