RE: Weird issue regarding authentification...
> If you run the queries printed in debug output, what do you get returned? > Note to login to mysql as the same user that Radius uses ala: > mysql -u RADIUS_USER -p DBNAME The weird thing is that exactly the *same* database worked!! Check them out. > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > Username = 'mobius' ORDER BY id' > rlm_sql (sql): Reserving sql socket id: 1 mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobius' ORDER BY id; +-+--+---+--++ | id | UserName | Attribute | Value| op | +-+--+---+--++ | 931 | mobius | User-Password | mperf| := | +-+--+---+--++ 1 row in set (0.00 sec) > radius_xlat: 'SELECT > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute, > radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE > usergroup.Username = 'mobius' AND usergroup.GroupName = > radgroupcheck.GroupName ORDER BY radgroupcheck.id' mysql> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobius' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id; ++---+--+---++ | id | GroupName | Attribute| Value | op | ++---+--+---++ | 11 | PSTN | Auth-Type| Local | := | | 22 | PSTN | Pool-Name| main_pool | = | | 29 | PSTN | Simultaneous-Use | 1 | = | ++---+--+---++ 3 rows in set (0.01 sec) > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > Username = 'mobius' ORDER BY id' mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE UserName = "mobius" ORDER BY id; Empty set (0.00 sec) ** Note: I don't believe this to be a mistake, since most if not all the users don't have separate settings of their own but they get theirs from radgroupreply. > radius_xlat: 'SELECT > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute, > radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE > usergroup.Username = 'mobius' AND usergroup.GroupName = > radgroupreply.GroupName ORDER BY radgroupreply.id' mysql> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobius' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id; ++---++-++ | id | GroupName | Attribute | Value | op | ++---++-++ | 10 | PSTN | Framed-Protocol| PPP | = | | 11 | PSTN | Framed-IP-Address | 255.255.255.254 | = | | 12 | PSTN | Framed-IP-Netmask | 255.255.255.255 | = | | 13 | PSTN | Framed-MTU | 1500| = | | 14 | PSTN | Framed-Compression | Van-Jacobson-TCP-IP | = | | 15 | PSTN | Idle-Timeout | 600 | = | | 44 | PSTN | NAS-Port-Type | Async | = | | 53 | PSTN | Port-Limit | 1 | = | | 54 | PSTN | Service-Type | Framed-User | = | ++---++-++ 9 rows in set (0.00 sec) This is pretty much it. I tried messing around with rlm_sql.c enabling the extra DEBUG2 messages but I am still searching...But after so many hours I am missing the half I am reading :-) Regards, m0bius - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Weird issue regarding authentification...
At 02:51 PM 12/8/2003, m0bius wrote: Hello people, I had a pretty good working configuration for the past month using FreeRadius with mySQL and Dialup Admin. However yesterday we had an enormous power failure and after some hours on running on the UPS the radius server was down. Today, at the morning however the server was up and running successfully. However at some point while I was tampering with some vendor specific attributes for our Lucents hell broke free. >From that point on I can not seem to get any user authentificated. I am constantly getting the error: rlm_sql (sql): No matching entry in the database for request from user [exuser]. I should point out that the database seems intact, (actually the sql queries done my radius are repeated by me successfully) and all tables and contents exist. If you run the queries printed in debug output, what do you get returned? Note to login to mysql as the same user that Radius uses ala: mysql -u RADIUS_USER -p DBNAME -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Weird issue regarding authentification...
Hello people,
I had a pretty good working configuration for the past month using
FreeRadius with mySQL and Dialup Admin. However yesterday we had an
enormous power failure and after some hours on running on the UPS the
radius server was down. Today, at the morning however the server was up
and running successfully. However at some point while I was tampering
with some vendor specific attributes for our Lucents hell broke free.
>From that point on I can not seem to get any user authentificated. I am
constantly getting the error: rlm_sql (sql): No matching entry in the
database for request from user [exuser]. I should point out that the
database seems intact, (actually the sql queries done my radius are
repeated by me successfully) and all tables and contents exist.
I've tried everything from reconfiguration, to fresh installation of
radius on a new linux box. It seems like it cannot get the group the
user exists and authentificate him. A failed connection follows as shown
by radiusd -X:
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=224,
length=53
Service-Type = Framed-User
User-Name = "mobius"
CHAP-Password = 0xe014cf9e7f9ea7ef95ea57eb50b9709dd1
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20031208'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/127.0.0.1/auth-detail-20031208
modcall[authorize]: module "auth_log" returns ok for request 8
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "mobius", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "mobius"
rlm_realm: Proxying request from user mobius to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Preparing to proxy authentication request to realm "NULL"
modcall[authorize]: module "suffix" returns updated for request 8
radius_xlat: 'mobius'
rlm_sql (sql): sql_set_user escaped user --> 'mobius'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'mobius' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'mobius' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'mobius' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'mobius' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): No matching entry in the database for request from user
[mobius]
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns notfound for request 8
modcall[authorize]: module "mschap" returns noop for request 8
modcall: group authorize returns updated for request 8
There was no response configured: rejecting request 8
Server rejecting request 8.
Finished request 8
I am running FreeRadius 0.9.3. *Please* people if anyone can help do so,
because I've spend 10 hours on this thing and I am on the edge...
Regards,
m0bius
P.S. Please note that the configuration used in this radiusd previously
worked!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
