hi, first of all, i thank all people who are giving thier time to help. before i subscribe here and post my email, i am searching around in internet since a week and trying my best to solve it, i have learned many things,but there is one problem i cannot get it solved. i am trying to make hotspot for some building, i choosed: Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend server and CoovaAP on WRT54GL sending user credentials to backend server for authentication my configs (default settings not showed, lines i changed showed) freeradius radiusd.conf ================================================ . . all default . log { . . #at the end of log{ auth = yes auth_badpass = yes auth_goodpass = yes } modules { . . . $INCLUDE sql.conf #already there $INCLUDE sql/mysql/counter.conf #already there . . . } authorize{ preprocess chap mschap suffix eap sql #if i comment out sql and use file, it works, i recive Packet-Accept, with SQL see the pap warning in debug text pap } accounting{ detail sql } session{ sql } ================================================== clients.conf client localhost { ipaddr = 127.0.0.1 secret = clientradsec36365 require_message_authenticator = no nastype = other } ================================================== sql.conf sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" login = "radius" password = "frsqldblogin36365" radius_db = "radius" . . . sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql . . } @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ /etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into mysql "radius" database, radius@localhost user granted all on radius.* dummy data in tables: mysql> SELECT * FROM radcheck; +----+----------+--------------------+----+-------+ | id | username | attribute | op | value | +----+----------+--------------------+----+-------+ | 1 | obaid | Cleartext-Password | := | 36365 | +----+----------+--------------------+----+-------+ 1 row in set (0.00 sec) mysql> SELECT * FROM radusergroup; +----------+-----------+----------+ | username | groupname | priority | +----------+-----------+----------+ | obaid | hotspot | 0 | +----------+-----------+----------+ 1 row in set (0.01 sec) mysql> SELECT * FROM radgroupcheck; +----+-----------+-----------+----+-------+ | id | groupname | attribute | op | value | +----+-----------+-----------+----+-------+ | 2 | hotspot | Auth-Type | := | Local | +----+-----------+-----------+----+-------+ 1 row in set (0.00 sec) mysql> SELECT * FROM radreply; +----+----------+---------------+----+-------+ | id | username | attribute | op | value | +----+----------+---------------+----+-------+ | 1 | obaid | Reply-Message | := | Hello | +----+----------+---------------+----+-------+ 1 row in set (0.00 sec) mysql> SELECT * FROM radgroupreply; +----+-----------+-----------------+----+-------------+ | id | groupname | attribute | op | value | +----+-----------+-----------------+----+-------------+ | 1 | hotspot | Framed-Protocol | := | PPP | | 2 | hotspot | Service-Type | := | Framed-User | +----+-----------+-----------------+----+-------------+ 2 rows in set (0.00 sec) @#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$@#$ now when running /usr/sbin/freeradius -X and send auth request with radtest i get radtest obaid 36365 localhost 1812 clientradsec36365 Sending Access-Request of id 96 to 127.0.0.1 port 1812 User-Name = "obaid" User-Password = "36365" NAS-IP-Address = 192.168.1.100 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96, length=20 freeradius -X: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96, length=57 User-Name = "obaid" User-Password = "36365" NAS-IP-Address = 192.168.1.100 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "obaid", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [obaid/36365] (from client server port 1812) Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> obaid attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 96 to 127.0.0.1 port 40386 Waking up in 4.9 seconds. Cleaning up request 0 ID 96 with timestamp +17 Ready to process requests. -========================================================= have you noticed that debug output doesnt talk about sql queries ???, and nothing about sql queries in log files. i have used ntradping to send authentication request with CHAP ticked/not ticked, and i get the same rad+recv:Access-Reject. but with all same config (except commenting sql and uncomment file in radius.conf) and radtesting it works fine. it is probably radius cant query mysql, but i used mtop (mysql monitoring tool) and it showes that radius queried mysql or it might be wrong dummy data... ----- i will appreciate it very much if some one will guide me through this. thanks for reading. Obaid Ghaznawi