Hi,
I have configured freeradius 2.0.0 EAP-ttls and
configured a mysql db to store the users.
It was working fine until i recently decided to
convert the database-stored passwords to md5
encryption. Since then, i am getting the below output,
despite all my efforts. I tried all the things i could
find on the internet with no result. Can anybody help?
( I am a beginner for freeradius server, so it may be
very simple though) .
Kind regards,
I have
authenticate {
Auth-Type PAP {
pap
}
Auth-Type md5 {
pap
}
in the authenticate section, and
pap {
encryption_scheme = md5
authtype = md5
auto_header = yes
}
in the modules/radiusd.conf file.
I have the following in my mysql - radcheck
definition.
++--+++--+--+
| id | username | attribute | op |
value| operator
|
++--+++--+--+
| 90 | t1 | Crypt-Password | := |
83f1535f99ab0bf4e9d02dfd85d3e3f7 | cengiz
|
and the following in radgroupcheck table.
++---+--++-+
| id | groupname | attribute| op | value |
++---+--++-+
| 1 | dynamic | Auth-Type| := | MD5 |
| 2 | dynamic | Service-Type | == | Framed-User |
++---+--++-+
radiusd -X
radtest t1 t1 10.1.1.170 0 testing123
rad_recv: Access-Request packet from host 10.1.1.170
port 32878, id=131, length=54
User-Name = t1
User-Password = t1
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-
/usr/local/var/log/radius/radacct/10.1.1.170/auth-detail-20080213
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/10.1.1.170/auth-detail-20080213
expand: %t - Wed Feb 13 13:36:39 2008
++[auth_log] returns ok
rlm_realm: No '@' in User-Name = t1, looking up
realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
expand: %{User-Name} - t1
rlm_sql (sql): sql_set_user escaped user -- 't1'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id - SELECT id,
username, attribute, value, op FROM radcheck
WHERE username = 't1' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value,
op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id - SELECT id,
username, attribute, value, op FROM radreply
WHERE username = 't1' ORDER BY id
expand: SELECT groupname FROM
radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM radusergroup
WHERE username = 't1' ORDER BY priority
expand: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck
WHERE groupname = '%{Sql-Group}' ORDER BY id
- SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE
groupname = 'dynamic' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type PAP
+- entering group PAP
rlm_pap: login attempt with password t1
rlm_pap: No password configured for the user. Cannot
do authentication
++[pap] returns fail
auth: Failed to validate the user.
Login incorrect: [t1/t1] (from client
testUserShortName port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - t1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 131 to 10.1.1.170 port
32878
Waking up in 4.9 seconds.
Cleaning up request 0 ID 131 with timestamp +2
Ready to process requests.
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-
List info/subscribe/unsubscribe? See