Alexander Serkin wrote:
Gurus, may be i'm pulling some common mistake with my configuration being tested against cvs snapshot, but no idea which one. I've an sql profile telling:
some.dotted.user Cleartext-Password = cisco NAS-IP-Address =~ "xxx.xxx.97.(85|86)"
Hmm I don't know how Cleartext-Password is mapped, always thought it was a legacy attribute. Try User-Password ? Also it's == not = for check items .
authentication request:
User-Name = "some.dotted.user" User-Password = "cisco" Calling-Station-Id = "000000000000000" Framed-Protocol = PPP Service-Type = Framed-User NAS-IP-Address = xxx.xxx.97.85
gives the access-reject for unknown (for me) reason:
rlm_sql (sqlauth): sql_set_user escaped user --> 'some.dotted.user' rlm_sql (sqlauth): Reserving sql socket id: 3 radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'some.dotted.user' ORDER BY id' SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'some.dotted.user' ORDER BY id ... rlm_sql (sqlauth): Released sql socket id: 3 modcall[authorize]: module "sqlauth" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: No password configured for the user Login incorrect (No password configured for the user): [some.dotted.user/cisco] (from client localhost port 0 cli 00000000000000) auth: Failed to validate the user.
I've checked the authorization sql query shown in debug - it properly returns the profile configured
-- Arran Cudbard-Bell (ac221@sussex.ac.uk) Authentication Authorisation & Accounting Officer Infrastructure Services | ENG1 FF08 EXT:3900