accepting all the users

John Martins jm829580 at gmail.com
Wed Jun 27 12:19:05 CEST 2018


Hello,

Thanks Alan....

I have another issue, maybe you guys can help me:

Having setup freeradius 3.0.16, I get this error when I try to authenticate
with a user which was working properly in freeradius 2 for ages.

Can anybody give me a clue? Please, do no hesitate to request more
information if needed.

Ready to process requests
(12) Received Access-Request Id 11 from 91.34.28.80:51755 to
55.131.246.124:1812 length 203
(12)   NAS-Port-Type = Wireless-802.11
(12)   Calling-Station-Id = "5C:03:21:84:FC:78"
(12)   Called-Station-Id = "XXX"
(12)   NAS-Port-Id = "wlan1"
(12)   User-Name = "frederic at gmail.com"
(12)   NAS-Port = 2161115143
(12)   Acct-Session-Id = "80d00007"
(12)   Framed-IP-Address = 192.168.10.242
(12)   Mikrotik-Host-IP = 192.168.10.242
(12)   User-Password = "af90385d9095d743b3b23e3f015a2ae4"
(12)   Service-Type = Login-User
(12)   WISPr-Logoff-URL = "http://192.168.10.1/logout"
(12)   NAS-Identifier = "XXX"
(12)   NAS-IP-Address = 10.129.98.16
(12) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(12)   authorize {
(12)     [preprocess] = ok
(12)     [chap] = noop
(12)     [mschap] = noop
(12) suffix: Checking for suffix after "@"
(12) suffix: Looking up realm "me.com" for User-Name = "frederic at gmail.com"
(12) suffix: No such realm "me.com"
(12)     [suffix] = noop
(12) eap: No EAP-Message, not doing EAP
(12)     [eap] = noop
(12)     [files] = noop
(12) sql: EXPAND %{User-Name}
(12) sql:    --> frederic at gmail.com
(12) sql: SQL-User-Name set to 'frederic at gmail.com'
rlm_sql (sql): Reserved connection (25)
(12) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(12) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'frederic at gmail.com' ORDER BY id
(12) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'frederic at gmail.com' ORDER BY id
(12) sql: ERROR: Failed to create the pair: Invalid vendor name in
attribute name "Password"
(12) sql: ERROR: Error parsing user data from database result
(12) sql: ERROR: Error getting check attributes
rlm_sql (sql): Released connection (25)
Need 7 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (28), 1 of 29 pending slots
used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.7.22-0ubuntu0.17.10.1-log, protocol version 10
(12)     [sql] = fail
(12)   } # authorize = fail
(12) Invalid user (sql: Failed to create the pair: Invalid vendor name in
attribute name "Password"): [
frederic at gmail.com/af90385d9095d743b3b23e3f015a2ae4] (from client
private-network-1 port 2161115143 cli 5C:03:21:84:FC:78)
(12) Using Post-Auth-Type Reject
(12) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(12)   Post-Auth-Type REJECT {
(12) sql: EXPAND .query
(12) sql:    --> .query
(12) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (27)
(12) sql: EXPAND %{User-Name}
(12) sql:    --> frederic at gmail.com
(12) sql: SQL-User-Name set to 'frederic at gmail.com'
(12) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(12) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'frederic at gmail.com', 'af90385d9095d743b3b23e3f015a2ae4',
'Access-Reject', '2018-06-27 12:14:20')
(12) sql: EXPAND /var/log/freeradius/sqllog.sql
(12) sql:    --> /var/log/freeradius/sqllog.sql
(12) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'frederic at gmail.com',
'af90385d9095d743b3b23e3f015a2ae4', 'Access-Reject', '2018-06-27 12:14:20')
(12) sql: SQL query returned: success
(12) sql: 1 record(s) updated
rlm_sql (sql): Released connection (27)
(12)     [sql] = ok
(12) attr_filter.access_reject: EXPAND %{User-Name}
(12) attr_filter.access_reject:    --> frederic at gmail.com
(12) attr_filter.access_reject: Matched entry DEFAULT at line 11
(12)     [attr_filter.access_reject] = updated
(12)     [eap] = noop
(12)     policy remove_reply_message_if_eap {
(12)       if (&reply:EAP-Message && &reply:Reply-Message) {
(12)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(12)       else {
(12)         [noop] = noop
(12)       } # else = noop
(12)     } # policy remove_reply_message_if_eap = noop
(12)   } # Post-Auth-Type REJECT = updated
(12) Login incorrect (sql: Failed to create the pair: Invalid vendor name
in attribute name "Password"): [
frederic at gmail.com/af90385d9095d743b3b23e3f015a2ae4] (from client
private-network-1 port 2161115143 cli 5C:03:21:84:FC:78)
(12) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(12) Sending delayed response
(12) Sent Access-Reject Id 11 from 55.131.246.124:1812 to 91.34.28.80:51755
length 20
Waking up in 3.9 seconds.
(12) Cleaning up request packet ID 11 with timestamp +1974
Ready to process requests

Best

On Tue, Jun 26, 2018 at 4:22 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Jun 26, 2018, at 10:14 AM, John Martins <jm829580 at gmail.com> wrote:
> >
> >
> > I'm new in freeradius, I installed freeeradius 3.016 and mysql, and would
> > like to accept all the users directly. I work with Mikrotik routers.
> >
> > Could anybody give me a clue of how to do it?
>
>   If you want to accept them without checking passwords or anything else,
> do:
>
> authorize {
>         accept
> }
>
>   i.e. remove everything else from the "authorize" section, and replace it
> with "accept".
>
>   This won't work for EAP, tho.  or MS-CHAP.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list