Hi Pete,<br><br>if it still does not work, can u post somewhere your radiusd.conf + sql.conf files?<br><br>Cheers,<br>DanB<br><br><div class="gmail_quote">On Wed, May 28, 2008 at 5:12 PM, Pete Kay <<a href="mailto:petedao@gmail.com">petedao@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi Dan, <br>If I change the attribute to user-password, I still can't authenticate. It is so strange since I am able to authenticate using my test client.<div class="Ih2E3d">
<br><br>Waking up in 4.9 seconds.<br> User-Name = "<a href="mailto:1006@192.168.1.104" target="_blank">1006@192.168.1.104</a>"<br>
Digest-Attributes = 0x0a0631303036<br> Digest-Attributes = 0x010f3139322e3136382e312e313034<br></div> Digest-Attributes = 0x022a34383364653562636166376535646335323862373335643661393364363634636237376533396636<div class="Ih2E3d">
<br>
Digest-Attributes = 0x04137369703a3139322e3136382e312e313034<br> Digest-Attributes = 0x030a5245474953544552<br></div> Digest-Response = "9b614ed006554a3a7ea094b14237dae9"<div class="Ih2E3d">
<br> Service-Type = IAPP-Register<br>
X-Ascend-PW-Lifetime = 825241654<br> NAS-Port = 5060<br> NAS-IP-Address = <a href="http://127.0.0.1" target="_blank">127.0.0.1</a><br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://127.0.0.1/auth-detail-20080529" target="_blank">127.0.0.1/auth-detail-20080529</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://127.0.0.1/auth-detail-20080529" target="_blank">127.0.0.1/auth-detail-20080529</a><br>
</div> expand: %t -> Thu May 29 07:02:41 2008<div class="Ih2E3d"><br>
++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>rlm_digest: Adding Auth-Type = DIGEST<br>++[digest] returns ok<br> rlm_realm: Looking up realm "<a href="http://192.168.1.104" target="_blank">192.168.1.104</a>" for User-Name = "<a href="mailto:1006@192.168.1.104" target="_blank">1006@192.168.1.104</a>"<br>
rlm_realm: Found realm "<a href="http://192.168.1.104" target="_blank">192.168.1.104</a>"<br> rlm_realm: Adding Stripped-User-Name = "1006"<br> rlm_realm: Adding Realm = "<a href="http://192.168.1.104" target="_blank">192.168.1.104</a>"<br>
rlm_realm: Authentication realm is LOCAL.<br>++[suffix] returns noop<br> rlm_eap: No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[files] returns noop<br> expand: %{Stripped-User-Name} -> 1006<br>
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006<br>rlm_sql (sql): sql_set_user escaped user --> '1006'<br>rlm_sql (sql): Reserving sql socket id: 1<br></div><div class="Ih2E3d"> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id<br>rlm_sql (sql): User found in radcheck table<br> expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id<br>
</div><div class="Ih2E3d">
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id<br> expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority<br>
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority<br> expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id<br>rlm_sql (sql): User found in group openser<br> expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id<br>rlm_sql (sql): Released sql socket id: 1<br>++[sql] returns ok<br>
++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type Local<br></div>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>
!!! Replacing User-Password in config items with Cleartext-Password. !!!<br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>!!! Please update your configuration so that the "known good" !!!<br>
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<br>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<div class="Ih2E3d"><br>auth: type Local<br>auth: No User-Password or CHAP-Password attribute in the request<br>
auth: Failed to validate the user.<br>Login incorrect: [<a href="http://1006@192.168.1.104/" target="_blank">1006@192.168.1.104/</a><via Auth-Type = Local>] (from client localhost port 5060)<br> Found Post-Auth-Type Reject<br>
+- entering group REJECT<br>
expand: %{User-Name} -> <a href="mailto:1006@192.168.1.104" target="_blank">1006@192.168.1.104</a><br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br></div>Delaying reject of request 227 for 1 seconds<div class="Ih2E3d">
<br>
Going to the next request<br><br></div>But even if I change to Digest-HA1, I still can't authenticate:<br><br>Waking up in 0.8 seconds.<div class="Ih2E3d"><br> User-Name = "<a href="mailto:1006@192.168.1.104" target="_blank">1006@192.168.1.104</a>"<br>
Digest-Attributes = 0x0a0631303036<br> Digest-Attributes = 0x010f3139322e3136382e312e313034<br></div> Digest-Attributes = 0x022a34383364653635643437393064306234623163626463333130653930633338383766393734653963<div class="Ih2E3d">
<br>
Digest-Attributes = 0x04137369703a3139322e3136382e312e313034<br> Digest-Attributes = 0x030a5245474953544552<br></div> Digest-Response = "1a8ef3e9646fc8fba9eb9b50b1e0187e"<div class="Ih2E3d">
<br> Service-Type = IAPP-Register<br>
X-Ascend-PW-Lifetime = 825241654<br> NAS-Port = 5060<br> NAS-IP-Address = <a href="http://127.0.0.1" target="_blank">127.0.0.1</a><br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://127.0.0.1/auth-detail-20080529" target="_blank">127.0.0.1/auth-detail-20080529</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://127.0.0.1/auth-detail-20080529" target="_blank">127.0.0.1/auth-detail-20080529</a><br>
</div> expand: %t -> Thu May 29 07:05:22 2008<div class="Ih2E3d"><br>
++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>rlm_digest: Adding Auth-Type = DIGEST<br>++[digest] returns ok<br> rlm_realm: Looking up realm "<a href="http://192.168.1.104" target="_blank">192.168.1.104</a>" for User-Name = "<a href="mailto:1006@192.168.1.104" target="_blank">1006@192.168.1.104</a>"<br>
rlm_realm: Found realm "<a href="http://192.168.1.104" target="_blank">192.168.1.104</a>"<br> rlm_realm: Adding Stripped-User-Name = "1006"<br> rlm_realm: Adding Realm = "<a href="http://192.168.1.104" target="_blank">192.168.1.104</a>"<br>
rlm_realm: Authentication realm is LOCAL.<br>++[suffix] returns noop<br> rlm_eap: No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[files] returns noop<br> expand: %{Stripped-User-Name} -> 1006<br>
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006<br>rlm_sql (sql): sql_set_user escaped user --> '1006'<br>rlm_sql (sql): Reserving sql socket id: 1<br></div><div class="Ih2E3d"> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id<br>rlm_sql (sql): User found in radcheck table<br> expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id<br>
</div><div class="Ih2E3d">
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id<br> expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority<br>
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority<br> expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id<br>rlm_sql (sql): User found in group openser<br> expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id<br>rlm_sql (sql): Released sql socket id: 1<br>++[sql] returns ok<br>
++[expiration] returns noop<br>++[logintime] returns noop<br></div>rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.<div class="Ih2E3d"><br>++[pap] returns noop<br>
rad_check_password: Found Auth-Type Local<br>
auth: type Local<br>auth: No User-Password or CHAP-Password attribute in the request<br>auth: Failed to validate the user.<br>Login incorrect: [<a href="http://1006@192.168.1.104/" target="_blank">1006@192.168.1.104/</a><via Auth-Type = Local>] (from client localhost port 5060)<br>
Found Post-Auth-Type Reject<br>+- entering group REJECT<br> expand: %{User-Name} -> <a href="mailto:1006@192.168.1.104" target="_blank">1006@192.168.1.104</a><br> attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br></div>
Delaying reject of request 237 for 1 seconds<br><br><br>
</blockquote></div><br>