10 Nov
2006
10 Nov
'06
4:59 p.m.
Do you have two entries for each user in the radcheck table?
Each user needs two entries. One with the attribute User-Password containing the plaintext
password, and one with the Attribute Auth-Type containing the Digest value (and a
different OP). For instance:
id user domain UserName Attribute
Value op
--------------------------------------------------------------------------------------
12 552 sip.proxy.com 552(a)sip.proxy.com User-Password p4ssw0rd
==
13 552 sip.proxy.com 552(a)sip.proxu.com Auth-Type Digest
:=
Only with BOTH those lines will it work. It looks from the error message that you have
the second but not the first (since it can't find the User-Password attribute
according to the error message)
N.
On Fri, 10 Nov 2006 11:49:45 -0000, Lokesh Kumar wrote
Hello,
I am running old ser version 0.9.6, where I am authenticatingon radius and keeping the
users record in default sql database of radius. Butit is not authenticating, the logs are
mentioned below.
But it worked absolutely fine with radius users files.
I have the entry for the user in radcheck file but still itis saying user not found.
Can anyone give any hint where I am doing wrong.
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:54086,id=241, length=262
User-Name ="211069020(a)voip.nortenet.pt"
Digest-Attributes= 0x0a0b323131303639303230
Digest-Attributes= 0x0112766f69702e6e6f7274656e65742e7074
Digest-Attributes=0x022a34353534363466343439376235396563623463356332613233646564366565323939343565316432
Digest-Attributes= 0x04167369703a766f69702e6e6f7274656e65742e7074
Digest-Attributes= 0x030a5245474953544552
Digest-Attributes= 0x050661757468
Digest-Attributes= 0x090a3030303030303031
Digest-Attributes= 0x08103132373935383532383139343033
Digest-Response ="2ae0ba094f508b9dff7bb56d96649875"
Service-Type =Sip-Session
Sip-Uri-User= "211069020"
NAS-Port = 5060
NAS-IP-Address= 127.0.0.1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess"returns ok for request 1
modcall[authorize]: module "chap" returnsnoop for request 1
modcall[authorize]: module "mschap" returnsnoop for request 1
rlm_digest: Adding Auth-Type = DIGEST
modcall[authorize]: module "digest" returnsok for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returnsnoop for request 1
radius_xlat: '211069020(a)voip.nortenet.pt'
rlm_sql (sql): sql_set_user escaped user --> '211069020(a)voip.nortenet.pt'
radius_xlat: 'SELECT id, UserName, Attribute, Value,op
FROMradcheck WHEREUsername = '211069020(a)voip.nortenet.pt' ORDER
BY id'
rlm_sql (sql): Reserving sql socket id: 13
rlm_sql (sql): User 211069020(a)voip.nortenet.pt not found inradcheck
radius_xlat:
'SELECTradgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM
radgroupcheck,usergroup WHERE usergroup.Username ='211069020(a)voip.nortenet.pt' AND
usergroup.GroupName = radgroupcheck.GroupNameORDER BY radgroupcheck.id'
radius_xlat:
'SELECTradgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM
radgroupreply,usergroup WHERE usergroup.Username = '211069020(a)voip.nortenet.pt'AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User 211069020(a)voip.nortenet.pt not found inradgroupcheck
rlm_sql (sql): Released sql socket id: 13
rlm_sql (sql): User not found
modcall[authorize]: module "sql" returnsnotfound for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type DIGEST
auth: type "digest"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_digest: Configuration item "User-Password" orDigest-HA1 is required for
authentication.
modcall[authenticate]: module "digest"returns invalid for request 1
modcall: leaving group authenticate (returns invalid) forrequest 1
auth: Failed to validate the user.
Login incorrect: [211069020(a)voip.nortenet.pt] (from clientlocalhost port 5060)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 240 to 127.0.0.1 port 54085
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 241 to 127.0.0.1 port 54086
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 240 with timestamp 455463c8
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 241 with timestamp 455463c9
Nothing to do. Sleeping until we see a request.
Thanks very much
Lokesh
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.409 / Virus Database: 268.14.1/527 - Release Date: 11/9/2006