Pete,
this query should return an attribute named password, which will be used later for creating a digest hash and compare it with the one received over the request:
SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '1006' ORDER BY id.
What does it return for you?
DanB
Hi Dan,
Please kindly take a look at the following radius-X output. Thanks alot for all your help.
User-Name = "1006@192.168.1.104"Digest-Attributes = 0x022a34383364646135323939343738313830333633356136633964383131386336313039333930656461
Digest-Attributes = 0x0a0631303036
Digest-Attributes = 0x010f3139322e3136382e312e313034Digest-Response = "1130e5ed3a8e7266cbe8fa9d4463fdf4"
Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
Digest-Attributes = 0x030a5245474953544552+- entering group authorize
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 825241654
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
expand: %t -> Thu May 29 06:13:58 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_digest: Adding Auth-Type = DIGEST
++[digest] returns ok
rlm_realm: Looking up realm "192.168.1.104" for User-Name = "1006@192.168.1.104"
rlm_realm: Found realm "192.168.1.104"
rlm_realm: Adding Stripped-User-Name = "1006"
rlm_realm: Adding Realm = "192.168.1.104"
rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
expand: %{Stripped-User-Name} -> 1006
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
rlm_sql (sql): sql_set_user escaped user --> '1006'
rlm_sql (sql): Reserving sql socket id: 2
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id
rlm_sql (sql): User found in group openser
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [1006@192.168.1.104/<via Auth-Type = Local>] (from client localhost port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> 1006@192.168.1.104
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 189 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 189
Waking up in 4.9 seconds.
User-Name = "1006@192.168.1.104"Digest-Attributes = 0x022a34383364646135323939343738313830333633356136633964383131386336313039333930656461
Digest-Attributes = 0x0a0631303036
Digest-Attributes = 0x010f3139322e3136382e312e313034Digest-Response = "1130e5ed3a8e7266cbe8fa9d4463fdf4"
Digest-Attributes = 0x04137369703a3139322e3136382e312e313034
Digest-Attributes = 0x030a5245474953544552+- entering group authorize
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 825241654
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20080529
expand: %t -> Thu May 29 06:13:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_digest: Adding Auth-Type = DIGEST
++[digest] returns ok
rlm_realm: Looking up realm "192.168.1.104" for User-Name = "1006@192.168.1.104"
rlm_realm: Found realm "192.168.1.104"
rlm_realm: Adding Stripped-User-Name = "1006"
rlm_realm: Adding Realm = "192.168.1.104"
rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
expand: %{Stripped-User-Name} -> 1006
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 1006
rlm_sql (sql): sql_set_user escaped user --> '1006'
rlm_sql (sql): Reserving sql socket id: 1
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1006' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1006' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1006' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'openser' ORDER BY id
rlm_sql (sql): User found in group openser
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'openser' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [1006@192.168.1.104/<via Auth-Type = Local>] (from client localhost port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> 1006@192.168.1.104
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 190 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 190
Waking up in 3.9 seconds.
_______________________________________________
Users mailing list
Users@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users