Using different realm in the same server

Tue, 31 Jan 2012 08:34:12 -0800 

Hi all,
I'm trying to use different realm into the same server, but I probably miss something. 


I just want to check my users in radcheck table as user@realm, but I 
can't get it working. here you are my radcheck table


mysql> select * from radcheck where username like 'tesths%';
+----+------------------+--------------------+----+--------------+
| id | username         | attribute          | op | value        |
+----+------------------+--------------------+----+--------------+
|  5 | tesths2          | Cleartext-Password | := | tesths2      |
|  4 | tesths@drupalAP1 | Cleartext-Password | := | tesths       |
| 11 | tesths@drupalAP1 | Login-Time         | := | Any1000-2000 |
|  8 | tesths@drupalAP1 | Max-Daily-Session  | := | 36000        |
| 12 | tesths@drupalAP1 | Expiration         | := | 31 Mar 2012  |
+----+------------------+--------------------+----+--------------+
5 rows in set (0.03 sec)


Following the output of freeradius -X replying to my Access-Request. As 
you can see it search for the cleartext password for tesths@drupalAP1, 
but it doesn't find it:



rad_recv: Access-Request packet from host 213.144.94.217 port 2060, 
id=64, length=322

        ChilliSpot-Version = "1.2.7-svn"
        User-Name = "tesths@drupalAP1"
        CHAP-Challenge = 0x1d5cbf018e5c3e1f0f27db84019d6334
        CHAP-Password = 0x00e56e25844efe021fe0ada407d300798d
        Service-Type = Login-User
        Acct-Session-Id = "4f28155900000001"
        Framed-IP-Address = 10.1.0.3
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        NAS-Port-Id = "00000001"
        Calling-Station-Id = "48-5D-60-71-DC-CC"
        Called-Station-Id = "58-6D-8F-B4-69-F7"
        NAS-IP-Address = 192.168.2.152
        NAS-Identifier = "coovaAP01"
        WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Coova_HotSpot01"
        WISPr-Location-Name = "My_HotSpot"
        WISPr-Logoff-URL = "http://10.1.0.1:3660/logoff";
        Message-Authenticator = 0xcbdb61af05f57eb2c5ef22c62a339623

# Executing section authorize from file 
/etc/freeradius/sites-enabled/default

+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "drupalAP1" for User-Name = "tesths@drupalAP1"
[suffix] No such realm "drupalAP1"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} -> tesths@drupalAP1
[sql] sql_set_user escaped user --> 'tesths@drupalAP1'
rlm_sql (sql): Reserving sql socket id: 1

[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'tesths@drupalAP1'           ORDER BY id

[sql] User found in radcheck table

[sql]   expand: SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = '%{SQL-User-Name}'           ORDER 
BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'tesths@drupalAP1'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup 
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM radusergroup           WHERE username = 
'tesths@drupalAP1'           ORDER BY priority

rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code

sqlcounter_expand:  'SELECT SUM(acctsessiontime - 
GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
    FROM radacct WHERE username = '%{User-Name}' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400''
[dailycounter]  expand: SELECT SUM(acctsessiontime - 
GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
    FROM radacct WHERE username = '%{User-Name}' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' -> SELECT 
SUM(acctsessiontime -                  GREATEST((1327964400 - 
UNIX_TIMESTAMP(acctstarttime)), 0))                  FROM radacct WHERE 
username = 'tesths@drupalAP1' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'
sqlcounter_expand:  '%{sql:SELECT SUM(acctsessiontime - 
 GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
      FROM radacct WHERE username = 'tesths@drupalAP1' AND 
     UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'}'

[dailycounter] sql_xlat
[dailycounter]  expand: %{User-Name} -> tesths@drupalAP1
[dailycounter] sql_set_user escaped user --> 'tesths@drupalAP1'

[dailycounter]  expand: SELECT SUM(acctsessiontime - 
GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
    FROM radacct WHERE username = 'tesths@drupalAP1' AND 
   UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400' -> 
SELECT SUM(acctsessiontime -                  GREATEST((1327964400 - 
UNIX_TIMESTAMP(acctstarttime)), 0))                  FROM radacct WHERE 
username = 'tesths@drupalAP1' AND 
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'

rlm_sql (sql): Reserving sql socket id: 0
[dailycounter] row[0] returned NULL
rlm_sql (sql): Released sql socket id: 0

[dailycounter]  expand: %{sql:SELECT SUM(acctsessiontime - 
    GREATEST((1327964400 - UNIX_TIMESTAMP(acctstarttime)), 0)) 
         FROM radacct WHERE username = 'tesths@drupalAP1' AND 
        UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1327964400'} ->

rlm_sqlcounter: No integer found in string ""
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
[expiration] Checking Expiration time: '31 Mar 2012'
++[expiration] returns ok
rlm_logintime: Checking Login-Time: 'Any1000-2000'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 9240
++[logintime] returns ok
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "tesths@drupalAP1" with CHAP password

[chap] Using clear text password "tesths" for user tesths@drupalAP1 
authentication.

[chap] Password check failed
++[chap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> tesths@drupalAP1
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 3 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 3
Sending Access-Reject of id 64 to 213.144.94.217 port 2060
Waking up in 4.9 seconds.
Cleaning up request 3 ID 64 with timestamp +378
Ready to process requests.

How can I have the realm be part of the authentication?
Thanks a lot
--
Gabriele Dr. Brosulo
 Responsabile Web
 EdiSoft Srl

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html














    











					Reply via email to