Hi I want to disable login users with empty passwords So, the entry in my "users" file is: --------------------------------- DEFAULT User-Password !~ "^$" Framed-MTU = 576, Acct-Interim-Interval := 60 DEFAULT Auth-Type := Reject Reply-Message = "Unknown user subscription type" --------------------------------- And I expected Access-Reject with reply message. Instead I got Access-Reject but for another reason - Incorrect password (see debugging output below). Password is not empty and stored in MySQL database as clear text. Same result I saw when used simple (not regular) expression: ---------------------------------------- DEFAULT User-Password != "" Framed-MTU = 576, Acct-Interim-Interval := 60 DEFAULT Auth-Type := Reject Reply-Message = "Unknown user subscription type" --------------------------------------- 1) If I remove this check from users file, the user can log in successfuly. 2) Regular expression for User-Name is working well, e.g. DEFAULT User-Name =~ "^[-_[:alnum:]]+$", NAS-Port-Type == Ethernet Framed-MTU = 576, Acct-Interim-Interval := 60 It seems to me that the Value of User-Password is broken during check and not equal to Value taken from database. My questions is: Is User-Password handled in the same way as another attributes in "user" file OR not ? How to disable users with empty passwords ? PS: The problem occured with versions 1.0.1 and 1.0.5 My backend - MySQL with standard radius database. OS - Redhat 9.x, i386. Debugging output of "radiusd -X" looks like this: --------------------------------- rad_recv: Access-Request packet from host 127.0.0.1:1112, id=47, length=65 User-Name = "cftest" User-Password = "1234567890" Service-Type = Framed-User Framed-Protocol = PPP NAS-Identifier = "r9999" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20060824' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20060824 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "cftest", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry DEFAULT at line 14 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'cftest' rlm_sql (sql): sql_set_user escaped user --> 'cftest' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username=(SELECT distinct username FROM usergroup WHERE groupname&(SELECT regionid FROM regionslist WHERE routerid='r9999') AND username='cftest') ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: num_fields 5 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'cftest' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: num_fields 5 radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'cftest' ORDER BY id' rlm_sql_mysql: num_fields 5 radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'cftest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: num_fields 5 rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 -- regards, Vladimir