Unable to find user in DB.

mustafa mujahid mustafa.mujahid at outlook.com
Tue Mar 7 07:38:29 CET 2017 

Hello all,

I've been trying to get LAN authentication working on a test radius server v2.2.8 and have run into a problem. My server can't seem to find the user in database. I have verified the exact same query on th DB and it returns the correct query result but somehow radius is unable to find the user. Please see below the debug output :

 ... adding new socket proxy address * port 41532
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/log/radius/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.99.5 port 1645, id=84, length=166
    User-Name = "test.user"
    Service-Type = Framed-User
    Framed-MTU = 1500
    Called-Station-Id = "F4-1F-C2-29-F2-04"
    Calling-Station-Id = "5C-B9-01-82-7F-64"
    EAP-Message = 0x02010015017a65657368616e2e6368617564617279
    Message-Authenticator = 0xef5d9c130e4c84779ee2942be69f84ac
    NAS-Port-Type = Ethernet
    NAS-Port = 50004
    NAS-Port-Id = "FastEthernet0/4"
    NAS-IP-Address = 10.10.99.5
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "test.user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[sql]     expand: %{User-Name} -> test.user
[sql] sql_set_user escaped user --> 'test.user'
rlm_sql (sql): Reserving sql socket id: 4
[sql]     expand: SELECT id,UserName,Attribute,Value,op FROM backup.radcheck_office_replica where username = '%{SQL-User-Name}' order by id -> SELECT id,UserName,Attribute,Value,op FROM backup.radcheck_office_replica where username = 'test.user' order by id
rlm_sql (sql): Released sql socket id: 4
[sql] User test.user not found
++[sql] = notfound
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [test.user] (from client ops-switch port 50004 cli 5C-B9-01-82-7F-64)
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[sql]     expand: %{User-Name} -> test.user
[sql] sql_set_user escaped user --> 'test.user'
++[sql] = noop
+} # group REJECT = noop
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 84 to 10.10.99.5 port 1645
Waking up in 4.9 seconds.
Cleaning up request 0 ID 84 with timestamp +40
Ready to process requests.


But when the exact same query is run on the DB it returns positive results. please see attached screen shot from DB. Currently my sql.conf file only contains :

authorize_check_query ="SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} where username = '%{SQL-User-Name}' order by id"

and queries for accounting but they are not of concern as I only need authentication from this radius so I can match MAC Address against user name, but that comes after. I'm stuck at the first stage. I don't understand what the issue might be . Kindly let me know if I'm missing something or if further information is required. Any help on this would be greatly appreciated.



--

Mustafa

More information about the Freeradius-Users mailing list