Re: Cisco Aironet - MAC auth logs
Hi, Here it isThanks for the help! Please let me know what you find, time is running out! mysql SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id; +-+--+---+--+--+ | id | UserName | Attribute | Value| op | +-+--+---+--+--+ | 205 | 00062541e359 | User-Password | ourpaswd | == | +-+--+---+--+--+ 1 row in set (0.00 sec) you havent done this for the other one...which is decidedly different! SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
See the differnece?! Output of the ORINOCO from radiusd -X: rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: type Local Auth-Type := Local auth: user supplied User-Password matches local User-Password Matches local User-Password Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1 Output of the CISCO from radiusd -X: rlm_sql: Pairs do not match [00022d11] ! rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user No Auth-Type auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 AFAIS you're not authenticating against mysql... in none of the two cases! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
Hi Peter, Thanks for the prompt response! Here are my logs (sorry for the lengthiness): Output of the ORINOCO from radiusd -X: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host XXX.XX.XX.XX:6001, id=31, length=64 User-Name = 00062541e359 User-Password = 3\035\300\350#ka9y\215\330J\020\000| NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok radius_xlat: '00062541e359' sql_escape in: '00062541e359' sql_escape out: '00062541e359' sql_set_user: escaped user -- '00062541e359' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id' SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC' SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1 Output of the ORINOCO accounting log: Fri Aug 8 11:39:00 2003 User-Name = 00062541e359 Acct-Session-Id = 00062541e359 NAS-Identifier = LawSchool1-1 NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = XXX.XX.XX.XX Acct-Unique-Session-Id = a248070840f3cb22 Timestamp = 1060360740 Output of the CISCO from radiusd -X: Ready to process requests. rad_recv: Access-Request packet from host XXX.XX.XX.XX:1028, id=0, length=143 User-Name = 00022d11 User-Password = \\?\276ps\362\307\326\335#!\326\241\210\030 NAS-IP-Address = XXX.XX.XX.XX Called-Station-Id = 000ccec83d0c NAS-Port = 37 NAS-Port-Type = Wireless-802.11 Cisco-AVPair = ssid=northgate_wireless Calling-Station-Id = 00022d11 NAS-Identifier = udp001618uds modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok radius_xlat: '00022d11' sql_escape in: '00022d11' sql_escape out: '00022d11' sql_set_user: escaped user -- '00022d11' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM
RE: Cisco Aironet - MAC auth logs
Mike, Could you run the following queries manually against your MySQL database and post the results? SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00022d11' ORDER BY id SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
Hi, Sorry, it comes back with the same thing: mysql SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id; +-+--+---+--+--+ | id | UserName | Attribute | Value| op | +-+--+---+--+--+ | 215 | 00022d11 | User-Password | ourpaswd | == | +-+--+---+--+--+ 1 row in set (0.00 sec) Thanks!! -Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, August 11, 2003 9:05 AM To: [EMAIL PROTECTED] Subject: Re: Cisco Aironet - MAC auth logs Hi, Here it isThanks for the help! Please let me know what you find, time is running out! mysql SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id; +-+--+---+--+--+ | id | UserName | Attribute | Value| op | +-+--+---+--+--+ | 205 | 00062541e359 | User-Password | ourpaswd | == | +-+--+---+--+--+ 1 row in set (0.00 sec) you havent done this for the other one...which is decidedly different! SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
auth: user supplied User-Password matches local User-Password says that the user matches a password in raddb/users file. You are authenticating - yes, but against a password-file. Authorization is done in this case via sql. With the Cisco box you get an error message saying: Pairs do not match [00022d11]. Unfortunately I can't tell you why... and: auth: No Auth-Type configuration for the request, rejecting the user You have not defined an Auth-Type for the user. Uli Am Die, 2003-08-12 um 15.32 schrieb Mike Hall: I am definitely authenticating against mysql!! I have been working with this system for over a year and it has worked great...if the user's MAC isn't in there then they can't authenticate. Matches local User-Password :: Doesn't that tell you im authenticating? Please advise.. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulrich Walcher Sent: Tuesday, August 12, 2003 3:11 AM To: [EMAIL PROTECTED] Subject: RE: Cisco Aironet - MAC auth logs See the differnece?! Output of the ORINOCO from radiusd -X: rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: type Local Auth-Type := Local auth: user supplied User-Password matches local User-Password Matches local User-Password Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1 Output of the CISCO from radiusd -X: rlm_sql: Pairs do not match [00022d11] ! rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user No Auth-Type auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 AFAIS you're not authenticating against mysql... in none of the two cases! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
Hi all, sorry I forgot to run the other queries. The AP is a Cisco Aironet 1200 (1220b) Here are the queries: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id +-+--+---+--+--+ | id | UserName | Attribute | Value| op | +-+--+---+--+--+ | 215 | 00062541e359 | User-Password | ourpaswd | == | +-+--+---+--+--+ 1 row in set (0.00 sec) SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgr ou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id Empty set (0.00 sec) SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id Empty set (0.00 sec) SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgr ou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id Empty set (0.00 sec) SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgr ou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id Empty set (0.00 sec) SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC +--+---+ | Value| Attribute | +--+---+ | ourpaswd | User-Password | +--+---+ 1 row in set (0.00 sec) SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id +-+--+---+--+--+ | id | UserName | Attribute | Value| op | +-+--+---+--+--+ | 215 | 00022d11 | User-Password | ourpaswd | == | +-+--+---+--+--+ 1 row in set (0.00 sec) SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgr ou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id Empty set (0.00 sec) SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00022d11' ORDER BY id Empty set (0.00 sec) SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgr ou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id Empty set (0.00 sec) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
How do I define and Auth-Type for the user? Is it the Attribute field in my radcheck table? That has 'User-Password' for everyone in the system. The Value field also has our 'radius password' for all users. I have read some about the hints file...do I need to do something like this: Default Prefix = Cisco-AVPair, Strip-User-Name = Yes Hint = CISCO Auth-Type = Local ...Or am I totally on the wrong track here? Another idea is to create a two separate 'radcheck' tables, one for Cisco Aps and one for Orinoco APs. What do yall think of that (there must be an easier way)? When it say module sql returns notfound what does that mean? Sorry for all the questions, I really appreciate your help. --Mike Hall -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulrich Walcher Sent: Tuesday, August 12, 2003 1:01 PM To: [EMAIL PROTECTED] Subject: RE: Cisco Aironet - MAC auth logs auth: user supplied User-Password matches local User-Password says that the user matches a password in raddb/users file. You are authenticating - yes, but against a password-file. Authorization is done in this case via sql. With the Cisco box you get an error message saying: Pairs do not match [00022d11]. Unfortunately I can't tell you why... and: auth: No Auth-Type configuration for the request, rejecting the user You have not defined an Auth-Type for the user. Uli Am Die, 2003-08-12 um 15.32 schrieb Mike Hall: I am definitely authenticating against mysql!! I have been working with this system for over a year and it has worked great...if the user's MAC isn't in there then they can't authenticate. Matches local User-Password :: Doesn't that tell you im authenticating? Please advise.. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulrich Walcher Sent: Tuesday, August 12, 2003 3:11 AM To: [EMAIL PROTECTED] Subject: RE: Cisco Aironet - MAC auth logs See the differnece?! Output of the ORINOCO from radiusd -X: rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: type Local Auth-Type := Local auth: user supplied User-Password matches local User-Password Matches local User-Password Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1 Output of the CISCO from radiusd -X: rlm_sql: Pairs do not match [00022d11] ! rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user No Auth-Type auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 AFAIS you're not authenticating against mysql... in none of the two cases! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
DEFAULT Auth-Type := PAP
At least that's what I use to authenticate... but I do that with
radgroupcheck:
id groupname attribute op value
10 mygroup Auth-Type := PAP
I guess for the use with hints file it would be (I don't use hints at
the moment):
DEFAULT Hint == CISCO, Auth-Type := 'whatever-you-want'
Prefix = Cisco-AVPair /* do you really need this? */
Strip-User-Name = Yes
module sql returns notfound means the username you passed to the
server wasn't found by the sql-query executed, which might be a wrong
query or a wrong/not-existing username.
I would rather try to get one table working for both types of ap's than
having two tables. It doubles your work and also doubles the number of
possible errors.
One of the fantastic things with Cisco is that you always get all the
dokumentation online. Please see:
MAC-Auth settings:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_installation_and_configuration_guide_chapter09186a008014868e.html
RADIUS settings:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_installation_and_configuration_guide_chapter09186a00801486a0.html
Am Die, 2003-08-12 um 21.34 schrieb Mike Hall:
How do I define and Auth-Type for the user? Is it the Attribute field in
my radcheck table? That has 'User-Password' for everyone in the system.
The Value field also has our 'radius password' for all users. I have
read some about the hints file...do I need to do something like this:
Default Prefix = Cisco-AVPair, Strip-User-Name = Yes
Hint = CISCO
Auth-Type = Local
...Or am I totally on the wrong track here? Another idea is to create a
two separate 'radcheck' tables, one for Cisco Aps and one for Orinoco
APs. What do yall think of that (there must be an easier way)? When it
say module sql returns notfound what does that mean? Sorry for all
the questions, I really appreciate your help.
--Mike Hall
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulrich
Walcher
Sent: Tuesday, August 12, 2003 1:01 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco Aironet - MAC auth logs
auth: user supplied User-Password matches local User-Password says
that the user matches a password in raddb/users file. You are
authenticating - yes, but against a password-file. Authorization is
done in this case via sql.
With the Cisco box you get an error message saying: Pairs do not match
[00022d11]. Unfortunately I can't tell you why...
and:
auth: No Auth-Type configuration for the request, rejecting the user
You have not defined an Auth-Type for the user. Uli
Am Die, 2003-08-12 um 15.32 schrieb Mike Hall:
I am definitely authenticating against mysql!! I have been working
with this system for over a year and it has worked great...if the
user's MAC
isn't in there then they can't authenticate.Matches local
User-Password :: Doesn't that tell you im authenticating? Please
advise..
Mike
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ulrich
Walcher
Sent: Tuesday, August 12, 2003 3:11 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco Aironet - MAC auth logs
See the differnece?!
Output of the ORINOCO from radiusd -X:
rlm_sql: Released sql socket id: 4
modcall[authorize]: module sql returns ok
modcall[authorize]: module files returns notfound
modcall: group authorize returns ok
auth: type Local
Auth-Type := Local
auth: user supplied User-Password matches local User-Password
Matches local User-Password
Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request
1
Output of the CISCO from radiusd -X:
rlm_sql: Pairs do not match [00022d11]
!
rlm_sql: Released sql socket id: 4
modcall[authorize]: module sql returns notfound
modcall[authorize]: module files returns notfound
modcall: group authorize returns ok
auth: No Auth-Type configuration for the request, rejecting the user
No Auth-Type
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
AFAIS you're not authenticating against mysql... in none of the two
cases!
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
I am definitely authenticating against mysql!! I have been working with this system for over a year and it has worked great...if the user's MAC isn't in there then they can't authenticate.Matches local User-Password :: Doesn't that tell you im authenticating? Please advise.. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulrich Walcher Sent: Tuesday, August 12, 2003 3:11 AM To: [EMAIL PROTECTED] Subject: RE: Cisco Aironet - MAC auth logs See the differnece?! Output of the ORINOCO from radiusd -X: rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: type Local Auth-Type := Local auth: user supplied User-Password matches local User-Password Matches local User-Password Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1 Output of the CISCO from radiusd -X: rlm_sql: Pairs do not match [00022d11] ! rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user No Auth-Type auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 AFAIS you're not authenticating against mysql... in none of the two cases! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco Aironet - MAC auth logs
Hi Peter, Thanks for the prompt response! Here are my logs (sorry for the lengthiness): Output of the ORINOCO from radiusd -X: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host XXX.XX.XX.XX:6001, id=31, length=64 User-Name = 00062541e359 User-Password = 3\035\300\350#ka9y\215\330J\020\000| NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok radius_xlat: '00062541e359' sql_escape in: '00062541e359' sql_escape out: '00062541e359' sql_set_user: escaped user -- '00062541e359' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id' SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC' SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 31 to XXX.XX.XX.XX:6001 Finished request 1 Output of the ORINOCO accounting log: Fri Aug 8 11:39:00 2003 User-Name = 00062541e359 Acct-Session-Id = 00062541e359 NAS-Identifier = LawSchool1-1 NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = XXX.XX.XX.XX Acct-Unique-Session-Id = a248070840f3cb22 Timestamp = 1060360740 Output of the CISCO from radiusd -X: Ready to process requests. rad_recv: Access-Request packet from host XXX.XX.XX.XX:1028, id=0, length=143 User-Name = 00022d11 User-Password = \\?\276ps\362\307\326\335#!\326\241\210\030 NAS-IP-Address = XXX.XX.XX.XX Called-Station-Id = 000ccec83d0c NAS-Port = 37 NAS-Port-Type = Wireless-802.11 Cisco-AVPair = ssid=northgate_wireless Calling-Station-Id = 00022d11 NAS-Identifier = udp001618uds modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok radius_xlat: '00022d11' sql_escape in: '00022d11' sql_escape out: '00022d11' sql_set_user: escaped user -- '00022d11' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM
RE: Cisco Aironet - MAC auth logs
Here it isThanks for the help! Please let me know what you find, time is running out! mysql SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id; +-+--+---+--+--+ | id | UserName | Attribute | Value| op | +-+--+---+--+--+ | 205 | 00062541e359 | User-Password | ourpaswd | == | +-+--+---+--+--+ 1 row in set (0.00 sec) Ourpaswd is actully the shared for the radius server. Thank You -Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey C. Ollie Sent: Saturday, August 09, 2003 11:33 PM To: [EMAIL PROTECTED] Subject: RE: Cisco Aironet - MAC auth logs Mike, Could you run the following queries manually against your MySQL database and post the results? SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00062541e359' ORDER BY id SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgr ou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00062541e359' ORDER BY id SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgr ou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00062541e359' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id SELECT Value,Attribute FROM radcheck WHERE UserName = '00062541e359' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password') ORDER BY Attribute DESC SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00022d11' ORDER BY id SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgr ou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00022d11' ORDER BY id SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgr ou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00022d11' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
