Freeradius + PEAP.. stuck on validating identity..
Alan DeKok
aland at deployingradius.com
Wed Mar 31 21:28:48 CEST 2010
Bruno Kremel wrote:
> My configuration is pretty much default except of enabling MySQL and
> setting paths and passwords to certificates (generated with make
> script in /etc/freeradius/certs, so they should be OK) and addresses
> of clients.
And what did you put in SQL?
> expand: %{User-Name} -> pokus
> rlm_sql (sql): sql_set_user escaped user --> 'pokus'
> rlm_sql (sql): Reserving sql socket id: 3
> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
> username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> attribute, value, op FROM radcheck WHERE username = 'pokus' ORDER BY
> id
> rlm_sql (sql): User found in radcheck table
> expand: SELECT id, username, attribute, value, op FROM radreply WHERE
> username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> attribute, value, op FROM radreply WHERE username = 'pokus' ORDER BY
> id
> expand: SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
> radusergroup WHERE username = 'pokus' ORDER BY priority
...
> rad_check_password: Found Auth-Type Accept
> rad_check_password: Auth-Type = Accept, accepting the user
Why did you put "Auth-Type = Accept" in SQL?
It's breaking the server. Delete it.
> To me it seems that name/password was accepted so I have no clue where
> is the problem..
The password was NOT accepted. It was *ignored*.
Alan DeKok.
More information about the Freeradius-Users
mailing list