Re: Move from text to SQL(Postgresql)
Hey Tuc,
Regarding your issue, check the radiusd.conf file, in the modules{} section
for
the pap module settings, you probably have it set to encryption_scheme =
crypt, if so, change it to clear.
Also, daloRADIUS was built to be an SQL-based platform for managing
everything
though it is roughly tested and built on MySQL. I have attempted to keep
most
of the queries very ANSI SQL specific to conform with other servers like
PostgreSQL.
And so, if you would like to give it a chance with Postgres still then I am
willing to
be entirely available to you and assist you in getting things up and running
as well as
adding support to any changes to fit PostgreSQL.
Let me know if you decided to go for it.
Liran.
On Tue, May 13, 2008 at 3:20 AM, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I've got a new install, and I have it working fine with plain text
files. I'm trying to go this time to Postgresql (Don't ask) and I'm
just not having a good time of it. I don't get why its doing the following
(2.0.4 with Postgresql 8.1.11) :
Ready to process requests.
User-Name = tuc
User-Password = ICANSEE
NAS-IP-Address = 192.168.3.128
NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = tuc, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
++[files] returns noop
expand: %{User-Name} - tuc
rlm_sql (sql): sql_set_user escaped user -- 'tuc'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck
WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName,
Attribute, Value, Op FROM radcheck WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
FROM radcheck WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): User found in radcheck table
expand: SELECT id, UserName, Attribute, Value, Op FROM radreply
WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName,
Attribute, Value, Op FROM radreply WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
FROM radreply WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority - SELECT GroupName FROM
radusergroup WHERE UserName='tuc' ORDER BY priority
rlm_sql_postgresql: query: SELECT GroupName FROM radusergroup WHERE
UserName='tuc' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 1
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type PAP
+- entering group PAP
rlm_pap: login attempt with password ICANSEE
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
++[pap] returns reject
auth: Failed to validate the user.
Login incorrect (rlm_pap: CRYPT password check failed): [tuc/ICANSEE]
(from client localhost port 1812)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - tuc
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Why does it head to crypt? I have in radcheck :
Welcome to psql 8.1.11, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
radius= select * from radcheck;
id | username | attribute | op | value
+--+++-
2 | tuc | Cleartext-Password | := | ICANSEE
(1 row)
radius=
Thanks, Tuc
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Regards,
Liran Tal.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hey Tuc,
Regarding your issue, check the radiusd.conf file, in the modules{} section
for
the pap module settings, you probably have it set to encryption_scheme =
crypt, if so, change it to clear.
No, its the standard :
pap {
auto_header = no
}
I had followed (I thought) :
http://wiki.freeradius.org/SQL_HOWTO
just like I did (I think) for MySQL and had that working straight
off.
[Discussion of his sourceforge project that comes with just about
every reply he does deleted]
So not sure whats happening or not happening..
Tuc
Liran.
On Tue, May 13, 2008 at 3:20 AM, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Hi,
I've got a new install, and I have it working fine with plain text
files. I'm trying to go this time to Postgresql (Don't ask) and I'm
just not having a good time of it. I don't get why its doing the following
(2.0.4 with Postgresql 8.1.11) :
Ready to process requests.
User-Name = tuc
User-Password = ICANSEE
NAS-IP-Address = 192.168.3.128
NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = tuc, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
++[files] returns noop
expand: %{User-Name} - tuc
rlm_sql (sql): sql_set_user escaped user -- 'tuc'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck
WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName,
Attribute, Value, Op FROM radcheck WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
FROM radcheck WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): User found in radcheck table
expand: SELECT id, UserName, Attribute, Value, Op FROM radreply
WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName,
Attribute, Value, Op FROM radreply WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op
FROM radreply WHERE Username = 'tuc' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority - SELECT GroupName FROM
radusergroup WHERE UserName='tuc' ORDER BY priority
rlm_sql_postgresql: query: SELECT GroupName FROM radusergroup WHERE
UserName='tuc' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 1
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type PAP
+- entering group PAP
rlm_pap: login attempt with password ICANSEE
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
++[pap] returns reject
auth: Failed to validate the user.
Login incorrect (rlm_pap: CRYPT password check failed): [tuc/ICANSEE]
(from client localhost port 1812)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - tuc
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Why does it head to crypt? I have in radcheck :
Welcome to psql 8.1.11, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
radius= select * from radcheck;
id | username | attribute | op | value
+--+++-
2 | tuc | Cleartext-Password | := | ICANSEE
(1 row)
radius=
Thanks, Tuc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi,
Hey Tuc,
Regarding your issue, check the radiusd.conf file, in the modules{}
section
for
the pap module settings, you probably have it set to encryption_scheme =
crypt, if so, change it to clear.
No, its the standard :
pap {
auto_header = no
}
change this to 'yes' so that the PAP module can be more clever
I copied the configs from a working MySQL backended 2.0.3 system. I
changed
mysql to postgresql anywhere needed... Still wasn't working. I put in this
suggestion,
and :
rad_check_password: Found Auth-Type
auth: type PAP
+- entering group PAP
rlm_pap: login attempt with password ICANSEE
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
++[pap] returns reject
auth: Failed to validate the user.
Login incorrect (rlm_pap: CRYPT password check failed): [tuc/ICANSEE] (from
client localhost port 1812)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - tuc
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
I don't get it..
Tuc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Tuc at T-B-O-H.NET wrote:
No, its the standard :
pap {
auto_header = no
}
It looks like you have something else in the system adding a
Crypt-Password for the user... before the SQL module is called. Check
the unix module. It WILL say something in debug mode about this.
RAGAFRASSEN BIDDA FRIGINA..
How the heck come this doesn't do it on the OTHER system. I
have a local unix user there called tuc too, but I had
tuc User-Password:=ICANSEE on the Linux system (This is FreeBSD)
and it never tripped me up there!
SIGH Thank you very much for pointing out my stupidity.
I'll try to be more aware to look at ALL the debug in the future.
Tuc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi,
Hey Tuc,
Regarding your issue, check the radiusd.conf file, in the modules{} section
for
the pap module settings, you probably have it set to encryption_scheme =
crypt, if so, change it to clear.
No, its the standard :
pap {
auto_header = no
}
change this to 'yes' so that the PAP module can be more clever
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Tuc at T-B-O-H.NET wrote:
No, its the standard :
pap {
auto_header = no
}
It looks like you have something else in the system adding a
Crypt-Password for the user... before the SQL module is called. Check
the unix module. It WILL say something in debug mode about this.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi, +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = tuc, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated unix returns updated does it? so , you have the unix module enabled in the authenticate section...which means its looking in /etc/password - and theres a nice entry in there for 'tuc'? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Move from text to SQL(Postgresql)
Hi, +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = tuc, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated unix returns updated does it? so , you have the unix module enabled in the authenticate section...which means its looking in /etc/password - and theres a nice entry in there for 'tuc'? Unfortunately, yup, exactly correct. The weird thing is that I took the config VERBATIM off a functioning Linux/FR2.0.3/MySQL system (Changing to postgresql) where I was ALSO a local user, and it never did that! As soon as I changed the user to be one NOT in unix, it worked. As soon as I used my unix password with tuc, it worked. Thanks... I didn't even notice it, I was concentrating too much on the sql section. Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
