free radius authentication query not working as expected

Alan DeKok aland at
Fri May 6 14:48:10 CEST 2016

On May 5, 2016, at 11:33 PM, Amardeep Singh <aman.xsaintz at> wrote:
> I have added the authentication query on free radius as
> (/etc/raddb/sites-enabled/default):-
> if ("%{Called-Station-Id}" =~ /^00-50-E8-/) {
> update request {
> Tmp-String-0 = "%{sql: SELECT radius_group_name from raduserzone where \
> site_id='%{NAS-Identifier}' and \
> mac_address='%{Calling-Station-Id}' and \
> vlan_id='%{NAS-Port}'}"

  That should work if the data exists in the database.

> I stopped the radius daemon -  '/etc/init.d/radiusd stop' and then ran the
> radius in debug mode - radiusd -X.

  That's good.

> Now when I see the radius log file - (radius_log_switch.txt attached) both
> the times while switching SSIDs I got Auth: Login OK response.

  Which doesn't help.  We don't need to see that log output.

> Then I reviewed the radius debug window (radius_debug_log.txt attached) on
> line 16 it seems that even the authentication query returns nothing still
> the update query ran and sets the username to null value.

  Have you tried running the SQL query by hand?  That's why it's being printed out.  So you can test it.

  MySQL returns:

rlm_sql_mysql: MYSQL Error: No Fields

  Which means that something is going wrong with the DB layer.  i.e. the SELECT returns no data.

> I am using custom radius table here to track the guest data, while
> switching , in the database.

  Fix the table and/or the queries so that they work.  Test the queries by hand.

> Can you please share your thoughts here and guide me if I am going in the
> right direction? Thanks a lot in advance!!

  If you're customizing SQL, you should be debugging SQL first, and RADIUS second.

  Alan DeKok.

More information about the Freeradius-Users mailing list