Menu
▾
▴
[phpRADmin-users] Authentication failed
|
From: Ranjeet K. <ran...@az...> - 2006-09-07 17:15:07
|
Hi,
=0D
I am using phpradmin for AAA, but it is give error "Thu Sep 7 21:59:46
2006 : Auth: Login incorrect: [ranjeet/ranjeet] (from client ap port 0
cli async)"
Then I started looking log from command line with command "radiusd -Xy".
It shows that mysql authenticates but Auth-Type is System. And it trys
to authenticate with unix and fails.
=0D
Username: ranjeet
Password: ranjeet
=0D
Below is the logs: -=0D
=0D
=0D
[root@test ~]# radiusd -Xy
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix =3D "/usr"
main: localstatedir =3D "/var"
main: logdir =3D "/var/log/radius"
main: libdir =3D "/usr/lib"
main: radacctdir =3D "/var/log/radius/radacct"
main: hostname_lookups =3D no
main: max_request_time =3D 30
main: cleanup_delay =3D 5
main: max_requests =3D 1024
main: delete_blocked_requests =3D 0
main: port =3D 0
main: allow_core_dumps =3D yes
main: log_stripped_names =3D yes
main: log_file =3D "/var/log/radius/radius.log"
main: log_auth =3D yes
main: log_auth_badpass =3D yes
main: log_auth_goodpass =3D yes
main: pidfile =3D "/var/run/radiusd/radiusd.pid"
main: user =3D "radiusd"
main: group =3D "radiusd"
main: usercollide =3D no
main: lower_user =3D "after"
main: lower_pass =3D "after"
main: nospace_user =3D "after"
main: nospace_pass =3D "after"
main: checkrad =3D "/usr/sbin/checkrad"
main: proxy_requests =3D no
proxy: retry_delay =3D 5
proxy: retry_count =3D 3
proxy: synchronous =3D no
proxy: default_fallback =3D yes
proxy: dead_time =3D 120
proxy: post_proxy_authorize =3D yes
proxy: wake_all_if_all_dead =3D no
security: max_attributes =3D 200
security: reject_delay =3D 1
security: status_server =3D no
main: debug_level =3D 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait =3D yes
exec: program =3D "(null)"
exec: input_pairs =3D "request"
exec: output_pairs =3D "(null)"
exec: packet_type =3D "(null)"
rlm_exec: Wait=3Dyes but no output defined. Did you mean output=3Dnone?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme =3D "clear"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe =3D yes
mschap: require_encryption =3D no
mschap: require_strong =3D no
mschap: with_ntdomain_hack =3D no
mschap: passwd =3D "(null)"
mschap: authtype =3D "MS-CHAP"
mschap: ntlm_auth =3D "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache =3D no
unix: passwd =3D "/etc/passwd"
unix: shadow =3D "/etc/shadow"
unix: group =3D "/etc/group"
unix: radwtmp =3D "/var/log/radius/radwtmp"
unix: usegroup =3D no
unix: cache_reload =3D 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type =3D "md5"
eap: timer_expire =3D 60
eap: ignore_unknown_eap_types =3D no
eap: cisco_accounting_username_bug =3D no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge =3D "Password: "
gtc: auth_type =3D "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack =3D no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups =3D "/etc/raddb/huntgroups"
preprocess: hints =3D "/etc/raddb/hints"
preprocess: with_ascend_hack =3D no
preprocess: ascend_channels_per_line =3D 23
preprocess: with_ntdomain_hack =3D no
preprocess: with_specialix_jetstream_hack =3D no
preprocess: with_cisco_vsa_hack =3D no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =3D
"/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm =3D 384
detail: dirperm =3D 493
detail: locking =3D no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format =3D "suffix"
realm: delimiter =3D "@"
realm: ignore_default =3D no
realm: ignore_null =3D no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile =3D "/etc/raddb/users"
files: acctusersfile =3D "/etc/raddb/acct_users"
files: preproxy_usersfile =3D "/etc/raddb/preproxy_users"
files: compat =3D "no"
Module: Instantiated files (files)
Module: Loaded SQL
sql: driver =3D "rlm_sql_mysql"
sql: server =3D "localhost"
sql: port =3D ""
sql: login =3D "phpradmin"
sql: password =3D "phpradmin"
sql: radius_db =3D "phpradmin"
sql: acct_table =3D "radacct"
sql: acct_table2 =3D "radacct"
sql: authcheck_table =3D "radcheck"
sql: authreply_table =3D "radreply"
sql: groupcheck_table =3D "radgroupcheck"
sql: groupreply_table =3D "radgroupreply"
sql: usergroup_table =3D "usergroup"
sql: nas_table =3D "nas"
sql: dict_table =3D "dictionary"
sql: sqltrace =3D no
sql: sqltracefile =3D "/var/log/radius/sqltrace.sql"
sql: readclients =3D no
sql: deletestalesessions =3D yes
sql: num_sql_socks =3D 5
sql: sql_user_name =3D "%{User-Name}"
sql: default_user_profile =3D ""
sql: query_on_not_found =3D no
sql: authorize_check_query =3D "SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username =3D '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query =3D "SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username =3D '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query =3D "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username =3D '%{SQL-User-Name}' AND usergroup.GroupName =3D
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query =3D "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username =3D '%{SQL-User-Name}' AND usergroup.GroupName =3D
radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query =3D "UPDATE radacct SET AcctStopTime=3D'%S',
AcctSessionTime=3Dunix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause=3D'%{Acct-Terminate-Cause}', AcctStopDelay =3D
'%{Acct-Delay-Time}' WHERE AcctSessionTime=3D0 AND AcctStopTime=3D0 AND
NASIPAddress=3D '%{NAS-IP-Address}' AND AcctStartTime <=3D '%S'"
sql: accounting_update_query =3D "UPDATE radacct ? SET FramedIPAddress =3D
'%{Framed-IP-Address}', ? AcctSessionTime =3D '%{Acct-Session-Time}', ?
AcctInputOctets =3D '%{Acct-Input-Octets}', ? AcctOutputOctets =3D
'%{Acct-Output-Octets}' ? WHERE AcctSessionId =3D '%{Acct-Session-Id}' ?
AND UserName =3D '%{SQL-User-Name}' ? AND NASIPAddress=3D
'%{NAS-IP-Address}'"
sql: accounting_update_query_alt =3D "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')"
sql: accounting_start_query =3D "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
sql: accounting_start_query_alt =3D "UPDATE radacct SET AcctStartTime =3D
'%S', AcctStartDelay =3D '%{Acct-Delay-Time}', ConnectInfo_start =3D
'%{Connect-Info}' WHERE AcctSessionId =3D '%{Acct-Session-Id}' AND
UserName =3D '%{SQL-User-Name}' AND NASIPAddress =3D '%{NAS-IP-Address}'"
sql: accounting_stop_query =3D "UPDATE radacct SET AcctStopTime =3D '%S',
AcctSessionTime =3D '%{Acct-Session-Time}', AcctInputOctets =3D
'%{Acct-Input-Octets}', AcctOutputOctets =3D '%{Acct-Output-Octets}',
AcctTerminateCause =3D '%{Acct-Terminate-Cause}', AcctStopDelay =3D
'%{Acct-Delay-Time}', ConnectInfo_stop =3D '%{Connect-Info}' WHERE
AcctSessionId =3D '%{Acct-Session-Id}' AND UserName =3D '%{SQL-User-Name}'
AND NASIPAddress =3D '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt =3D "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{Acct-Delay-Time}')"
sql: group_membership_query =3D "SELECT GroupName FROM usergroup WHERE
UserName=3D'%{SQL-User-Name}'"
sql: connect_failure_retry_delay =3D 60
sql: simul_count_query =3D ""
sql: simul_verify_query =3D "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,
FramedProtocol FROM radacct WHERE UserName=3D'%{SQL-User-Name}' AND
AcctStopTime =3D 0"
sql: postauth_table =3D "radpostauth"
sql: postauth_query =3D "INSERT into radpostauth (id, user, pass, reply,
date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =3D
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to phpradmin@localhost:/phpradmin
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key =3D "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =3D
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm =3D 384
detail: dirperm =3D 493
detail: locking =3D no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename =3D "/var/log/radius/radutmp"
radutmp: username =3D "%{User-Name}"
radutmp: case_sensitive =3D yes
radutmp: check_with_nas =3D yes
radutmp: perm =3D 384
radutmp: callerid =3D yes
Module: Instantiated radutmp (radutmp)
detail: detailfile =3D
"/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
detail: detailperm =3D 384
detail: dirperm =3D 493
detail: locking =3D no
Module: Instantiated detail (reply_log)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
=0D
=0D
rad_recv: Access-Request packet from host 192.168.157.226:1645, id=3D40,
length=3D81
User-Name =3D "ranjeet"
User-Password =3D "ranjeet"
NAS-Port =3D 0
NAS-Port-Type =3D Async
Calling-Station-Id =3D "async"
NAS-IP-Address =3D 192.168.157.226
NAS-Identifier =3D "aironet"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/var/log/radius/radacct/192.168.157.226/auth-detail-20060907'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.157.226/auth-detail-20060907
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name =3D "ranjeet", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: 'ranjeet'
rlm_sql (sql): sql_set_user escaped user --> 'ranjeet'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username =3D 'ranjeet' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username =3D 'ranjeet' AND usergroup.GroupName =3D
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username =3D 'ranjeet' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username =3D 'ranjeet' AND usergroup.GroupName =3D
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: [ranjeet]: invalid password
modcall[authenticate]: module "unix" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [ranjeet/ranjeet] (from client ap port 0 cli async)
rad_lowerpair: User-Name now 'ranjeet'
rad_lowerpair: User-Password now 'ranjeet'
rad_rmspace_pair: User-Name now 'ranjeet'
rad_rmspace_pair: User-Password now 'ranjeet'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/var/log/radius/radacct/192.168.157.226/auth-detail-20060907'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.157.226/auth-detail-20060907
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name =3D "ranjeet", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: 'ranjeet'
rlm_sql (sql): sql_set_user escaped user --> 'ranjeet'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username =3D 'ranjeet' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username =3D 'ranjeet' AND usergroup.GroupName =3D
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username =3D 'ranjeet' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username =3D 'ranjeet' AND usergroup.GroupName =3D
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: [ranjeet]: invalid password
modcall[authenticate]: module "unix" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [ranjeet/ranjeet] (from client ap port 0 cli async)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 40 to 192.168.157.226:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 40 with timestamp 45005116
Nothing to do. Sleeping until we see a request.
=0D
=0D
=0D
=0D
Please help me in solving this issue.
=0D
Thanks,
Ranjeet
=0D
The information contained in, or attached to, this e-mail, contains=
confidential information and is intended solely for the use of the=
individual or entity to whom they are addressed and is subject to legal=
privilege. If you have received this e-mail in error you should notify the=
sender immediately by reply e-mail, delete the message from your system=
and notify your system manager. Please do not copy it for any purpose, or=
disclose its contents to any other person. The views or opinions presented=
in this e-mail are solely those of the author and do not necessarily=
represent those of the company. The recipient should check this e-mail and=
any attachments for the presence of viruses. The company accepts no=
liability for any damage caused, directly or indirectly, by any virus=
transmitted in this email.
www.aztecsoft.com |
