Hello Alan, Show the FULL debug output. And just use "radiusd -X". Don't use
"radiusd -Xxx" unless we suggest it.
ok
Following the documentation helps you get quick and useful answers. Ignoring the documentation means it's much more difficult for us to help you.
Here is... (9) Received Access-Request Id 251 from 192.168.1.15:34136 to 192.168.1.6:1812 length 80 (9) User-Name = 'nodowifi@nodo.unex.es' (9) User-Password = 'pass' (9) Calling-Station-Id = 'f0:f6:1c:58:da:cd' (9) # Executing section authorize from file /etc/freeradius/sites-enabled/captive (9) authorize { (9) policy deny_realms_captive { (9) if (!&User-Name) { (9) if (!&User-Name) -> FALSE (9) if (&User-Name !~ /@((temp.)|(nodo.)|(alumnos.))?unex.es$/) { (9) if (&User-Name !~ /@((temp.)|(nodo.)|(alumnos.))?unex.es$/) -> FALSE (9) } # policy deny_realms_captive = notfound (9) policy filter_username_captive { (9) if (!&User-Name) { (9) if (!&User-Name) -> FALSE (9) if (&User-Name !~ /^[A-Za-z0-9]{3,15}@/) { (9) if (&User-Name !~ /^[A-Za-z0-9]{3,15}@/) -> FALSE (9) } # policy filter_username_captive = notfound (9) auth_log: EXPAND /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d (9) auth_log: --> /var/log/freeradius/radacct/ 192.168.1.15/auth-detail-20160506 (9) auth_log: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.1.15/auth-detail-20160506 (9) auth_log: EXPAND %t (9) auth_log: --> Fri May 6 14:01:04 2016 (9) [auth_log] = ok (9) suffix: Checking for suffix after "@" (9) suffix: Looking up realm "nodo.unex.es" for User-Name = " nodowifi@nodo.unex.es" (9) suffix: Found realm "nodo.unex.es" (9) suffix: Adding Stripped-User-Name = "nodowifi" (9) suffix: Adding Realm = "nodo.unex.es" (9) suffix: Authentication realm is LOCAL (9) [suffix] = ok (9) preprocess: hints: Matched DEFAULT at 31 (9) preprocess: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} (9) preprocess: --> nodowifi@nodo.unex.es (9) preprocess: SQL-User-Name set to 'nodowifi@nodo.unex.es' rlm_sql (sqllocal): Reserved connection (6) (9) preprocess: EXPAND /var/log/freeradius/sqllog.sql (9) preprocess: --> /var/log/freeradius/sqllog.sql (9) preprocess: Executing select query: SELECT username FROM radpostauth WHERE client like 'PA%' and reply='Access-Accept' and mac='' and authdate > (SELECT DATE_SUB(NOW(),INTERVAL 1 DAY)) order by authdate desc limit 1 (9) preprocess: SQL query returned no results rlm_sql (sqllocal): Released connection (6) (9) preprocess: EXPAND %{sqllocal:SELECT username FROM radpostauth WHERE client like 'PA%%' and reply='Access-Accept' and mac='%{Calling-Station-Id}' and authdate > (SELECT DATE_SUB(NOW(),INTERVAL 1 DAY)) order by authdate desc limit 1} (9) preprocess: --> (9) [preprocess] = ok (9) if (&Intentos-Reject > 10) { (9) ERROR: Failed retrieving values required to evaluate condition (9) if (&Tipo-Usuario == 'TEMPORAL') { (9) if (&Tipo-Usuario == 'TEMPORAL') -> FALSE (9) elsif (&Tipo-Usuario == 'NODO') { (9) elsif (&Tipo-Usuario == 'NODO') -> TRUE (9) elsif (&Tipo-Usuario == 'NODO') { (9) [ok] = ok (9) } # elsif (&Tipo-Usuario == 'NODO') = ok (9) ... skipping elsif for request 9: Preceding "if" was taken (9) if (&Tipo-Usuario == 'EMAIL') { (9) if (&Tipo-Usuario == 'EMAIL') -> FALSE (9) if (fail) { (9) if (fail) -> FALSE (9) elsif (notfound) { (9) elsif (notfound) -> FALSE (9) if (&Tipo-Usuario != 'TEMPORAL') { (9) if (&Tipo-Usuario != 'TEMPORAL') -> TRUE (9) if (&Tipo-Usuario != 'TEMPORAL') { (9) perlCheckRelaciones: $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'nodowifi@nodo.unex.es' (9) perlCheckRelaciones: $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'pass' (9) perlCheckRelaciones: $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '192.168.1.15' (9) perlCheckRelaciones: $RAD_REQUEST{'Reply-Message'} = &request:Reply-Message -> '' (9) perlCheckRelaciones: $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> 'f0:f6:1c:58:da:cd' (9) perlCheckRelaciones: $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'May 6 2016 14:01:04 CEST' (9) perlCheckRelaciones: $RAD_REQUEST{'Stripped-User-Name'} = &request:Stripped-User-Name -> 'nodowifi' (9) perlCheckRelaciones: $RAD_REQUEST{'Realm'} = &request:Realm -> ' nodo.unex.es' (9) perlCheckRelaciones: $RAD_REQUEST{'Module-Failure-Message'} = &request:Module-Failure-Message -> 'Failed retrieving values required to evaluate condition' (9) perlCheckRelaciones: $RAD_REQUEST{'Tipo-Usuario'} = &request:Tipo-Usuario -> 'NODO' rlm_perl: RAD_REQUEST: User-Password = pass rlm_perl: RAD_REQUEST: Tipo-Usuario = NODO rlm_perl: RAD_REQUEST: Module-Failure-Message = Failed retrieving values required to evaluate condition rlm_perl: RAD_REQUEST: Event-Timestamp = May 6 2016 14:01:04 CEST rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.1.15 rlm_perl: RAD_REQUEST: Reply-Message = rlm_perl: RAD_REQUEST: Calling-Station-Id = f0:f6:1c:58:da:cd rlm_perl: RAD_REQUEST: User-Name = nodowifi@nodo.unex.es rlm_perl: RAD_REQUEST: Realm = nodo.unex.es rlm_perl: RAD_REQUEST: Stripped-User-Name = nodowifi (9) perlCheckRelaciones: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'pass' (9) perlCheckRelaciones: &request:Tipo-Usuario = $RAD_REQUEST{'Tipo-Usuario'} -> 'NODO' (9) perlCheckRelaciones: &request:Module-Failure-Message = $RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values required to evaluate condition' (9) perlCheckRelaciones: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'May 6 2016 14:01:04 CEST' (9) perlCheckRelaciones: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '192.168.1.15' (9) perlCheckRelaciones: &request:Reply-Message = $RAD_REQUEST{'Reply-Message'} -> '' (9) perlCheckRelaciones: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 'f0:f6:1c:58:da:cd' (9) perlCheckRelaciones: &request:User-Name = $RAD_REQUEST{'User-Name'} -> ' nodowifi@nodo.unex.es' (9) perlCheckRelaciones: &request:Realm = $RAD_REQUEST{'Realm'} -> ' nodo.unex.es' (9) perlCheckRelaciones: &request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 'nodowifi' (9) [perlCheckRelaciones] = notfound (9) if (notfound) { (9) if (notfound) -> TRUE (9) if (notfound) { (9) update { (9) &reply:Codigo-Reject = Sin-Relacion-UEX (9) } # update = noop (9) [reject] = reject (9) } # if (notfound) = reject (9) } # if (&Tipo-Usuario != 'TEMPORAL') = reject (9) } # authorize = reject (9) Using Post-Auth-Type Reject (9) # Executing group from file /etc/freeradius/sites-enabled/captive (9) Post-Auth-Type REJECT { (9) update { (9) &reply:Codigo-Reject = Credenciales-Erroneas (9) } # update = noop (9) sqllocal: EXPAND .query (9) sqllocal: --> .query (9) sqllocal: Using query template 'query' rlm_sql (sqllocal): Reserved connection (6) (9) sqllocal: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} (9) sqllocal: --> nodowifi (9) sqllocal: SQL-User-Name set to 'nodowifi' (9) sqllocal: EXPAND INSERT INTO radpostauth (username, mac, client, reply, authdate, codreject, radauth) VALUES ( LOWER('%{User-Name}'), UPPER('%{Calling-Station-Id}'), '%{Client-Shortname}', '%{reply:Packet-Type}', '%S', '%{reply:Codigo-Reject}', 'radiusprueba') (9) sqllocal: --> INSERT INTO radpostauth (username, mac, client, reply, authdate, codreject, radauth) VALUES ( LOWER('nodowifi@nodo.unex.es'), UPPER('f0:f6:1c:58:da:cd'), 'cau1PC', 'Access-Reject', '2016-05-06 14:01:04', 'Sin-Relacion-UEX', 'radiusprueba') (9) sqllocal: EXPAND /var/log/freeradius/post-auth.sql (9) sqllocal: --> /var/log/freeradius/post-auth.sql (9) sqllocal: Executing query: INSERT INTO radpostauth (username, mac, client, reply, authdate, codreject, radauth) VALUES ( LOWER(' nodowifi@nodo.unex.es'), UPPER('f0:f6:1c:58:da:cd'), 'cau1PC', 'Access-Reject', '2016-05-06 14:01:04', 'Sin-Relacion-UEX', 'radiusprueba') (9) sqllocal: SQL query returned: success (9) sqllocal: 1 record(s) updated rlm_sql (sqllocal): Released connection (6) (9) [sqllocal] = ok (9) if (fail) { (9) if (fail) -> FALSE (9) attr_filter.access_reject: EXPAND %{User-Name} (9) attr_filter.access_reject: --> nodowifi@nodo.unex.es (9) attr_filter.access_reject: Matched entry DEFAULT at line 18 (9) [attr_filter.access_reject] = updated (9) } # Post-Auth-Type REJECT = updated (9) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (9) <delay>: Sending delayed response (9) <delay>: Sent Access-Reject Id 251 from 192.168.1.6:1812 to 192.168.1.15:34136 length 20 Waking up in 3.9 seconds. (9) <delay>: Cleaning up request packet ID 251 with timestamp +122 Ready to process requests :::::::::::::::::::::::::::::::::::: :: Ana Gallardo Gómez :: ::::::::::::::::::::::::::::::::::::