<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 15/09/2010 17:29, Phil Mayers wrote:
<blockquote cite="mid:4C90E664.8000907@imperial.ac.uk" type="cite"><br>
<br>
Please post the full debugging output.
<br>
</blockquote>
<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
[chap] Setting 'Auth-Type := CHAP'<br>
++[chap] returns ok<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "08-00-0f-44-c7-42", looking up realm
NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
++[unix] returns notfound<br>
rlm_opendirectory: The SACL group "com.apple.access_radius" does not
exist on this system.<br>
rlm_opendirectory: The host 10.2.2.230 does not have an access
group.<br>
rlm_opendirectory: no access control groups, all users allowed.<br>
++[opendirectory] returns ok<br>
++- entering group redundant_sql {...}<br>
[sql1] expand: %{User-Name} -> 08-00-0f-44-c7-42<br>
[sql1] sql_set_user escaped user --> '08-00-0f-44-c7-42'<br>
rlm_sql (sql1): Reserving sql socket id: 1<br>
[sql1] expand: SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'%{SQL-User-Name}' <br>
[sql1] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}'
ORDER BY prior<br>
rlm_sql (sql1): Released sql socket id: 1<br>
[sql1] User 08-00-0f-44-c7-42 not found<br>
+++[sql1] returns notfound<br>
++- group redundant_sql returns notfound<br>
++? if (notfound)<br>
? Evaluating (notfound) -> TRUE<br>
++? if (notfound) -> TRUE<br>
++- entering if (notfound) {...}<br>
+++[reply] returns notfound<br>
++- if (notfound) returns notfound<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.<br>
++[pap] returns noop<br>
Found Auth-Type = CHAP<br>
+- entering group CHAP {...}<br>
[chap] login attempt by "08-00-0f-44-c7-42" with CHAP password<br>
[chap] Cleartext-Password is required for authentication<br>
++[chap] returns invalid<br>
Failed to authenticate the user.<br>
Using Post-Auth-Type Reject<br>
+- entering group REJECT {...}<br>
[attr_filter.access_reject] expand: %{User-Name} ->
08-00-0f-44-c7-42<br>
attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 2 for 1 seconds<br>
<blockquote cite="mid:4C90E664.8000907@imperial.ac.uk" type="cite">
<br>
Have you tested this? With radclient/radtest? It should work, from
what I can see.
<br>
</blockquote>
<br>
no. I didn't tested.<br>
<br>
Thank you for your help.<br>
<div class="moz-signature">-- <br>
<style type="text/css">.name { font-family: Verdana,sans-serif; color: rgb(236, 112, 7); font-size: 10pt; }.function { font-family: Verdana,sans-serif; color: rgb(236, 112, 7); font-style: italic; font-size: 7pt; }.link { text-decoration: none; font-family: Verdana,sans-serif; color: rgb(153, 153, 153); font-size: 7pt; font-weight: bold; }.phone { font-family: Verdana,sans-serif; color: rgb(102, 102, 102); font-size: 7pt; font-weight: bold; }img { border: 0pt none; }ul { list-style-type: none; padding-left: 1px; }</style>
<strong class="name">Fabien COMBERNOUS</strong><br>
<em class="function">unix system engineer</em><br>
<a class="link" href="http://www.kezia.com/" title="Kezia website">www.kezia.com</a><br>
<strong class="phone">Tel: +33 (0) 467 992 986</strong><br>
<img src="cid:part1.08020404.08020903@kezia.com" alt="Kezia Group">
</div>
</body>
</html>