Re[2]: Sql authentication

2003-01-13 Thread CEBKA 
Hello, Andrew.

You wrote at 13.01.2003, :


AP> okay. i'm puzzled as to why you're using := and not ==, but it should
AP> still be a matching check item.

Changing this had no effect! But you are right: that was my error :(

AP> that said, does authentication work if you attempt to use pap or
AP> cleartext passwords in the mysql database? getting it working at all is
AP> probably your first step, also, perhaps you could show us what other
AP> check and reply attributes you're setting in the database...

I  don't  understand  one thing: when I add a user to /etc/passwd, for
example

>test:x:1000:65532::/dev/null:/dev/null

all  is going in order. Radius send Access-Accept packet with AV pairs
from  radreply  and  radgroupreply. So I think, that the problem is in
authentication. Here are these sections from radiusd.conf:


authorize {
preprocess

chap

mschap

#   counter
#   attr_filter
#   eap
suffix
files
#   etc_smbpasswd
sql
#   ldap
}
authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}

authtype MS-CHAP {
mschap
}

#   pam
unix
#   authtype LDAP {
#   ldap
#   }
#   eap
}

If   I  commented  'unix'  module nothing was working! But I can't add
"sql" module to authenticate section(I have the 0.8 version of radius,
so I've heard that it is not needed, thought...)


AP> Andrew Pilley

-- 
Best regards,
 CEBKA  mailto:[EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: Sql authentication

2003-01-12 Thread CEBKA 
Hello, Andrew.

You wrote at 12.01.2003, :

AP> okay

AP> rlm_chap: Could not find proper Chap-Password attribute in request

AP> Here, it looks like it's attempting to do chap, but that the opposite
AP> end isn't SENDING chap. make sure your authenticate section looks
AP> something like
AP> authenticate {
AP> authtype CHAP {
AP> chap
AP> }

AP> chap
AP> }
It is done by default.
AP> keep in mind that i'm using pap here at my site, so i deal with
AP> Crypt-Password md5 hashes. Make sure that the dialup user is DEFINENTLY 
AP> using chap.

Yes,  I've  do this already too. For example such packet has been send
with radclient:
User-Name = "test"
Chap-Password = "testing"

Radiusd wrote the next:
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=162, length=46
User-Name = "steve"
CHAP-Password = 0xa293ea0804b2a9fbffa25456449b43d219
rlm_chap: Adding Auth-Type = CHAP
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'steve' ORDER BY id
rlm_sql_mysql: query:  SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'steve' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'steve' ORDER BY id
rlm_sql_mysql: query:  SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'steve' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 4
Login incorrect: [steve/] (from client local port 0)
rad_recv: Access-Request packet from host 127.0.0.1:1025, id=162, length=46
Sending Access-Reject of id 162 to 127.0.0.1:1025

But there is a reckord in mysql database in radcheck table:

ID UserName  Attribute  Op  Value
1  test  Chap-Password  :=  testing

But authentication doesn`t go right! I even don't see the process. But
if  I'm  working  with  unix  passwd  all works good, so I think, that
problem   is   in  working  with  mysql  database.

-- 
Best regards,
 CEBKA  mailto:[EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html