I am setting up a new Radius server or a mikrotik hotspot system. I am getting a wierd issue that I have not been able to solve or find hints to what to do to fix it. I have setup the system with mysql. I see the radcheck happen and show it retrieved a record. ( I have verified the sql statments do actually pull something). I am not sending any reply so nothing is found in that table. At this point from what I understand in reading how the sql module works at this point it should send back a Access-Accept. Unfortunatly it does not and continues to do group checks and I end up with a reject.
Hoping someone can give me a idea of what I need to look at or what I can read up more on to track the issue I am having down.
Here is the debug:
rad_recv: Access-Request packet from host 76.8.212.170 port 36910, id=78, length=189
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "1C:4B:D6:A5:CD:BF"
Called-Station-Id = "10631"
NAS-Port-Id = "ether2"
User-Name = "1"
NAS-Port = 2152726611
Acct-Session-Id = "80500053"
Framed-IP-Address = 10.69.103.254
Mikrotik-Host-IP = 10.69.103.254
CHAP-Challenge = 0x95b4afa9e0e37e62da70a83197931d11
CHAP-Password = 0x21b4c5ed3e3175b1b7672103936286b74e
Service-Type = Login-User
WISPr-Logoff-URL = "http://10.69.100.1/logout"
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.99.163
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> 1
[sql] sql_set_user escaped user --> '1'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' and PID='%{Called-Station-Id}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1' and PID='10631' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1' and PID='10631' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' and PID='%{Called-Station-Id}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1' and PID='10631' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '1' and PID='10631' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '1' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by "1" with CHAP password
[chap] Using clear text password "1" for user 1 authentication.
[chap] chap user 1 authenticated succesfully
++[chap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> 1
[sql] sql_set_user escaped user --> '1'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} -> 0x21b4c5ed3e3175b1b7672103936286b74e
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Accept', '2014-06-11 18:42:31')
[sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Accept', '2014-06-11 18:42:31')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Accept', '2014-06-11 18:42:31')
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[sql_log] Processing sql_log_postauth
[sql_log] expand: %{User-Name} -> 1
[sql_log] expand: %{%{User-Name}:-DEFAULT} -> 1
[sql_log] sql_set_user escaped user --> '1'
[sql_log] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[sql_log] ... expanding second conditional
[sql_log] expand: Chap-Password -> Chap-Password
[sql_log] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('1', 'Chap-Password', 'Access-Accept', '2014-06-11 18:42:31');
[sql_log] expand: /var/log/freeradius/radacct/sql-relay -> /var/log/freeradius/radacct/sql-relay
[sql_log] Couldn't open file /var/log/freeradius/radacct/sql-relay: No such file or directory
++[sql_log] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[sql] expand: %{User-Name} -> 1
[sql] sql_set_user escaped user --> '1'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} -> 0x21b4c5ed3e3175b1b7672103936286b74e
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Reject', '2014-06-11 18:42:31')
[sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Reject', '2014-06-11 18:42:31')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '1', '0x21b4c5ed3e3175b1b7672103936286b74e', 'Access-Reject', '2014-06-11 18:42:31')
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[attr_filter.access_reject] expand: %{User-Name} -> 1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 78 to 76.8.212.170 port 36910
Waking up in 4.9 seconds.
Cleaning up request 0 ID 78 with timestamp +6
Ready to process requests.
Thanks
Brent