Hello,
I've been using FreeRadius for quite some time now, but after a recent
update (to 2.0.4, debian lenny variant) all users in a certain group
have stopped authenticating properly, with the above error -- even
though as far as I can tell the password transmitted (and logged) is
identical to the one in the database.
I've attached a sample of the logfile, with names and passwords slightly
edited but otherwise accurate:
I've tried everything I could think of, including deleting the user and
entering the data anew by hand, but the error persists.
Any suggestions to dig further and help me find what I may have missed
would be welcome.
Regards,
--
Rens Houben <sha...@systemec.nl>
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
++[files] returns noop
expand: %{User-Name} -> shadur
rlm_sql (sql): sql_set_user escaped user --> 'shadur'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'shadur' ORDER BY
id
+-----+----------+--------------------+-------+------+
| id | UserName | Attribute | Value | op |
+-----+----------+--------------------+-------+------+
| 346 | shadur | Cleartext-Password | foo | := |
+-----+----------+--------------------+-------+------+
rlm_sql (sql): User found in radcheck table
expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'shadur' ORDER BY
id
+----+----------+---------------+--------+------+
| id | UserName | Attribute | Value | op |
+----+----------+---------------+--------+------+
| 56 | shadur | Giganews-mbpm | 512000 | := |
+----+----------+---------------+--------+------+
expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='shadur'
+-----------+
| GroupName |
+-----------+
| news |
+-----------+
expand: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id ->
SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'shadur' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
+----+-----------+----------------+-------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+----------------+-------+------+
| 8 | news | Huntgroup-Name | news | == |
| 9 | news | Auth-Type | Local | := |
+----+-----------+----------------+-------+------+
rlm_sql (sql): User found in group news
expand: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id ->
SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'shadur' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
+----+-----------+---------------+-------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+---------------+-------+------+
| 25 | news | Auth-Type | Local | := |
| 27 | news | Giganews-mbpm | 512 | := |
+----+-----------+---------------+-------+------+
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
Login incorrect: [shadur/foo] (from client giganews port 1)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
