working(user from database): rad_recv: Access-Request packet from host 192.168.0.2 port 45023, id=7, length=188 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 362 NAS-Port-Type = Ethernet User-Name = "neptun" Calling-Station-Id = "00:21:00:11:90:58" Called-Station-Id = "service1" NAS-Port-Id = "bridge1" MS-CHAP-Challenge = 0x789a686362d46451ad1b12d6d1fecfb4 MS-CHAP2-Response = 0x0100efef25766b55d6f212d5332ed21e16d70000000000000000ae2174f15545d09d57abb1befd659c8255b254db8f45bfc9 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.0.2 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/radius/var/log/radius/rad [auth_log] /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/ [auth_log] expand: %t -> Wed Feb 10 17:45:13 2010 ++[auth_log] returns ok [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [sql] expand: %{User-Name} -> neptun [sql] sql_set_user escaped user --> 'neptun' rlm_sql (sql): Reserving sql socket id: 12 [sql] expand: call rad1('%{User-Name}'); -> call rad1('neptun'); [sql] User found in radcheck table [sql] expand: call rad2('%{User-Name}'); -> call rad2('neptun'); rlm_sql (sql): Released sql socket id: 12 ++[sql] returns ok Found Auth-Type = MSCHAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [mschap] Told to do MS-CHAPv2 for neptun with NT-Password ++[mschap] returns ok +- entering group session {...} ++[sql] returns noop Login OK: [neptun/<via Auth-Type = mschap>] (from client router port 362 cli 00:21:00:11:90:58) +- entering group post-auth {...} [sql] expand: %{User-Name} -> neptun [sql] sql_set_user escaped user --> 'neptun' [sql] expand: UPDATE nodes SET lastonline = unix_timestamp() WHERE name='%{User-Name}' or mac='%{User-Name}'; -> UPDATE nodes SET lastonline = rlm_sql (sql) in sql_postauth: query is UPDATE nodes SET lastonline = unix_timestamp() WHERE name='neptun' or mac='neptun'; rlm_sql (sql): Reserving sql socket id: 11 rlm_sql (sql): Released sql socket id: 11 ++[sql] returns ok Sending Access-Accept of id 7 to 192.168.0.2 port 45023 Framed-IP-Address == 192.168.4.201 Framed-IP-Netmask == 255.255.255.255 Mikrotik-Rate-Limit := "386k/3072k 0/3584k 0/1536k 0/25 8" MS-CHAP2-Success = 0x01533d45344637363346393230313246374145374641363036434630314632334336324230363831333338 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 192.168.0.2 port 59326, id=8, length=146 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 362 NAS-Port-Type = Ethernet User-Name = "neptun" Calling-Station-Id = "00:21:00:11:90:58" Called-Station-Id = "service1" NAS-Port-Id = "bridge1" Acct-Session-Id = "81400150" Framed-IP-Address = 192.168.4.201 Acct-Authentic = RADIUS Event-Timestamp = "Feb 10 2010 17:45:14 CET" Acct-Status-Type = Start NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.0.2 Acct-Delay-Time = 0 +- entering group accounting {...} [sql] expand: %{User-Name} -> neptun [sql] sql_set_user escaped user --> 'neptun' [sql] expand: -> rlm_sql (sql): Reserving sql socket id: 10 rlm_sql (sql): Released sql socket id: 10 ++[sql] returns ok Sending Accounting-Response of id 8 to 192.168.0.2 port 59326 Finished request 2. Cleaning up request 2 ID 8 with timestamp +2 Going to the next request Waking up in 4.9 seconds. not working(alien user): rad_recv: Access-Request packet from host 192.168.0.2 port 57789, id=234, length=189 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 353 NAS-Port-Type = Ethernet User-Name = "someone" Calling-Station-Id = "00:21:00:11:90:58" Called-Station-Id = "service1" NAS-Port-Id = "bridge1" MS-CHAP-Challenge = 0xd74b24161391b697f91dee51eccb3898 MS-CHAP2-Response = 0x010004148d0dcca8dba78110be592613bf9000000000000000008a03009aa6e54aaf8af8bdd6ca4e3f366fdeb668b11a8ce7 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.0.2 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/radius/var/log/radius/radacct/192.168 [auth_log] /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/192.168.0.2/ [auth_log] expand: %t -> Wed Feb 10 17:39:24 2010 ++[auth_log] returns ok [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [sql] expand: %{User-Name} -> someone [sql] sql_set_user escaped user --> 'someone' rlm_sql (sql): Reserving sql socket id: 9 [sql] expand: call rad1('%{User-Name}'); -> call rad1('someone'); [sql] User found in radcheck table [sql] expand: call rad2('%{User-Name}'); -> call rad2('someone'); rlm_sql (sql): Released sql socket id: 9 ++[sql] returns ok Found Auth-Type = MSCHAP Found Auth-Type = Accept Warning: Found 2 auth-types on request for user 'someone' Auth-Type = Accept, accepting the user Login OK: [someone/<via Auth-Type = mschap>] (from client router port 353 cli 00:21:00:11:90:58) +- entering group post-auth {...} [sql] expand: %{User-Name} -> someone [sql] sql_set_user escaped user --> 'someone' [sql] expand: UPDATE nodes SET lastonline = unix_timestamp() WHERE name='%{User-Name}' or mac='%{User-Name}'; -> UPDATE nodes SET lastonline = unix_timest rlm_sql (sql) in sql_postauth: query is UPDATE nodes SET lastonline = unix_timestamp() WHERE name='someone' or mac='someone'; rlm_sql (sql): Reserving sql socket id: 8 rlm_sql (sql): Released sql socket id: 8 ++[sql] returns ok Sending Access-Accept of id 234 to 192.168.0.2 port 57789 Framed-IP-Address := 192.168.4.200 Framed-IP-Netmask := 255.255.255.255 Mikrotik-Rate-Limit := "128k/64k" Finished request 3. Going to the next request Waking up in 3.7 seconds. So what should I return to let in user without account in my database? POzdrawiam Marcin S.