Well, I didn't expect this kind of reactions. I tried to give as much
information as I had. First of all I upgraded to the newest packages of debian
etch before I did a dist-upgrade to lenny. With the latest version of etch it
still worked. The latest version in debian lenny is the 2.0.4 which I am
running now. I do use the groupreply option (but no groupcheck option because
the check has been done already in the usercheck option) so the mail of Alan
doesn't solve the problem. The complete debug text is underneath, hopefully
this makes it a bit more clear. Sorry for the inconvenience:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host x.x.x.x port 55116, id=108, length=66
User-Name = "username"
User-Password = "pass"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
+- entering group authorize
++[preprocess] returns ok
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/x.x.x.x/auth-detail-20090218
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/x.x.x.x/auth-detail-20090218
expand: %t -> Wed Feb 18 15:31:36 2009
++[auth_log] returns ok
++[chap] returns noop
rlm_realm: Looking up realm "realm" for User-Name = "username"
rlm_realm: No such realm "realm"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
expand: %{User-Name} -> username
rlm_sql (sql): sql_set_user escaped user --> 'username'
rlm_sql (sql): Reserving sql socket id: 62
expand: SELECT isp_ordernumber,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' and enabled='true' ORDER BY
isp_ordernumber -> SELECT isp_ordernumber,UserName,Attribute,Value,op FROM
radcheck WHERE Username = 'username' and enabled='true' ORDER BY isp_ordernumber
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
rlm_sql (sql): User found in radcheck table
expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'username' ORDER
BY id
expand: SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE
UserName='username'
expand: ->
rlm_sql (sql): Error generating query; rejecting user
rlm_sql (sql): Error processing groups; rejecting user
rlm_sql (sql): Released sql socket id: 62
++[sql] returns fail
Invalid user: [username] (from client host port 1)
Found Post-Auth-Type Reject
+- entering group REJECT
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} -> username
rlm_sql (sql): sql_set_user escaped user --> 'username'
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: INSERT into radpostauth (id, user, pass, reply, date) values
('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}',
NOW()) -> INSERT into radpostauth (id, user, pass, reply, date) values ('',
'username', 'password', 'Access-Reject', NOW())
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user,
pass, reply, date) values ('', 'username', 'password', 'Access-Reject', NOW())
rlm_sql (sql): Reserving sql socket id: 61
rlm_sql (sql): Released sql socket id: 61
++[sql] returns ok
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 108 to x.x.x.x port 55116
Framed-IP-Address := x.x.x.x
ERX-Atm-PCR := 8000
Waking up in 4.9 seconds.
Cleaning up request 0 ID 108 with timestamp +9
Ready to process requests.
-----Original Message-----
From:
freeradius-users-bounces+frank.diepstraten=concepts-ict...@lists.freeradius.org
[mailto:freeradius-users-bounces+frank.diepstraten=concepts-ict...@lists.freeradius.org]
On Behalf Of Alan DeKok
Sent: donderdag 19 februari 2009 11:59
To: FreeRadius users mailing list
Subject: Re: FW: upgraded from freeradius 1.1.3 to 2.0.4
Frank van den Diepstraten wrote:
> For a few years now, I use a freeradius/mysql server for the
> authentication of users which logon with their dsl line. This always
> went perfect till I tried to upgrade the machine from debian etch to
> debian lenny. The freeradius version went from 1.1.3 to 2.0.4. When I
> upgraded user couldn’t login anymore.
Umm... you upgraded software across a major version number, and you
didn't do the migration manually?
We've made serious attempts to make the configuration similar, but it
is *not* the same. Automated upgrades are simply not possible.
Also, 2.0.4 is an old version. You want to use a more recent one.
> I didn’t change anything in the config file which we used on the 1.1.3
> version of freeradius.
That's BAD. You need to *upgrade* the configuration, not just blindly
copy it over.
> While searching for this error I found something about the
> groupchecktable which we never used. In the config this option is marked
> out:
...
> And in the database is no table called radgroupcheck because I never
> used it.
So.. not using that shouldn't break the server.
> How can I get my freeradius working again and simply don’t let it do a
> thing with the groupcheck (which I guess is the problem of the empty
> expand which I see in debug mode)
Find out what the real problem is. Looking at *part* of the debug log
doesn't help. Some expansions are *allowed* to be empty.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.0/1959 - Release Date: 02/18/09
20:55:00
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
