Failure to Process radgroupreply

Thu Apr 5 13:21:12 CEST 2012

Platfrom: CentOS 5.8
FreeRADIUS: 2.1.8
Backend: MySQL

I am unable to get FreeRadius to reply with attributes assigned in the
radgroupreply table for some groups. When the same attributes are
assigned in radreply, the server sends them as expected. Adding a
Fall-Through entry for the user in radreply makes no difference (the
server defaults to Fall-Through from the config). I can see no
difference in the structure of the user/groups between working and
non-working accounts.

I've spent most of the night combing the web, wiki, and other
resources, but I find nothing quite like this.

For instance:

# radcheck
testuser1   Cleartext-Password   :=   password

# radreply (WORKS)
testuser1   Nomadix-Bw-Down   :=   768

# radusergroup
testuser1			test-group   1

# radgroupreply (DOES NOT WORK)
testuser1   Nomadix-Bw-Down   :=   768

Here is debug output from an auth request for this account (when the
pairs are only in radgroupreply). You'll notice there is no processing
of the radgroupreply table.

rad_recv: Access-Request packet from host xx.xx.xx.xx port 29817,
id=170, length=49
        User-Name = "testuser1"
        User-Password = "password"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[sql]   expand: %{User-Name} -> testuser1
[sql] sql_set_user escaped user --> 'testuser1'
rlm_sql (sql): Reserving sql socket id: 0
[sql]   expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radcheck WHERE username =
'testuser1' ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radreply WHERE username =
'testuser1' ORDER BY id
[sql]   expand: SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'testuser1' ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT
id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname
= 'test-group' ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[daypasscounter] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "password"
[pap] Using clear text password "password"
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [testuser1] (from client wolfchase-gateway port 0)
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> testuser1
[sql] sql_set_user escaped user --> 'testuser1'
[sql]   expand: %{User-Password} -> password
[sql]   expand: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
-> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES (
'testuser1', 'password', 'Access-Accept', '2012-04-05 06:58:06')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES ( 'testuser1', 'password',
'Access-Accept', '2012-04-05 06:58:06')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 170 to xx.xx.xx.xx port 29817
Finished request 166.
Going to the next request
Waking up in 3.0 seconds.

Thank you for any help.