Hi
Can you explain why it can work for NT RAS with using
db file?
Debug for NT RAS:
rad_recv: Access-Request packet from host
192.168.59.244:1068, id=26, length=92
User-Name = "kkho"
CHAP-Challenge =
"\275\376V\366;43\354\360P;\276&a\302\001"
CHAP-Password =
0x08091bdcb6d497ec98ea941725a9adcc12
NAS-Port = 0
Framed-Protocol = PPP
NAS-Identifier = "AUD_AGENT"
NAS-Port-Type = Async
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Adding Auth-Type = CHAP
modcall[authorize]: module "chap" returns ok
rlm_realm: Looking up realm NULL for User-Name =
"kkho"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
radius_xlat: 'kkho'
sql_set_user: escaped user --> 'kkho'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Usernam
e = 'kkho' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att
ribute,radgroupcheck.Value,radgroupcheck.op FROM
radgroupcheck,usergroup WHERE
usergroup.Username = 'kkho' AND usergroup.GroupName =
radgroupcheck.GroupName OR
DER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Usernam
e = 'kkho' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att
ribute,radgroupreply.Value,radgroupreply.op FROM
radgroupreply,usergroup WHERE
usergroup.Username = 'kkho' AND usergroup.GroupName =
radgroupreply.GroupName OR
DER BY radgroupreply.id'
radius_xlat: 'SELECT Value,Attribute FROM radcheck
WHERE UserName = 'kkho' AND
( Attribute = 'User-Password' OR Attribute =
'Password' OR Attribute = 'Crypt-Pa
ssword' ) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
users: Matched DEFAULT at 173
users: Matched DEFAULT at 179
modcall[authorize]: module "files" returns ok
rlm_ippool: Searching for an entry for nas/port: /0
rlm_ippool: Found a stale entry for ip/port:
192.168.59.194/0
rlm_ippool: num: 0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.59.194 to client on
nas ,port 0
modcall[authorize]: module "RAS" returns ok
modcall[authorize]: module "RAS1" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type CHAPPAP
auth: type "CHAPPAP"
modcall: entering group authtype
rlm_chap: login attempt by "kkho" with CHAP password
???ܶÔ?ì?ê??%©Ì?
rlm_chap: Using clear text password kkho for user kkho
authentication.
rlm_chap: chap user kkho authenticated succesfully
modcall[authenticate]: module "chap" returns ok
modcall: group authtype returns ok
Sending Access-Accept of id 26 to 192.168.59.244:1068
Framed-Compression = Van-Jacobson-TCP-IP
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-MTU = 1500
Framed-IP-Address = 192.168.59.194
Finished request 0
Going to the next request
Debug for Cisco NAS:
rad_recv: Access-Request packet from host
192.168.31.10:1645, id=122, length=95
NAS-IP-Address = 192.168.31.10
NAS-Port = 15
NAS-Port-Type = Async
User-Name = "kkho"
Called-Station-Id = "19096"
Calling-Station-Id = "90200959"
User-Password =
"h\035\272:4Bcp\202\371\227\274\325\337U\022"
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password
attribute in request
modcall[authorize]: module "chap" returns noop
rlm_realm: Looking up realm NULL for User-Name =
"kkho"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
radius_xlat: 'kkho'
sql_set_user: escaped user --> 'kkho'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Usernam
e = 'kkho' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att
ribute,radgroupcheck.Value,radgroupcheck.op FROM
radgroupcheck,usergroup WHERE
usergroup.Username = 'kkho' AND usergroup.GroupName =
radgroupcheck.GroupName OR
DER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Usernam
e = 'kkho' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att
ribute,radgroupreply.Value,radgroupreply.op FROM
radgroupreply,usergroup WHERE
usergroup.Username = 'kkho' AND usergroup.GroupName =
radgroupreply.GroupName OR
DER BY radgroupreply.id'
radius_xlat: 'SELECT Value,Attribute FROM radcheck
WHERE UserName = 'kkho' AND
( Attribute = 'User-Password' OR Attribute =
'Password' OR Attribute = 'Crypt-Pa
ssword' ) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
users: Matched DEFAULT at 176
users: Matched DEFAULT at 179
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "RAS" returns noop
rlm_ippool: Searching for an entry for nas/port:
192.168.31.10/15
rlm_ippool: No available ip addresses in pool.
modcall[authorize]: module "RAS1" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type CHAPPAP
auth: type "CHAPPAP"
modcall: entering group authtype
rlm_chap: Attribute "CHAP-Password" is required for
authentication. Cannot use "
User-Password".
modcall[authenticate]: module "chap" returns invalid
rlm_pap: login attempt by "kkho" with password kkho
rlm_pap: Using password kkho for user kkho
authentication.
rlm_pap: Using clear text password.
rlm_pap: User authenticated succesfully
modcall[authenticate]: module "pap" returns ok
modcall: group authtype returns ok
Sending Access-Accept of id 122 to 192.168.31.10:1645
Framed-Compression = Van-Jacobson-TCP-IP
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-MTU = 1500
Finished request 5
Going to the next request
and
Users Profile:
DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type :=
Accept, Pool-Name := "RAS"
Fall-Through = 1
DEFAULT NAS-IP-Address == 192.168.31.10, Auth-Type :=
Accept, Pool-Name := "RAS1"
Fall-Through = 1
DEFAULT Auth-Type := CHAPPAP
radiusd.conf:
ippool RAS {
range-start = 192.168.59.193
range-stop = 192.168.59.195
netmask = 255.255.255.0
cache-size = 3
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
ippool RAS1 {
range-start = 192.168.31.193
range-stop = 192.168.31.195
netmask = 255.255.255.0
cache-size = 3
session-db = ${raddbdir}/db1.ippool
ip-index = ${raddbdir}/db1.ipindex
}
Authorize {
preprocess
chap
suffix
sql
files
RAS
RAS1
}
authenticate {
unix
authtype CHAPPAP {
chap
pap
}
}
accounting {
unix
sql
RAS
RAS1
radutmp
}
--- Kostas Kalevras <[EMAIL PROTECTED]> wrote: > On
Fri, 20 Sep 2002, [iso-8859-1] ho k wrote:
>
> > rad_recv: Access-Request packet from host
> > 192.168.31.10:1645, id=112, length=92
> > NAS-IP-Address = 192.168.31.10
> > NAS-Port = 30
> > NAS-Port-Type = Async
> > User-Name = "b"
> > Called-Station-Id = "190962"
> > Calling-Station-Id = "85290200959"
> > User-Password =
> >
> "t\365\000\261\324[\324\025_Z\r\324\306\035\217\356"
> > attribute in request
> > modcall[authorize]: module "chap" returns noop
> > rlm_realm: Looking up realm NULL for User-Name
> =
> > "b"
> > rlm_realm: No such realm NULL
> > modcall[authorize]: module "suffix" returns noop
> > rlm_ippool: Searching for an entry for nas/port:
> > 192.168.31.10/30
> > rlm_ippool: No available ip addresses in pool.
>
> So, that's the problem. Delete the db files and it
> should work ok.
>
> > modcall[authorize]: module "RAS1" returns noop
> > modcall: group authorize returns ok
> > rad_check_password: Found Auth-Type Local
> > auth: type Local
> > auth: user supplied User-Password matches local
> > User-Password
> > Sending Access-Accept of id 112 to
> 192.168.31.10:1645
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-Routing = Broadcast-Listen
> > Framed-MTU = 1500
> > Framed-Compression = Van-Jacobson-TCP-IP
> > Finished request 1
> > Going to the next request
>
>
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of
> Athens, Greece
> Work Phone: +30 10 7721861
> 'Go back to the shadow' Gandalf
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_______________________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
