users file ignored and still checks sql

Paul Tinson Paul.Tinson at
Tue Apr 24 13:33:12 CEST 2012

Hi There,

I have been looking at an issue we are having with out deployment and for
the life of me cant see what is wrong.
We have version 2.1.8 but I couldn't find any mention of a bug like this
in releases since.

The issue is I want to do a realm based auth for one realm and return some
L2TP information.
So in proxy.conf I have added the realm, in users I have added a user like
this: realm and ip changed to protect the innocent

DEFAULT Realm == "", Auth-Type := Accept
	Tunnel-Type := L2TP,
	Tunnel-Medium-Type := IP,
	Tunnel-Server-Endpoint :=,
	Alc-Tunnel-Idle-Timeout := 600,
	Tunnel-Assignment-Id := Tunnel1,
	Fall-Through = No

In the default enabled site I have file and sql enabled for authorization.
When I run freeradius -X I get the output as follows: again changed to

[suffix] Looking up realm "" for User-Name =
"wibble at"
[suffix] Found realm ""
[suffix] Adding Stripped-User-Name = "wibble"
[suffix] Adding Realm = ""
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 87
++[files] returns ok
[sql]   expand: %{Orcon-User-Name} ->
[sql] sql_set_user escaped user --> ''
rlm_sql (sql): Reserving sql socket id: 0
[sql]   expand: CALL authorize_check_query(query) -> CALL
rlm_sql_mysql: query:  CALL authorize_check_query(query)
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql_getvpdata: database query error
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 0
++[sql] returns fail
Invalid user: [wibble at] (from client bng1 port 0 cli 103249698)
Using Post-Auth-Type Reject

I would have thought this configuration should result in the users file
being scanned and then returning Auth-Type: Accept and not then processing
the sql authorize module.

Have I missed something simple, or does this config look right.

Any clues appreciated.


More information about the Freeradius-Users mailing list