Hi,
I have tried reordering the elements in the radiusd.conf file so that the
database is tried first, and then commented out the section to check the users
file, and I am still having the same issues.
Here is the output again:
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.1.1:1320, id=0, length=123
User-Name = simon
NAS-IP-Address = 10.10.1.1
Called-Station-Id = 0014bff3dac8
Calling-Station-Id = 0013ce29c6d7
NAS-Identifier = 0014bff3dac8
NAS-Port = 56
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020a0173696d6f6e
Message-Authenticator = 0x68b3f01e605eb032281dd6c99dfd9e52
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = simon, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 0
radius_xlat: 'simon'
rlm_sql (sql): sql_set_user escaped user -- 'simon'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'simon' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM
radcheckWHERE Username = 'simon' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'simon' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM
radreplyWHERE Username = 'simon' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module sql returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [simon/no User-Password attribute] (from client linksys-434
port 56 cli 0013ce29c6d7)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 10.10.1.1 port 1320
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 447ef7e2
Nothing to do. Sleeping until we see a request.
As before, it still authenticates perfectly when I try it with either NTRadPing
or radtest.
Thanks again,
Simon
hi,
you say it works okay with NTRadPing and that when you use an entry in users
file it works...however
in the log you supplied its still matching an entry in the users file - and
the server is then
happy to use that matching entry rather than one in the DB. the log you posted
also shows that it
is attempting to use the files method...and that the match told it to use
Local authentication..the
database query is then superfluous.
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html