Do you have two entries for each user in the radcheck table?
Each user needs two entries. One with the attribute User-Password containing the plaintext password, and one with the Attribute Auth-Type containing the Digest value (and a different OP). For instance:
id user domain UserName Attribute Value op -------------------------------------------------------------------------------------- 12 552 sip.proxy.com 552@sip.proxy.com User-Password p4ssw0rd == 13 552 sip.proxy.com 552@sip.proxu.com Auth-Type Digest :=
Only with BOTH those lines will it work. It looks from the error message that you have the second but not the first (since it can't find the User-Password attribute according to the error message)
N.
On Fri, 10 Nov 2006 11:49:45 -0000, Lokesh Kumar wrote
Hello, I am running old ser version 0.9.6, where I am authenticatingon radius and keeping the users record in default sql database of radius. Butit is not authenticating, the logs are mentioned below. But it worked absolutely fine with radius users files. I have the entry for the user in radcheck file but still itis saying user not found. Can anyone give any hint where I am doing wrong. Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 127.0.0.1:54086,id=241, length=262 User-Name ="211069020@voip.nortenet.pt" Digest-Attributes= 0x0a0b323131303639303230 Digest-Attributes= 0x0112766f69702e6e6f7274656e65742e7074 Digest-Attributes=0x022a34353534363466343439376235396563623463356332613233646564366565323939343565316432 Digest-Attributes= 0x04167369703a766f69702e6e6f7274656e65742e7074 Digest-Attributes= 0x030a5245474953544552 Digest-Attributes= 0x050661757468 Digest-Attributes= 0x090a3030303030303031 Digest-Attributes= 0x08103132373935383532383139343033 Digest-Response ="2ae0ba094f508b9dff7bb56d96649875" Service-Type =Sip-Session Sip-Uri-User= "211069020" NAS-Port = 5060 NAS-IP-Address= 127.0.0.1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess"returns ok for request 1 modcall[authorize]: module "chap" returnsnoop for request 1 modcall[authorize]: module "mschap" returnsnoop for request 1 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returnsok for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returnsnoop for request 1 radius_xlat: '211069020@voip.nortenet.pt' rlm_sql (sql): sql_set_user escaped user --> '211069020@voip.nortenet.pt' radius_xlat: 'SELECT id, UserName, Attribute, Value,op FROMradcheck WHEREUsername = '211069020@voip.nortenet.pt' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 13 rlm_sql (sql): User 211069020@voip.nortenet.pt not found inradcheck radius_xlat: 'SELECTradgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username ='211069020@voip.nortenet.pt' AND usergroup.GroupName = radgroupcheck.GroupNameORDER BY radgroupcheck.id' radius_xlat: 'SELECTradgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '211069020@voip.nortenet.pt'AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User 211069020@voip.nortenet.pt not found inradgroupcheck rlm_sql (sql): Released sql socket id: 13 rlm_sql (sql): User not found modcall[authorize]: module "sql" returnsnotfound for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_digest: Configuration item "User-Password" orDigest-HA1 is required for authentication. modcall[authenticate]: module "digest"returns invalid for request 1 modcall: leaving group authenticate (returns invalid) forrequest 1 auth: Failed to validate the user. Login incorrect: [211069020@voip.nortenet.pt] (from clientlocalhost port 5060) Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 240 to 127.0.0.1 port 54085 Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 241 to 127.0.0.1 port 54086 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 240 with timestamp 455463c8 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 241 with timestamp 455463c9 Nothing to do. Sleeping until we see a request. Thanks very much Lokesh
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.1/527 - Release Date: 11/9/2006