[Serusers] radius_is_user_in failure

Thu Oct 7 15:29:34 CEST 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jan,

Jan Janak wrote:
| Try to se what is going on in the radius server, if you are using
| freeradius then start it with -X cmdline option.
|

I did that and I received this:
- ----
rad_recv: Access-Request packet from host xxx.yyy.zzz.www:37861, id=204, length=51
~ User-Name = "1213"
~ Sip-Group = "Active"
~ Service-Type = Group-Check
~ NAS-IP-Address = xxx.yyy.zzz.www
~ NAS-Port = 0
~  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 28
~  modcall[authorize]: module "preprocess" returns ok for request 28
~  modcall[authorize]: module "chap" returns noop for request 28
~  modcall[authorize]: module "mschap" returns noop for request 28
~  modcall[authorize]: module "digest" returns noop for request 28
~    rlm_realm: No '@' in User-Name = "1213", looking up realm NULL
~    rlm_realm: No such realm "NULL"
~  modcall[authorize]: module "suffix" returns noop for request 28
radius_xlat:  ''
~  modcall[authorize]: module "sql" returns fail for request 28
modcall: group authorize returns fail for request 28
Finished request 28
Going to the next request
Waking up in 2 seconds...
- --- Walking the entire request list ---
Cleaning up request 27 ID 203 with timestamp 416541dc
Waking up in 4 seconds...
- --- Walking the entire request list ---
Cleaning up request 28 ID 204 with timestamp 416541e0
Nothing to do.  Sleeping until we see a request.
- ---

I think that the problem is on
modcall[authorize]: module "sql" returns fail for request 28

but I don't know why module sql return "fail" for the request.
I saw the mysql log file too and freeradius doesn't do any query
about that request!

Do you have any idea?
Thanks for your answer.

Telles

|   Jan.
|
| On 05-10 23:08, Rodrigo P. Telles wrote:
|
|>Hi Folks,
|>
|>I've been testing SER 0.8.14 Auth and ACC (radiusclient-0.4.4)
|>in radius (freeradius 1.0.1) and its working fine.
|>Now I tried to use group_radius module to check if a user is in a especific
|>group and it failed.
|>First I received a error about missing "Sip-Group" attribute and I found a mail
|>about this error and howto correct it
|>(http://lists.iptel.org/pipermail/serdev/2004-July/002339.html).
|>Now SER doesn't return any error, just
|>
|>radius_is_user_in(): Failure
|>
|>after a long time.
|>
|>I have a user "1213" in group "general" on radius database like this:
|>
|>mysql> select * from radgroupcheck;
|>+----+-----------+-----------+----+--------+
|>| id | GroupName | Attribute | op | Value  |
|>+----+-----------+-----------+----+--------+
|>|  1 | general     | Auth-Type | := | Digest |
|>+----+-----------+-----------+----+--------+
|>
|>mysql> select * from radcheck;
|>+----+----------+---------------+----+-------+
|>| id | UserName | Attribute     | op | Value |
|>+----+----------+---------------+----+-------+
|>|  2 | 1213     | User-Password | == | testonly  |
|>+----+----------+---------------+----+-------+
|>
|>mysql> select * from usergroup;
|>+----+----------+-----------+
|>| id | UserName | GroupName |
|>+----+----------+-----------+
|>|  1 | 1213     | general     |
|>+----+----------+-----------+
|>
|>mysql> select * from radgroupreply;
|>+----+-----------+---------------+----+------------+------+
|>| id | GroupName | Attribute     | op | Value      | prio |
|>+----+-----------+---------------+----+------------+------+
|>|  3 | general     | Reply-Message | =  | Authorized |    0 |
|>+----+-----------+---------------+----+------------+------+
|>
|>
|>I googled this but I couldn't find anything about that.
|>Am I missing something?
|>Thanks in advance.
|>
|>_______________________________________________
|>Serusers mailing list
|>serusers at lists.iptel.org
|>http://lists.iptel.org/mailman/listinfo/serusers
|>
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBZUS+iLK8unYgEMQRAluzAJ4i471Pe76WynGAbRfl2EWk+O2hnACdHUBM
hqqzCU7ovnFs2sTeH9zj0uU=
=0qSy
-----END PGP SIGNATURE-----