subject:"RE\: proxy.conf problem"

RE: proxy.conf problem

2003-09-21 Thread Mustafa N. deeb

Hi


Having this configured already in proxy.conf, why do I have to configure
the users file?

Realm DOMAIN {
Type = radius
authhost = LOCAL
accthost = LOCAL
Strip
}

Is this something standard in radius servers, I've worked with cistron
and icradius, and I usually did it by just adding LOCAL to the realm
file



From what I saw from debug, the realm module recognizes the realm, but
when 
The authorize module reaches sql, it adds back the full (non-stripped
username) and it fails b/c as you said, for sql it is a different
username



radtest it does the job, but ntradping have nicer interface


cheers



Mustafa N. deeb [EMAIL PROTECTED] wrote:
 Below is the debug of 2 attempts, the first is successful and the
other
 is not

  So compare the two, to see what the differences are.

  You do realize that the two usernames test and [EMAIL PROTECTED] are
different, don't you?  The 'users' file keys on the username, so
you've got to somehow make those two different usernames the same.

  Hint: look for the 'strip' and/or 'nostrip' option in the proxy
configuration.

 I'm using ntradping for testing

  I'm surprised that 'radtest', which comes with the server, is
inadequate.

  Alan DeKok.





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: proxy.conf problem

2003-09-21 Thread Mustafa N. deeb

Hi Alan


It worked, like this


I just changed proxy.conf to do this

Instead of 

Realm DOMAIN {
Type= radius
Authhost = LOCAL
Accthost = LOCAL
strip

}

I did

Realm DOMAIN {
Type=radius
Authhost= localhost:1812
Accthost = localhost:1813
Secret = whatever
strip

}

and now it is working

do you think this is right ?


CHeers

   

Mustafa N. deeb [EMAIL PROTECTED] wrote:
 Below is the debug of 2 attempts, the first is successful and the
other
 is not

  So compare the two, to see what the differences are.

  You do realize that the two usernames test and [EMAIL PROTECTED] are
different, don't you?  The 'users' file keys on the username, so
you've got to somehow make those two different usernames the same.

  Hint: look for the 'strip' and/or 'nostrip' option in the proxy
configuration.

 I'm using ntradping for testing

  I'm surprised that 'radtest', which comes with the server, is
inadequate.

  Alan DeKok.





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: proxy.conf problem

2003-09-21 Thread Alan DeKok

Mustafa N. deeb [EMAIL PROTECTED] wrote:
 Having this configured already in proxy.conf, why do I have to configure
 the users file?

  Configure *what* in the 'users' file?

 From what I saw from debug, the realm module recognizes the realm, but
 when 
 The authorize module reaches sql, it adds back the full (non-stripped
 username) and it fails b/c as you said, for sql it is a different
 username

  That's what the configuration files are for.  Read 'sql.conf'.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: proxy.conf problem

2003-09-20 Thread Mustafa N. deeb

preprocess returns ok
Sat Sep 20 15:26:20 2003 : Debug: radius_xlat:  '[EMAIL PROTECTED]'
Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): sql_set_user escaped
user -- '[EMAIL PROTECTED]'
Sat Sep 20 15:26:20 2003 : Debug: radius_xlat:  'SELECT
id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'[EMAIL PROTECTED]' ORDER BY id'
Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): Reserving sql socket
id: 7
Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): User [EMAIL PROTECTED]
not found in radcheck
Sat Sep 20 15:26:20 2003 : Debug: radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
Sat Sep 20 15:26:20 2003 : Debug: radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): User [EMAIL PROTECTED]
not found in radgroupcheck
Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): User not found
Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): Released sql socket id:
7
Sat Sep 20 15:26:20 2003 : Debug:   modcall[authorize]: module sql
returns notfound
Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Entering module
authorize code
Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Sat Sep 20 15:26:20 2003 : Debug:   modcall[authorize]: module
noresetcounter returns noop
Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Entering module
authorize code
Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Sat Sep 20 15:26:20 2003 : Debug:   modcall[authorize]: module
dailyresetcounter returns noop
Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: No '/' in User-Name =
[EMAIL PROTECTED], looking up realm NULL
Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Found realm NULL
Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Adding
Stripped-User-Name = [EMAIL PROTECTED]
Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Proxying request from
user [EMAIL PROTECTED] to realm NULL
Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Adding Realm = NULL
Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Authentication realm is
LOCAL.
Sat Sep 20 15:26:20 2003 : Debug:   modcall[authorize]: module
realmslash returns noop
Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Request already
proxied.  Ignoring.
Sat Sep 20 15:26:20 2003 : Debug:   modcall[authorize]: module suffix
returns noop
Sat Sep 20 15:26:20 2003 : Debug: modcall: group authorize returns ok
Sat Sep 20 15:26:20 2003 : Debug: auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
Sat Sep 20 15:26:20 2003 : Debug: auth: Failed to validate the user.
Sat Sep 20 15:26:20 2003 : Auth: Login incorrect:
[EMAIL PROTECTED]/PROTECTED] (from client mustafa port 0)
Sat Sep 20 15:26:20 2003 : Debug: Delaying request 1 for 1 seconds
Sat Sep 20 15:26:20 2003 : Debug: Finished request 1
Sat Sep 20 15:26:20 2003 : Debug: Going to the next request
Sat Sep 20 15:26:20 2003 : Debug: Thread 2 waiting to be assigned a
request
Sat Sep 20 15:26:21 2003 : Debug: --- Walking the entire request list
---
Sat Sep 20 15:26:21 2003 : Debug: Waking up in 1 seconds...
Sat Sep 20 15:26:22 2003 : Debug: --- Walking the entire request list
---
Sending Access-Reject of id 1 to 192.116.17.51:1883
Sat Sep 20 15:26:22 2003 : Debug: Waking up in 4 seconds...
Sat Sep 20 15:26:26 2003 : Debug: --- Walking the entire request list
---
Sat Sep 20 15:26:26 2003 : Debug: Cleaning up request 1 ID 1 with
timestamp 3f6c476c
Sat Sep 20 15:26:26 2003 : Debug: Nothing to do.  Sleeping until we see
a request.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, September 17, 2003 4:54 PM
To: [EMAIL PROTECTED]
Subject: Re: proxy.conf problem 

Mustafa N. deeb [EMAIL PROTECTED] wrote:
 So far I'm able to authenticate users with any problems, but if I use
 [EMAIL PROTECTED] it doesn't
  
 user is ok
 [EMAIL PROTECTED]- LOCAL doesn't authenticate,

  Have you tried running it in debugging mode, as suggested in the
FAQ, README's, and multiple other places?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: proxy.conf problem

2003-09-20 Thread Alan DeKok

Mustafa N. deeb [EMAIL PROTECTED] wrote:
 Below is the debug of 2 attempts, the first is successful and the other
 is not

  So compare the two, to see what the differences are.

  You do realize that the two usernames test and [EMAIL PROTECTED] are
different, don't you?  The 'users' file keys on the username, so
you've got to somehow make those two different usernames the same.

  Hint: look for the 'strip' and/or 'nostrip' option in the proxy
configuration.

 I'm using ntradping for testing

  I'm surprised that 'radtest', which comes with the server, is
inadequate.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: proxy.conf problem

2003-09-17 Thread Alan DeKok

Mustafa N. deeb [EMAIL PROTECTED] wrote:
 So far I'm able to authenticate users with any problems, but if I use
 [EMAIL PROTECTED] it doesn't
  
 user is ok
 [EMAIL PROTECTED]- LOCAL doesn't authenticate,

  Have you tried running it in debugging mode, as suggested in the
FAQ, README's, and multiple other places?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: proxy.conf problem

RE: proxy.conf problem

Re: proxy.conf problem

RE: proxy.conf problem

Re: proxy.conf problem

Re: proxy.conf problem

6 matches

Site Navigation

Mail list logo

Footer information