Hi list,
I have some problems with the mentioned message.
COMPLETE MESSAGE :
rad_recv: Access-Request packet from host MYIP port 2343, id=110, length=207
NAS-Port-Type = Ethernet
Calling-Station-Id = "C4:2C:03:DA:11:44"
Called-Station-Id = "station-DC"
NAS-Port-Id = "ether2"
User-Name = "8charword"
NAS-Port = 2152726925
Acct-Session-Id = "8050018d"
Framed-IP-Address = 10.128.6.99
Mikrotik-Host-IP = 10.128.6.99
User-Password = "!wayne#"
Service-Type = Login-User
WISPr-Logoff-URL = "http://MYIP/logout"
NAS-Identifier = "station-dc"
NAS-IP-Address = MYIP
Mikrotik-Realm = "myrealm"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "8charword", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
expand: %{User-Name} -> 8charword
rlm_sql (sql): sql_set_user escaped user --> '8charword'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '8charword' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '8charword' ORDER BY id
expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = '8charword' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'mygroup' ORDER BY id
rlm_sql (sql): User found in group mygroup
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'mygroup' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
++[expiration] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[cardscounter] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "!wayne#"
rlm_pap: No password configured for the user. Cannot do authentication
++[pap] returns fail
auth: Failed to validate the user.
Login incorrect: [8charword/!wayne#] (from client station-DC port 2152726925 cli C4:2C:03:DA:11:44)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> 8charword
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 110 to MYIP port 2343
Waking up in 4.9 seconds.
Cleaning up request 0 ID 110 with timestamp +18
Ready to process requests.
END OF MESSAGE
MY ENTRIES :
-radcheck
+----+----------+-----------+----+---------+
| id | username | attribute | op | value |
+----+----------+-----------+----+---------+
| 3 | 8charword| Password | == | !wayne# |
+----+----------+-----------+----+---------+
- usergroup
+----------+------------+----------+----+
| username | groupname | priority | id |
+----------+------------+----------+----+
| 8charword| mygroup| 1 | 3 |
+----------+------------+----------+----+
- radgroupcheck (I know I should not force Auth-Type, but without I get anoter error, and it worked for years on our old server)
+----+------------+-----------+----+-------+
| id | groupname | attribute | op | value |
+----+------------+-----------+----+-------+
| 1 | mygroup| Auth-Type | := | Local |
+----+------------+-----------+----+-------+
- radgroupreply
+----+------------+---------------------+----+------------+------+
| id | groupname | attribute | op | value | prio |
+----+------------+---------------------+----+------------+------+
| 27 | mygroup| Mikrotik-Rate-Limit | = | 512k/4096k | 0 |
+----+------------+---------------------+----+------------+-----
When I replace 8charword with a username with 5 or less characters everything is fine.
Can someone help me ?
Thanx
Wayne