Re: Move from text to SQL(Postgresql)
Hey Tuc, Regarding your issue, check the radiusd.conf file, in the modules{} section for the pap module settings, you probably have it set to encryption_scheme = crypt, if so, change it to clear. Also, daloRADIUS was built to be an SQL-based platform for managing everything though it is roughly tested and built on MySQL. I have attempted to keep most of the queries very ANSI SQL specific to conform with other servers like PostgreSQL. And so, if you would like to give it a chance with Postgres still then I am willing to be entirely available to you and assist you in getting things up and running as well as adding support to any changes to fit PostgreSQL. Let me know if you decided to go for it. Liran. On Tue, May 13, 2008 at 3:20 AM, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote: Hi, I've got a new install, and I have it working fine with plain text files. I'm trying to go this time to Postgresql (Don't ask) and I'm just not having a good time of it. I don't get why its doing the following (2.0.4 with Postgresql 8.1.11) : Ready to process requests. User-Name = tuc User-Password = ICANSEE NAS-IP-Address = 192.168.3.128 NAS-Port = 1812 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = tuc, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop expand: %{User-Name} - tuc rlm_sql (sql): sql_set_user escaped user -- 'tuc' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority - SELECT GroupName FROM radusergroup WHERE UserName='tuc' ORDER BY priority rlm_sql_postgresql: query: SELECT GroupName FROM radusergroup WHERE UserName='tuc' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 1 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type PAP +- entering group PAP rlm_pap: login attempt with password ICANSEE rlm_pap: Using CRYPT encryption. rlm_pap: Passwords don't match ++[pap] returns reject auth: Failed to validate the user. Login incorrect (rlm_pap: CRYPT password check failed): [tuc/ICANSEE] (from client localhost port 1812) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} - tuc attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Why does it head to crypt? I have in radcheck : Welcome to psql 8.1.11, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help with psql commands \g or terminate with semicolon to execute query \q to quit radius= select * from radcheck; id | username | attribute | op | value +--+++- 2 | tuc | Cleartext-Password | := | ICANSEE (1 row) radius= Thanks, Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Regards, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hey Tuc, Regarding your issue, check the radiusd.conf file, in the modules{} section for the pap module settings, you probably have it set to encryption_scheme = crypt, if so, change it to clear. No, its the standard : pap { auto_header = no } I had followed (I thought) : http://wiki.freeradius.org/SQL_HOWTO just like I did (I think) for MySQL and had that working straight off. [Discussion of his sourceforge project that comes with just about every reply he does deleted] So not sure whats happening or not happening.. Tuc Liran. On Tue, May 13, 2008 at 3:20 AM, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote: Hi, I've got a new install, and I have it working fine with plain text files. I'm trying to go this time to Postgresql (Don't ask) and I'm just not having a good time of it. I don't get why its doing the following (2.0.4 with Postgresql 8.1.11) : Ready to process requests. User-Name = tuc User-Password = ICANSEE NAS-IP-Address = 192.168.3.128 NAS-Port = 1812 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = tuc, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop expand: %{User-Name} - tuc rlm_sql (sql): sql_set_user escaped user -- 'tuc' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'tuc' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority - SELECT GroupName FROM radusergroup WHERE UserName='tuc' ORDER BY priority rlm_sql_postgresql: query: SELECT GroupName FROM radusergroup WHERE UserName='tuc' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 1 rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type PAP +- entering group PAP rlm_pap: login attempt with password ICANSEE rlm_pap: Using CRYPT encryption. rlm_pap: Passwords don't match ++[pap] returns reject auth: Failed to validate the user. Login incorrect (rlm_pap: CRYPT password check failed): [tuc/ICANSEE] (from client localhost port 1812) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} - tuc attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Why does it head to crypt? I have in radcheck : Welcome to psql 8.1.11, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help with psql commands \g or terminate with semicolon to execute query \q to quit radius= select * from radcheck; id | username | attribute | op | value +--+++- 2 | tuc | Cleartext-Password | := | ICANSEE (1 row) radius= Thanks, Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi, Hey Tuc, Regarding your issue, check the radiusd.conf file, in the modules{} section for the pap module settings, you probably have it set to encryption_scheme = crypt, if so, change it to clear. No, its the standard : pap { auto_header = no } change this to 'yes' so that the PAP module can be more clever I copied the configs from a working MySQL backended 2.0.3 system. I changed mysql to postgresql anywhere needed... Still wasn't working. I put in this suggestion, and : rad_check_password: Found Auth-Type auth: type PAP +- entering group PAP rlm_pap: login attempt with password ICANSEE rlm_pap: Using CRYPT encryption. rlm_pap: Passwords don't match ++[pap] returns reject auth: Failed to validate the user. Login incorrect (rlm_pap: CRYPT password check failed): [tuc/ICANSEE] (from client localhost port 1812) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} - tuc attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated I don't get it.. Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Tuc at T-B-O-H.NET wrote: No, its the standard : pap { auto_header = no } It looks like you have something else in the system adding a Crypt-Password for the user... before the SQL module is called. Check the unix module. It WILL say something in debug mode about this. RAGAFRASSEN BIDDA FRIGINA.. How the heck come this doesn't do it on the OTHER system. I have a local unix user there called tuc too, but I had tuc User-Password:=ICANSEE on the Linux system (This is FreeBSD) and it never tripped me up there! SIGH Thank you very much for pointing out my stupidity. I'll try to be more aware to look at ALL the debug in the future. Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi, Hey Tuc, Regarding your issue, check the radiusd.conf file, in the modules{} section for the pap module settings, you probably have it set to encryption_scheme = crypt, if so, change it to clear. No, its the standard : pap { auto_header = no } change this to 'yes' so that the PAP module can be more clever alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Tuc at T-B-O-H.NET wrote: No, its the standard : pap { auto_header = no } It looks like you have something else in the system adding a Crypt-Password for the user... before the SQL module is called. Check the unix module. It WILL say something in debug mode about this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi, +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = tuc, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated unix returns updated does it? so , you have the unix module enabled in the authenticate section...which means its looking in /etc/password - and theres a nice entry in there for 'tuc'? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi, +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = tuc, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated unix returns updated does it? so , you have the unix module enabled in the authenticate section...which means its looking in /etc/password - and theres a nice entry in there for 'tuc'? Unfortunately, yup, exactly correct. The weird thing is that I took the config VERBATIM off a functioning Linux/FR2.0.3/MySQL system (Changing to postgresql) where I was ALSO a local user, and it never did that! As soon as I changed the user to be one NOT in unix, it worked. As soon as I used my unix password with tuc, it worked. Thanks... I didn't even notice it, I was concentrating too much on the sql section. Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html