Hi,
I installled Privacy idea and crate sqlrealm.Then test it.It found 0 users.
Then Try to create user by using sqlrealm.WhenI try to “save user” button I get an red popup windows. Shown below:
When I look at logs there is only INFO log:
2019-06-26 10:23:33,616][13866][140383178696448][INFO][privacyidea.lib.resolvers.SQLIdResolver:553] using the connect string mysql://privacyidea:xxxx@127.0.0.1:3306/userdb
Is there any log or config to check what is wrong ?
Any idea?
regards,
I think I solve the problem. I add a column into my userdb and “password”:“password” into mapping.
But, Do I need to assign a password?
I just wanna store my users and connect tihs user with an mOTP token
Technically, you do not need a password.
But even I don’t add a password column in userdb/users table, mapping forced me to add “password”: “password” Then, I try to create to user I see an password section. Is this normal?
All I need , create motp token with init-secret and PIN and connect a user.
Now, partly connected. At least, I can veryfy token and OTP.
But, after configure raddb client.conf and firewall side to share secret, I check with a test client to connect remote side via VPN.
freeradius debug and firewall log say that authentication failed:
(0) Received Access-Request Id 255 from 10.43.1.8:51094 to 10.40.1.250:1812 length 61
(0) User-Name = "tevfikpid"
(0) User-Password = "abd57b"
(0) Service-Type = Login-User
(0) NAS-IP-Address = 10.43.1.10
(0) # Executing section authorize from file /etc/raddb/sites-enabled/privacyidea
(0) authorize {
(0) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'tevfikpid'
(0) perl: $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'abd57b'
(0) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '10.43.1.10'
(0) perl: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Login-User'
(0) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'tevfikpid'
(0) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'abd57b'
(0) perl: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Login-User'
(0) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '10.43.1.10'
(0) [perl] = ok
(0) if (ok || updated) {
(0) if (ok || updated) -> TRUE
(0) if (ok || updated) {
(0) update control {
(0) Auth-Type := Perl
(0) } # update control = noop
(0) } # if (ok || updated) = noop
(0) } # authorize = ok
(0) Found Auth-Type = Perl
(0) # Executing group from file /etc/raddb/sites-enabled/privacyidea
(0) Auth-Type Perl {
(0) perl: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'tevfikpid'
(0) perl: $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'abd57b'
(0) perl: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '10.43.1.10'
(0) perl: $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Login-User'
(0) perl: $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl'
(0) perl: $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl'
rlm_perl: Config File /opt/privacyIDEA/lib/privacyidea/authmodules/FreeRADIUS/rlm_perl.ini not found!
rlm_perl: Debugging config: FALSE
rlm_perl: Default URL https://127.0.0.1/validate/check
rlm_perl: Looking for config for auth-type Perl
rlm_perl: Warning:
rlm_perl: Auth-Type: Perl
rlm_perl: url: https://127.0.0.1/validate/check
rlm_perl: user sent to privacyidea: tevfikpid
rlm_perl: realm sent to privacyidea:
rlm_perl: resolver sent to privacyidea:
rlm_perl: client sent to privacyidea: 10.43.1.10
rlm_perl: state sent to privacyidea:
rlm_perl: urlparam client
rlm_perl: urlparam pass
rlm_perl: urlparam user
rlm_perl: Request timeout: 10
rlm_perl: Not verifying SSL certificate!
rlm_perl: elapsed time for privacyidea call: 2.998399
rlm_perl: privacyIDEA access granted
rlm_perl: Can't call method "Groups" on an undefined value at /etc/raddb/mods-config/perl/privacyidea_radius.pm line 245.
rlm_perl: Can not parse response from privacyIDEA.
rlm_perl: return RLM_MODULE_REJECT
(0) perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'tevfikpid'
(0) perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'abd57b'
(0) perl: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Login-User'
(0) perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '10.43.1.10'
(0) perl: &reply:Reply-Message = $RAD_REPLY{'Reply-Message'} -> 'privacyIDEA access granted'
(0) perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'Perl'
(0) [perl] = reject
(0) } # Auth-Type Perl = reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) Delaying response for 1.000000 seconds
Waking up in 0.9 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 255 from 10.40.1.250:1812 to 10.43.1.8:51094 length 48
(0) Reply-Message = "privacyIDEA access granted"
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 255 with timestamp +17
Ready to process requests
First of all this line:
rlm_perl: Config File /opt/privacyIDEA/lib/privacyidea/authmodules/FreeRADIUS/rlm_perl.ini not found!
I check the mods-config/perl/privacyidea_radius.pm file and see that:
our $CONFIG_FILE = "/opt/privacyIDEA/lib/privacyidea/authmodules/FreeRADIUS/rlm_perl.ini";
I think that’s why authentication failed.
Additionally , privacyidea log says:
[2019-06-27 15:48:13,066][6248][140235599296256][WARNING][privacyidea.lib.utils:636] Proxy 127.0.0.1 not allowed to set IP to 10.43.1.10.
[2019-06-27 15:48:13,095][6248][140235599296256][INFO][privacyidea.lib.crypto:100] Requesting secret key - verify the usage scope and zero + free
[2019-06-27 15:48:13,096][6248][140235599296256][INFO][privacyidea.lib.crypto:100] Requesting secret key - verify the usage scope and zero + free
[2019-06-27 15:48:13,151][6248][140235599296256][INFO][privacyidea.api.lib.postpolicy:505] There is no machine with IP=IPAddress('127.0.0.1')What decide password never be empty,even database accept NULL value?
