I am setting up a new Radius server or a mikrotik hotspot system. I am getting a wierd issue that I have not been able to solve or find hints to what to do to fix it. I have setup the system with mysql. I see the radcheck happen and show it retrieved a record. ( I have verified the sql statments do actually pull something). I am not sending any reply so nothing is found in that table. At this point from what I understand in reading how the sql module works at this point it should send back a Access-Accept. Unfortunatly it does not and continues to do group checks and I end up with a reject. Hoping someone can give me a idea of what I need to look at or what I can read up more on to track the issue I am having down. Here is the debug: rad_recv: Access-Request packet from host 76.8.212.170 port 36910, id=78, length=189 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "1C:4B:D6:A5:CD:BF" Called-Station-Id = "10631" NAS-Port-Id = "ether2" User-Name = "1" NAS-Port = 2152726611 Acct-Session-Id = "80500053" Framed-IP-Address = 10.69.103.254 Mikrotik-Host-IP = 10.69.103.254 CHAP-Challenge = 0x95b4afa9e0e37e62da70a83197931d11 CHAP-Password = 0x21b4c5ed3e3175b1b7672103936286b74e Service-Type = Login-User WISPr-Logoff-URL = "http://10.69.100.1/logout" NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.99.163 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> 1 [sql] sql_set_user escaped user --> '1' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' and PID='%{Called-Station-Id}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1' and PID='10631' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1' and PID='10631' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' and PID='%{Called-Station-Id}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1' and PID='10631' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1' and PID='10631' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = CHAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group CHAP {...} [chap] login attempt by "1" with CHAP password [chap] Using clear text password "1" for user 1 authentication. [chap] chap user 1 authenticated succesfully ++[chap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> 1 [sql] sql_set_user escaped user --> '1' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> 0x21b4c5ed3e3175b1b7672103936286b74e [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Accept', '2014-06-11 18:42:31') [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Accept', '2014-06-11 18:42:31') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Accept', '2014-06-11 18:42:31') rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok [sql_log] Processing sql_log_postauth [sql_log] expand: %{User-Name} -> 1 [sql_log] expand: %{%{User-Name}:-DEFAULT} -> 1 [sql_log] sql_set_user escaped user --> '1' [sql_log] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [sql_log] ... expanding second conditional [sql_log] expand: Chap-Password -> Chap-Password [sql_log] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('1', 'Chap-Password', 'Access-Accept', '2014-06-11 18:42:31'); [sql_log] expand: /var/log/freeradius/radacct/sql-relay -> /var/log/freeradius/radacct/sql-relay [sql_log] Couldn't open file /var/log/freeradius/radacct/sql-relay: No such file or directory ++[sql_log] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [sql] expand: %{User-Name} -> 1 [sql] sql_set_user escaped user --> '1' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> 0x21b4c5ed3e3175b1b7672103936286b74e [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Reject', '2014-06-11 18:42:31') [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Reject', '2014-06-11 18:42:31') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Reject', '2014-06-11 18:42:31') rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [attr_filter.access_reject] expand: %{User-Name} -> 1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 78 to 76.8.212.170 port 36910 Waking up in 4.9 seconds. Cleaning up request 0 ID 78 with timestamp +6 Ready to process requests. Thanks Brent