Freeradius + PEAP.. stuck on validating identity..

Bruno Kremel bruno.kremel at gmail.com
Wed Mar 31 22:39:04 CEST 2010 

On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote:
> Bruno Kremel wrote:
> > My configuration is pretty much default except of enabling MySQL and
> > setting paths and passwords to certificates (generated with make
> > script in /etc/freeradius/certs, so they should be OK) and addresses
> > of clients.
> 
>   And what did you put in SQL?
> 
> > expand: %{User-Name} -> pokus
> > rlm_sql (sql): sql_set_user escaped user --> 'pokus'
> > rlm_sql (sql): Reserving sql socket id: 3
> > expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
> > username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> > attribute, value, op FROM radcheck WHERE username = 'pokus' ORDER BY
> > id
> > rlm_sql (sql): User found in radcheck table
> > expand: SELECT id, username, attribute, value, op FROM radreply WHERE
> > username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> > attribute, value, op FROM radreply WHERE username = 'pokus' ORDER BY
> > id
> > expand: SELECT groupname FROM radusergroup WHERE username =
> > '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
> > radusergroup WHERE username = 'pokus' ORDER BY priority
> 
> ...
> 
> > rad_check_password: Found Auth-Type Accept
> > rad_check_password: Auth-Type = Accept, accepting the user
> 
>   Why did you put "Auth-Type = Accept" in SQL?
> 
>   It's breaking the server.  Delete it.
What should be there?
Beacuse I don't know I am using Daloradius web interafce for adding data to 
database, so I just loaded default daloradius sql which was intendet 
(according to readme od daloradius) for 2.X Freeradius... and added accounts 
in web interface...
> 
> > To me it seems that name/password was accepted so I have no clue where
> > is the problem..
> 
>   The password was NOT accepted.  It was *ignored*.
> 
And what is that Accept-Accept on the end of the log?... also radtest gives me 
Accept-Accept only on correct login and password so I think that it's not that 
SQL...


>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
>  http://www.freeradius.org/list/users.html
> 
Thank you for answer.

More information about the Freeradius-Users mailing list