If I use EAP no problem to authenticate users on both backend.
But…in the process to use a Cisco WLC captive portal I've verified that only sql works.
[pap] WARNING: Auth-Type already set. Not setting to PAP
rad_recv: Access-Request packet from host 150.178.3.53 port 55249, id=114, length=77
User-Name = "barbato"
User-Password = "xxxxxxxxxxx"
NAS-IP-Address = 150.178.33.105
NAS-Port = 1
Message-Authenticator = 0x122864a655b86ac6d24c76e360fac328
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "barbato", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "barbato"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> barbato
[sql] sql_set_user escaped user --> 'barbato'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'barbato' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'barbato' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
[sql] User barbato not found
++[sql] returns notfound
++? if (ok)
? Evaluating (ok) -> FALSE
++? if (ok) -> FALSE
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [barbato] (from client rfxnet1 port 1)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> barbato
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
radtest behave the same.
Paolo.