Have you tried it with "<b>Fall-Through = No" or without "</b><b>Fall-Through"</b>?<br><br><a href="http://freeradius.org/radiusd/man/users.html">http://freeradius.org/radiusd/man/users.html</a><br><br>
<div class="gmail_quote">2009/7/28 Miguel Miranda <span dir="ltr"><<a href="mailto:miguel.mirandag@gmail.com">miguel.mirandag@gmail.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Me too, but my questions is about the nas-ip-address entry that i posted as example, acording to the docs, all users should be accepted, no matter what user/pass combitantion they are using.<br>and in my case freeradius rejects the access<div>
<div></div><div class="h5"><br>
<br><div class="gmail_quote">On Tue, Jul 28, 2009 at 1:19 PM, Dimitrios Giannakopoulos <span dir="ltr"><<a href="mailto:d.giannakop@gmail.com" target="_blank">d.giannakop@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi Miranda<br>
I use the same users file and authorization configuration (with sql)<br>
and it is work fine.<br>
<br>
<br>
On Tue, Jul 28, 2009 at 9:28 PM, Miguel<br>
<div><div></div><div>Miranda<<a href="mailto:miguel.mirandag@gmail.com" target="_blank">miguel.mirandag@gmail.com</a>> wrote:<br>
> Well, that is not the only one nas i have , the sql module is requiered for<br>
> several other nas and hotspots users...<br>
><br>
> On Tue, Jul 28, 2009 at 12:25 PM, Dimitrios Giannakopoulos<br>
> <<a href="mailto:d.giannakop@gmail.com" target="_blank">d.giannakop@gmail.com</a>> wrote:<br>
>><br>
>> The problem is that the sql module returns reject<br>
>> you can remove the sql from authorization<br>
>><br>
>> On Tue, Jul 28, 2009 at 8:53 PM, Miguel<br>
>> Miranda<<a href="mailto:miguel.mirandag@gmail.com" target="_blank">miguel.mirandag@gmail.com</a>> wrote:<br>
>> > Hi, i want to accept all request coming from a specific nas-ip-assdress<br>
>> > , i<br>
>> > used to configure like this (in users file):<br>
>> ><br>
>> > DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept<br>
>> > Fall-Through = Yes<br>
>> > The above settings are not working now, this is the debug of a<br>
>> > transaction:<br>
>> ><br>
>> > rad_recv: Access-Request packet from host 192.168.150.25 port 1645,<br>
>> > id=52,<br>
>> > length=94<br>
>> > NAS-IP-Address = 192.168.150.25<br>
>> > NAS-Port = 108<br>
>> > NAS-Port-Type = Async<br>
>> > User-Name = "<a href="http://123.com.sv" target="_blank">123.com.sv</a>"<br>
>> > Called-Station-Id = "22660321"<br>
>> > Calling-Station-Id = "22264218"<br>
>> > User-Password = "cisco"<br>
>> > Service-Type = Dialout-Framed-User<br>
>> > +- entering group authorize {...}<br>
>> > ++[preprocess] returns ok<br>
>> > ++[chap] returns noop<br>
>> > ++[mschap] returns noop<br>
>> > [suffix] No '@' in User-Name = "<a href="http://123.com.sv" target="_blank">123.com.sv</a>", looking up realm NULL<br>
>> > [suffix] No such realm "NULL"<br>
>> > ++[suffix] returns noop<br>
>> > [eap] No EAP-Message, not doing EAP<br>
>> > ++[eap] returns noop<br>
>> > ++[files] returns noop<br>
>> > expand: %{User-Name} -> <a href="http://123.com.sv" target="_blank">123.com.sv</a><br>
>> > [sql] sql_set_user escaped user --> '<a href="http://123.com.sv" target="_blank">123.com.sv</a>'<br>
>> > rlm_sql (sql): Reserving sql socket id: 22<br>
>> > expand: SELECT id, username, attribute, value, op FROM<br>
>> > radcheck WHERE username = '%{SQL-User-Name}' ORDER<br>
>> > BY id<br>
>> > -> SELECT id, username, attribute, value, op FROM<br>
>> > radcheck WHERE username = '<a href="http://123.com.sv" target="_blank">123.com.sv</a>' ORDER BY id<br>
>> > expand: SELECT groupname FROM radusergroup<br>
>> > WHERE<br>
>> > username = '%{SQL-User-Name}' ORDER BY priority -> SELECT<br>
>> > groupname FROM radusergroup WHERE username =<br>
>> > '<a href="http://123.com.sv" target="_blank">123.com.sv</a>' ORDER BY priority<br>
>> > rlm_sql (sql): Released sql socket id: 22<br>
>> > [sql] User <a href="http://123.com.sv" target="_blank">123.com.sv</a> not found<br>
>> > ++[sql] returns notfound<br>
>> > ++[expiration] returns noop<br>
>> > ++[logintime] returns noop<br>
>> > [pap] WARNING! No "known good" password found for the user.<br>
>> > Authentication<br>
>> > may fail because of this.<br>
>> > ++[pap] returns noop<br>
>> > No authenticate method (Auth-Type) configuration found for the request:<br>
>> > Rejecting the user<br>
>> > Failed to authenticate the user.<br>
>> > Login incorrect: [<a href="http://123.com.sv/cisco" target="_blank">123.com.sv/cisco</a>] (from client tigo port 108 cli<br>
>> > 22264218)<br>
>> > Using Post-Auth-Type Reject<br>
>> > +- entering group REJECT {...}<br>
>> > expand: %{User-Name} -> <a href="http://123.com.sv" target="_blank">123.com.sv</a><br>
>> > attr_filter: Matched entry DEFAULT at line 11<br>
>> > ++[attr_filter.access_reject] returns updated<br>
>> > Delaying reject of request 1 for 1 seconds<br>
>> > Going to the next request<br>
>> ><br>
>> ><br>
>> > Im using freeradius 2 and daloradius 0.9, and this a extract of relevant<br>
>> > radius.conf settings:<br>
>> ><br>
>> > authorize {<br>
>> > preprocess<br>
>> > chap<br>
>> > mschap<br>
>> > suffix<br>
>> > eap {<br>
>> > ok = return<br>
>> > }<br>
>> ><br>
>> > files<br>
>> > sql<br>
>> > expiration<br>
>> > logintime<br>
>> > pap<br>
>> > }<br>
>> ><br>
>> ><br>
>> ><br>
>> > authenticate {<br>
>> > Auth-Type PAP {<br>
>> > pap<br>
>> > }<br>
>> ><br>
>> > Auth-Type CHAP {<br>
>> > chap<br>
>> > }<br>
>> ><br>
>> > Auth-Type MS-CHAP {<br>
>> > mschap<br>
>> > }<br>
>> > eap<br>
>> > }<br>
>> ><br>
>> ><br>
>> > preacct {<br>
>> > preprocess<br>
>> > acct_unique<br>
>> > suffix<br>
>> > files<br>
>> > }<br>
>> ><br>
>> > accounting {<br>
>> > detail<br>
>> > sql<br>
>> > attr_filter.accounting_response<br>
>> > }<br>
>> ><br>
>> ><br>
>> > session {<br>
>> > radutmp<br>
>> > }<br>
>> ><br>
>> ><br>
>> > post-auth {<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > exec<br>
>> ><br>
>> > Post-Auth-Type REJECT {<br>
>> > attr_filter.access_reject<br>
>> > }<br>
>> > }<br>
>> ><br>
>> > post-proxy {<br>
>> > eap<br>
>> > }<br>
>> ><br>
>> ><br>
>> > From the debug it appears that users file is not being processed<br>
>> > correctly,<br>
>> > what should i check?<br>
>> > regards<br>
>> > Miguel Miranda<br>
>> ><br>
>> ><br>
>> ><br>
>> > -<br>
>> > List info/subscribe/unsubscribe? See<br>
>> > <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
>> ><br>
>><br>
>> -<br>
>> List info/subscribe/unsubscribe? See<br>
>> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>
</div></div><br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>