-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Jan,
Jan Janak wrote: | This might be the problem: | | rlm_realm: No '@' in User-Name = "1213", looking up realm NULL | rlm_realm: No such realm "NULL" | | Jan. |
I've been striped '@domain' (realm) in freeradius to authenticate ours users without major problems. Are you saying that I want to not strip the '@domain' part in freeradius?
Tx
| On 07-10 10:29, Rodrigo P. Telles wrote: | |>Hi Jan, |> |>Jan Janak wrote: |>| Try to se what is going on in the radius server, if you are using |>| freeradius then start it with -X cmdline option. |>| |> |>I did that and I received this: |>---- |>rad_recv: Access-Request packet from host xxx.yyy.zzz.www:37861, id=204, length=51 |>~ User-Name = "1213" |>~ Sip-Group = "Active" |>~ Service-Type = Group-Check |>~ NAS-IP-Address = xxx.yyy.zzz.www |>~ NAS-Port = 0 |>~ Processing the authorize section of radiusd.conf |>modcall: entering group authorize for request 28 |>~ modcall[authorize]: module "preprocess" returns ok for request 28 |>~ modcall[authorize]: module "chap" returns noop for request 28 |>~ modcall[authorize]: module "mschap" returns noop for request 28 |>~ modcall[authorize]: module "digest" returns noop for request 28 |>~ rlm_realm: No '@' in User-Name = "1213", looking up realm NULL |>~ rlm_realm: No such realm "NULL" |>~ modcall[authorize]: module "suffix" returns noop for request 28 |>radius_xlat: '' |>~ modcall[authorize]: module "sql" returns fail for request 28 |>modcall: group authorize returns fail for request 28 |>Finished request 28 |>Going to the next request |>Waking up in 2 seconds... |>--- Walking the entire request list --- |>Cleaning up request 27 ID 203 with timestamp 416541dc |>Waking up in 4 seconds... |>--- Walking the entire request list --- |>Cleaning up request 28 ID 204 with timestamp 416541e0 |>Nothing to do. Sleeping until we see a request. |>--- |> |>I think that the problem is on |>modcall[authorize]: module "sql" returns fail for request 28 |> |>but I don't know why module sql return "fail" for the request. |>I saw the mysql log file too and freeradius doesn't do any query |>about that request! |> |>Do you have any idea? |>Thanks for your answer. |> |> |>Telles |> |>| Jan. |>| |>| On 05-10 23:08, Rodrigo P. Telles wrote: |>| |>|>Hi Folks, |>|> |>|>I've been testing SER 0.8.14 Auth and ACC (radiusclient-0.4.4) |>|>in radius (freeradius 1.0.1) and its working fine. |>|>Now I tried to use group_radius module to check if a user is in a especific |>|>group and it failed. |>|>First I received a error about missing "Sip-Group" attribute and I found a mail |>|>about this error and howto correct it |>|>(http://lists.iptel.org/pipermail/serdev/2004-July/002339.html). |>|>Now SER doesn't return any error, just |>|> |>|>radius_is_user_in(): Failure |>|> |>|>after a long time. |>|> |>|>I have a user "1213" in group "general" on radius database like this: |>|> |>|>mysql> select * from radgroupcheck; |>|>+----+-----------+-----------+----+--------+ |>|>| id | GroupName | Attribute | op | Value | |>|>+----+-----------+-----------+----+--------+ |>|>| 1 | general | Auth-Type | := | Digest | |>|>+----+-----------+-----------+----+--------+ |>|> |>|>mysql> select * from radcheck; |>|>+----+----------+---------------+----+-------+ |>|>| id | UserName | Attribute | op | Value | |>|>+----+----------+---------------+----+-------+ |>|>| 2 | 1213 | User-Password | == | testonly | |>|>+----+----------+---------------+----+-------+ |>|> |>|>mysql> select * from usergroup; |>|>+----+----------+-----------+ |>|>| id | UserName | GroupName | |>|>+----+----------+-----------+ |>|>| 1 | 1213 | general | |>|>+----+----------+-----------+ |>|> |>|>mysql> select * from radgroupreply; |>|>+----+-----------+---------------+----+------------+------+ |>|>| id | GroupName | Attribute | op | Value | prio | |>|>+----+-----------+---------------+----+------------+------+ |>|>| 3 | general | Reply-Message | = | Authorized | 0 | |>|>+----+-----------+---------------+----+------------+------+ |>|> |>|> |>|>I googled this but I couldn't find anything about that. |>|>Am I missing something? |>|>Thanks in advance. |>|> |>|>_______________________________________________ |>|>Serusers mailing list |>|>serusers@lists.iptel.org |>|>http://lists.iptel.org/mailman/listinfo/serusers |>|> |>| |>| |>| |> |>_______________________________________________ |>Serusers mailing list |>serusers@lists.iptel.org |>http://lists.iptel.org/mailman/listinfo/serusers |> | | |