Randeep randeep123 at gmail.com
Thu Jul 16 06:39:18 CEST 2015 

Hi,

>From the log it is clear that radius found the group of the user as student!

(0) sql: User found in the group table
(0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
(0) sql:    --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'student' ORDER BY id
(0) sql: Executing select query: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname = 'student' ORDER BY id
rlm_sql (sql): Released connection (4)


Regards,
Randeep

On Thu, Jul 16, 2015 at 7:47 AM, ankita therese <ankitatherese at gmail.com>
wrote:

> Hi,
>
>       I'm having trouble getting FreeRADIUS to recognize the group of
> a user using sql. I'm running version 3.0.8, and as far as I can tell,
> everything runs smoothly up to the authorize_group_check_query. It
> executes, but after this, on debugging with radiusd -XX,
> authentication breaks off with
>
> Debug: (0) sql: ... falling-through to profile processing
> Debug: rlm_sql (sql): Released connection (4)
>
> The output of radiusd -X is as follows. Group attribute values are not
> verified or added to reply.
> I tried increasing minimum no of sql connections, but that just makes
> radius tell me i have too many idle connections and need to reduce min.
>
> (0) Received Access-Request Id 153 from 127.0.0.1:49747 to
> 127.0.1.1:1812 length 85
> (0)   User-Name = 'mynewuser'
> (0)   User-Password = 'password'
> (0)   NAS-IP-Address = 127.0.1.1
> (0)   NAS-Port = 0
> (0)   Message-Authenticator = 0x32010b83ba8a72dd523a231e353d1a1b
> (0)   Framed-Protocol = PPP
> (0) # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> (0)   authorize {
> (0)     policy filter_username {
> (0)       if (!&User-Name) {
> (0)       if (!&User-Name)  -> FALSE
> (0)       if (&User-Name =~ / /) {
> (0)       if (&User-Name =~ / /)  -> FALSE
> (0)       if (&User-Name =~ /@.*@/ ) {
> (0)       if (&User-Name =~ /@.*@/ )  -> FALSE
> (0)       if (&User-Name =~ /\.\./ ) {
> (0)       if (&User-Name =~ /\.\./ )  -> FALSE
> (0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
> (0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   ->
> FALSE
> (0)       if (&User-Name =~ /\.$/)  {
> (0)       if (&User-Name =~ /\.$/)   -> FALSE
> (0)       if (&User-Name =~ /@\./)  {
> (0)       if (&User-Name =~ /@\./)   -> FALSE
> (0)     } # policy filter_username = notfound
> (0)     [preprocess] = ok
> (0)     [chap] = noop
> (0)     [mschap] = noop
> (0)     [digest] = noop
> (0) suffix: Checking for suffix after "@"
> (0) suffix: No '@' in User-Name = "mynewuser", looking up realm NULL
> (0) suffix: No such realm "NULL"
> (0)     [suffix] = noop
> (0) eap: No EAP-Message, not doing EAP
> (0)     [eap] = noop
> (0) files: users: Matched entry DEFAULT at line 182
> (0)     [files] = ok
> (0) sql: EXPAND %{User-Name}
> (0) sql:    --> mynewuser
> (0) sql: SQL-User-Name set to 'mynewuser'
> rlm_sql (sql): Reserved connection (4)
> (0) sql: EXPAND SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
> (0) sql:    --> SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = 'mynewuser' ORDER BY id
> (0) sql: Executing select query: SELECT id, username, attribute,
> value, op FROM radcheck WHERE username = 'mynewuser' ORDER BY id
> (0) sql: User found in radcheck table
> (0) sql: Conditional check items matched, merging assignment check items
> (0) sql:   Cleartext-Password := 'password'
> (0) sql: EXPAND SELECT id, username, attribute, value, op FROM
> radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
> (0) sql:    --> SELECT id, username, attribute, value, op FROM
> radreply WHERE username = 'mynewuser' ORDER BY id
> (0) sql: Executing select query: SELECT id, username, attribute,
> value, op FROM radreply WHERE username = 'mynewuser' ORDER BY id
> (0) sql: User found in radreply table, merging reply items
> (0) sql:   Reply-Message = 'OK'
> (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-Name}' ORDER BY priority
> (0) sql:    --> SELECT groupname FROM radusergroup WHERE username =
> 'mynewuser' ORDER BY priority
> (0) sql: Executing select query: SELECT groupname FROM radusergroup
> WHERE username = 'mynewuser' ORDER BY priority
> (0) sql: User found in the group table
> (0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
> (0) sql:    --> SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = 'student' ORDER BY id
> (0) sql: Executing select query: SELECT id, groupname, attribute,
> Value, op FROM radgroupcheck WHERE groupname = 'student' ORDER BY id
> rlm_sql (sql): Released connection (4)
> (0)     [sql] = ok
> (0)     [expiration] = noop
> (0)     [logintime] = noop
> (0)     [pap] = updated
> (0)   } # authorize = updated
> (0) Found Auth-Type = PAP
> (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (0)   Auth-Type PAP {
> (0) pap: Login attempt with password
> (0) pap: User authenticated successfully
> (0)     [pap] = ok
> (0)   } # Auth-Type PAP = ok
> (0) # Executing section post-auth from file
> /usr/local/etc/raddb/sites-enabled/default
> (0)   post-auth {
> (0)     update {
> (0)       No attributes updated
> (0)     } # update = noop
> (0) sql: EXPAND .query
> (0) sql:    --> .query
> (0) sql: Using query template 'query'
> rlm_sql (sql): Reserved connection (4)
> (0) sql: EXPAND %{User-Name}
> (0) sql:    --> mynewuser
> (0) sql: SQL-User-Name set to 'mynewuser'
> (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply,
> authdate) VALUES ( '%{SQL-User-Name}',
> '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
> (0) sql:    --> INSERT INTO radpostauth (username, pass, reply,
> authdate) VALUES ( 'mynewuser', 'password', 'Access-Accept',
> '2015-07-12 20:57:34')
> (0) sql: Executing query: INSERT INTO radpostauth (username, pass,
> reply, authdate) VALUES ( 'mynewuser', 'password', 'Access-Accept',
> '2015-07-12 20:57:34')
> (0) sql: SQL query returned: success
> (0) sql: 1 record(s) updated
> rlm_sql (sql): Released connection (4)
> (0)     [sql] = ok
> (0)     [exec] = noop
> (0)     policy remove_reply_message_if_eap {
> (0)       if (&reply:EAP-Message && &reply:Reply-Message) {
> (0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
> (0)       else {
> (0)         [noop] = noop
> (0)       } # else = noop
> (0)     } # policy remove_reply_message_if_eap = noop
> (0)   } # post-auth = ok
> (0) Sent Access-Accept Id 153 from 127.0.1.1:1812 to 127.0.0.1:49747
> length
> 0
> (0)   Framed-Protocol = PPP
> (0)   Framed-Compression = Van-Jacobson-TCP-IP
> (0)   Reply-Message = 'OK'
> (0) Finished request
>
>
>
> Thank you
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




-- 
Randeep
Mob: +919447831699[kerala]
Mob: +919880050349[B'lore]
http://twitter.com/Randeeppr
http://in.linkedin.com/in/randeeppr

[image: --]
Randeep Raman
[image: http://]about.me/Randeeppr
<http://about.me/Randeeppr>

More information about the Freeradius-Users mailing list