After having problems with the older RPMs I figured I'd try the latest cvs ser/libradiusclient-ng. I'm also using freeradius 0.9.3 with a MySQL backend.
Here's what I get when I try to authenticate a Granstream BT-100 phone:
rad_recv: Access-Request packet from host 127.0.0.1:38309, id=191, length=249 User-Name = "test@204.244.xxx.xxx" Digest-Attributes = "\n\006test" Digest-Attributes = "\001\020204.244.xxx.xxx" Digest-Attributes = "\002*4145f7038382c631a7baed91f6ea3be2e39008c2" Digest-Attributes = "\004\024sip:204.244.xxx.xxx" Digest-Attributes = "\003\nREGISTER" Digest-Response = "5a80057b08229421b11034f0c9066de5" Service-Type = Sip-Session Sip-URI-User = "8020" Cisco-AVPair = "call-id=d66787010e24eacd@204.244.xxx.xxx" NAS-IP-Address = 127.0.0.1 NAS-Port-Id = 5060 modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "eap" returns noop for request 15 rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = "test" Digest-Realm = "204.244.xxx.xxx" Digest-Nonce = "4145f7038382c631a7baed91f6ea3be2e39008c2" Digest-URI = "sip:204.244.xxx.xxx" Digest-Method = "REGISTER" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 15 radius_xlat: 'test@204.244.xxx.xxx' rlm_sql (sql): sql_set_user escaped user --> 'test@204.244.xxx.xxx' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'test@204.244.xxx.xxx' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User test@204.244.xxx.xxx not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test@204.244.xxx.xxx' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test@204.244.xxx.xxx' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User test@204.244.xxx.xxx not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 15 rlm_realm: Looking up realm "204.244.xxx.xxx" for User-Name = "test@204.244.xxx.xxx" rlm_realm: No such realm "204.244.xxx.xxx" modcall[authorize]: module "suffix" returns noop for request 15 modcall[authorize]: module "files" returns notfound for request 15 modcall[authorize]: module "mschap" returns noop for request 15 modcall: group authorize returns ok for request 15 rad_check_password: Found Auth-Type DIGEST auth: type "digest" modcall: entering group authenticate for request 15 rlm_digest: Configuration item "User-Password" is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 15 modcall: group authenticate returns invalid for request 15 auth: Failed to validate the user. Login incorrect: [test@204.244.xxx.xxx/<no User-Password attribute>] (from client localhost port 5060)
-----------------------------
So first off it's trying to authenticate with the username of "test@204.244.xxx.xxx". I don't want to use realms, so I've gone in the sql.conf changed:
sql_user_name = "%{User-Name}" to sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
However, it didn't help. It's not stripping away the realm.
Also I still keep getting the "Configuration item "User-Password" is required for authentication." and "Login incorrect: [test@204.244.xxx.xxx/<no User-Password attribute>]"
I don't understand why. I'm using the proper dictionary.ser file. Here's my radcheck table:
(`id`, `UserName`, `Attribute`, `op`, `Value`) VALUES (1, 'test', 'User-Password', '==', 'test');
Any help is appreciated.
Thanks,
- Darren