Well, that is not the only one nas i have , the sql module is requiered for several other nas and hotspots users... On Tue, Jul 28, 2009 at 12:25 PM, Dimitrios Giannakopoulos < d.giannakop@gmail.com> wrote:
The problem is that the sql module returns reject you can remove the sql from authorization
Hi, i want to accept all request coming from a specific nas-ip-assdress , i used to configure like this (in users file):
DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept Fall-Through = Yes The above settings are not working now, this is the debug of a transaction:
rad_recv: Access-Request packet from host 192.168.150.25 port 1645, id=52, length=94 NAS-IP-Address = 192.168.150.25 NAS-Port = 108 NAS-Port-Type = Async User-Name = "123.com.sv" Called-Station-Id = "22660321" Calling-Station-Id = "22264218" User-Password = "cisco" Service-Type = Dialout-Framed-User +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{User-Name} -> 123.com.sv [sql] sql_set_user escaped user --> '123.com.sv' rlm_sql (sql): Reserving sql socket id: 22 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '123.com.sv' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '123.com.sv' ORDER BY priority rlm_sql (sql): Released sql socket id: 22 [sql] User 123.com.sv not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli
On Tue, Jul 28, 2009 at 8:53 PM, Miguel Miranda<miguel.mirandag@gmail.com> wrote: 22264218)
Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> 123.com.sv attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request
Im using freeradius 2 and daloradius 0.9, and this a extract of relevant radius.conf settings:
authorize { preprocess chap mschap suffix eap { ok = return }
files sql expiration logintime pap }
authenticate { Auth-Type PAP { pap }
Auth-Type CHAP { chap }
Auth-Type MS-CHAP { mschap } eap }
preacct { preprocess acct_unique suffix files }
accounting { detail sql attr_filter.accounting_response }
session { radutmp }
post-auth {
exec
Post-Auth-Type REJECT { attr_filter.access_reject } }
post-proxy { eap }
From the debug it appears that users file is not being processed correctly, what should i check? regards Miguel Miranda
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html