Do you have two entries for each user in the radcheck table?

Each user needs two entries. One with the attribute User-Password containing the plaintext password, and one with the Attribute Auth-Type containing the Digest value (and a different OP). For instance:


id      user              domain              UserName              Attribute          Value      op
--------------------------------------------------------------------------------------
12      552      sip.proxy.com        552@sip.proxy.com      User-Password   p4ssw0rd   ==
13      552      sip.proxy.com        552@sip.proxu.com      Auth-Type        Digest        :=


Only with BOTH those lines will it work.  It looks from the error message that you have the second but not the first (since it can't find the User-Password attribute according to the error message)

N.




On Fri, 10 Nov 2006 11:49:45 -0000, Lokesh Kumar wrote

> Hello,
>  
> I am running old ser version 0.9.6, where I am authenticating on radius and keeping the users record in default sql database of radius. But it is not authenticating, the logs are mentioned below.
>  
> But it worked absolutely fine with radius users files.
>  
> I have the entry for the user in radcheck file but still it is saying user not found.
>  
> Can anyone give any hint where I am doing wrong.
>  
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> rad_recv: Access-Request packet from host 127.0.0.1:54086, id=241, length=262
>         User-Name = "211069020@voip.nortenet.pt"
>         Digest-Attributes = 0x0a0b323131303639303230
>         Digest-Attributes = 0x0112766f69702e6e6f7274656e65742e7074
>         Digest-Attributes = 0x022a34353534363466343439376235396563623463356332613233646564366565323939343565316432
>         Digest-Attributes = 0x04167369703a766f69702e6e6f7274656e65742e7074
>         Digest-Attributes = 0x030a5245474953544552
>         Digest-Attributes = 0x050661757468
>         Digest-Attributes = 0x090a3030303030303031
>         Digest-Attributes = 0x08103132373935383532383139343033
>         Digest-Response = "2ae0ba094f508b9dff7bb56d96649875"
>         Service-Type = Sip-Session
>         Sip-Uri-User = "211069020"
>         NAS-Port = 5060
>         NAS-IP-Address = 127.0.0.1
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
>   modcall[authorize]: module "preprocess" returns ok for request 1
>   modcall[authorize]: module "chap" returns noop for request 1
>   modcall[authorize]: module "mschap" returns noop for request 1
> rlm_digest: Adding Auth-Type = DIGEST
>   modcall[authorize]: module "digest" returns ok for request 1
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 1
> radius_xlat:  '211069020@voip.nortenet.pt'
> rlm_sql (sql): sql_set_user escaped user --> '211069020@voip.nortenet.pt'
> radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck           WHERE Username = '211069020@voip.nortenet.pt'           ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 13
> rlm_sql (sql): User 211069020@voip.nortenet.pt not found in radcheck
> radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = '211069020@voip.nortenet.pt' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = '211069020@voip.nortenet.pt' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): User 211069020@voip.nortenet.pt not found in radgroupcheck
> rlm_sql (sql): Released sql socket id: 13
> rlm_sql (sql): User not found
>   modcall[authorize]: module "sql" returns notfound for request 1
> modcall: leaving group authorize (returns ok) for request 1
>   rad_check_password:  Found Auth-Type DIGEST
> auth: type "digest"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
> rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
>   modcall[authenticate]: module "digest" returns invalid for request 1
> modcall: leaving group authenticate (returns invalid) for request 1
> auth: Failed to validate the user.
> Login incorrect: [211069020@voip.nortenet.pt] (from client localhost port 5060)
> Delaying request 1 for 1 seconds
> Finished request 1
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 240 to 127.0.0.1 port 54085
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 241 to 127.0.0.1 port 54086
> Waking up in 3 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 240 with timestamp 455463c8
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 1 ID 241 with timestamp 455463c9
> Nothing to do.  Sleeping until we see a request.
>  
> Thanks very much
>  
> Lokesh
>  
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.409 / Virus Database: 268.14.1/527 - Release Date: 11/9/2006
>