Hello, Someone already has implemented two freeradius with mysql I'm using version 2.1.10 of freeradius on a debian 6
If I try a plaintext based authentication, everything works. But if I try to do an authentication with an MD5 password, I get the message seguite: *[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!* Below is my debug and table structures of authentication. Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 172.25.3.0 port 1814, id=40, length=143 User-Name = "usql2@visitantes" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02000015017573716c32407669736974616e746573 Message-Authenticator = 0x026cbd100d0b63cacb106f91006b21f2 Proxy-State = 0x30 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "visitantes" for User-Name = "usql2@visitantes" [suffix] Found realm "visitantes" [suffix] Adding Stripped-User-Name = "usql2" [suffix] Adding Realm = "visitantes" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 0 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++? if (Realm == "visitantes" ) ? Evaluating (Realm == "visitantes" ) -> TRUE ++? if (Realm == "visitantes" ) -> TRUE ++- entering if (Realm == "visitantes" ) {...} [sql_visitantes] expand: %{Stripped-User-Name} -> usql2 [sql_visitantes] sql_set_user escaped user --> 'usql2' rlm_sql (sql_visitantes): Reserving sql socket id: 4 [sql_visitantes] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'usql2' ORDER BY id [sql_visitantes] User found in radcheck table [sql_visitantes] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'usql2' ORDER BY id [sql_visitantes] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'usql2' ORDER BY priority [sql_visitantes] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'visitantes' ORDER BY id [sql_visitantes] User found in group visitantes [sql_visitantes] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'visitantes' ORDER BY id rlm_sql (sql_visitantes): Released sql socket id: 4 +++[sql_visitantes] returns ok ++- if (Realm == "visitantes" ) returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing MD5-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} *[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!* ++[pap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} ++? if (Realm == "visitantes" ) ? Evaluating (Realm == "visitantes" ) -> TRUE ++? if (Realm == "visitantes" ) -> TRUE ++- entering if (Realm == "visitantes" ) {...} [sql_visitantes] expand: %{Stripped-User-Name} -> usql2 [sql_visitantes] sql_set_user escaped user --> 'usql2' [sql_visitantes] expand: %{User-Password} -> [sql_visitantes] ... expanding second conditional [sql_visitantes] expand: %{Chap-Password} -> [sql_visitantes] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'usql2@visitantes', '', 'Access-Reject', '2011-03-17 16:54:17') rlm_sql (sql_visitantes) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'usql2@visitantes', '', 'Access-Reject', '2011-03-17 16:54:17') rlm_sql (sql_visitantes): Reserving sql socket id: 3 rlm_sql (sql_visitantes): Released sql socket id: 3 +++[sql_visitantes] returns ok ++- if (Realm == "visitantes" ) returns ok [attr_filter.access_reject] expand: %{User-Name} -> usql2@visitantes attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 40 to 172.25.3.0 port 1814 Proxy-State = 0x30 Waking up in 4.9 seconds. Cleaning up request 0 ID 40 with timestamp +12 Ready to process requests. mysql> select * from radcheck; +----+----------+--------------------+----+----------------------------------+ | id | username | attribute | op | value | +----+----------+--------------------+----+----------------------------------+ | 1 | usql1 | Cleartext-Password | := | usql1 | | 2 | usql2 | MD5-Password | := | 18f3e5d08056778649949b6872a0d4ff | +----+----------+--------------------+----+----------------------------------+ 2 rows in set (0.00 sec) mysql> select * from radgroupcheck; +----+------------+-----------+----+-------+ | id | groupname | attribute | op | value | +----+------------+-----------+----+-------+ | 1 | visitantes | Auth-Type | := | PAP | +----+------------+-----------+----+-------+ 1 row in set (0.00 sec) mysql> select * from radusergroup;; +----------+------------+----------+ | username | groupname | priority | +----------+------------+----------+ | usql1 | visitantes | 1 | | usql2 | visitantes | 1 | +----------+------------+----------+ 2 rows in set (0.00 sec) -- João Paulo de Lima Barbosa
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html