I also noticed that it is failing for PPP users as well:
Hi - we recently upgraded to version 2.1.8 (freeradius) and my authentication does not work any more.This used to work (configured in Radius):basic-a User-Password == "csetestp"User-Name =~ "^([aA-zZ]+)-([aA-zZ]+)$",Framed-Pool := "21",Class := 2,Session-Timeout := 600,Fall-Through = NoThis is not pap/chap authentication - our NAS is sending auth-req for a DHCP user.I also tried to change to cleartext-password.Also I tried this:basic-a Auth-Type := Local, User-Password == "csetestp" but no luckThis is what I'm getting on Radius:rad_recv: Access-Request packet from host 114.0.1.11 port 50633, id=62, length=78User-Name = "basic-a"User-Password = "csetestp"NAS-IP-Address = 2.2.2.2NAS-Port-Type = EthernetNAS-Port-Id = "1/1/5:4"NAS-Identifier = "right-b4"+- entering group authorize {...}++[preprocess] returns ok++[chap] returns noop++[mschap] returns noop[suffix] No '@' in User-Name = "basic-a", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No EAP-Message, not doing EAP++[eap] returns noop++[unix] returns notfound[files] expand: %{User-Name} -> basic-a[files] expand: %{User-Name} -> basic-a[files] expand: %{User-Name} -> basic-a[files] expand: %{User-Name} -> basic-aWARNING: Found User-Password == "...".WARNING: Are you sure you don't mean Cleartext-Password?WARNING: See "man rlm_pap" for more information.[files] users: Matched entry basic-a at line 106++[files] returns ok++[expiration] returns noop++[logintime] returns noop[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.++[pap] returns noopFound Auth-Type = LocalWARNING: Please update your configuration, and remove 'Auth-Type = Local'WARNING: Use the PAP or CHAP modules instead.No "known good" password was configured for the user.As a result, we cannot authenticate the user.Failed to authenticate the user.Using Post-Auth-Type Reject+- entering group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} -> basic-aattr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject] returns updatedDelaying reject of request 1 for 1 secondsGoing to the next requestWaking up in 0.9 seconds.Sending delayed reject for request 1Sending Access-Reject of id 62 to 114.0.1.11 port 50633Waking up in 4.9 seconds.Cleaning up request 1 ID 62 with timestamp +37Ready to process requests.