Hello, I have created a user like this
select * from radcheck where id=3; +----+----------+--------------------+----+----------+ | id | username | attribute | op | value | +----+----------+--------------------+----+----------+ | 3 | tata | Cleartext-Password | := | passtata | +----+----------+--------------------+----+----------+
select * from radreply where id=3; +----+----------+--------------+----+-------+ | id | username | attribute | op | value | +----+----------+--------------+----+-------+ | 3 | tata | Fall-Through | = | Yes | +----+----------+--------------+----+-------+
select * from radusergroup; +----+----------+-----------+----------+ | id | username | groupname | priority | +----+----------+-----------+----------+ | 1 | tata | admin | 1 | +----+----------+-----------+----------+
select * from radgroupreply; +----+-----------+-------------------------+----+----------+ | id | groupname | attribute | op | value | +----+-----------+-------------------------+----+----------+ | 1 | admin | Tunnel-Type | == | VLAN | | 2 | admin | Tunnel-Medium-Type | == | IEEE-802 | | 3 | admin | Tunnel-Private-Group-Id | == | 9 | +----+-----------+-------------------------+----+----------+
But when I make my radius test request the Access accept is sent but not the other attributes # radtest tata passtata 127.0.0.1 1812 testing123 Sent Access-Request Id 54 from 0.0.0.0:39af to 127.0.0.1:1812 length 74 User-Name = "tata" User-Password = "passtata" NAS-IP-Address = 10.127.2.210 NAS-Port = 1812 Message-Authenticator = 0x00 Cleartext-Password = "passtata" Received Access-Accept Id 54 from 127.0.0.1:714 to 127.0.0.1:14767 length 20 In my debug logs my attributes are retrieved but not sent (2) Received Access-Request Id 54 from 127.0.0.1:14767 to 127.0.0.1:1812 length 74 (2) User-Name = "tata" (2) User-Password = "passtata" (2) NAS-IP-Address = 10.127.2.210 (2) NAS-Port = 1812 (2) Message-Authenticator = 0xbea8f8a6107528be29765e63e58d0a3d (2) # Executing section authorize from file /etc/raddb/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ /@\./) { (2) if (&User-Name =~ /@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "tata", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: No EAP-Message, not doing EAP (2) [eap] = noop (2) [files] = noop (2) sql: EXPAND %{User-Name} (2) sql: --> tata (2) sql: SQL-User-Name set to 'tata' rlm_sql (sql): Reserved connection (5) (2) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (2) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tata' ORDER BY id (2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'tata' ORDER BY id (2) sql: User found in radcheck table (2) sql: Conditional check items matched, merging assignment check items (2) sql: Cleartext-Password := "passtata" (2) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (2) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tata' ORDER BY id (2) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'tata' ORDER BY id (2) sql: User found in radreply table, merging reply items (2) sql: Fall-Through = Yes (2) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (2) sql: --> SELECT groupname FROM radusergroup WHERE username = 'tata' ORDER BY priority (2) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'tata' ORDER BY priority (2) sql: User found in the group table (2) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (2) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id (2) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id (2) sql: Group "admin": Conditional check items matched (2) sql: Group "admin": Merging assignment check items (2) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (2) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'admin' ORDER BY id (2) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'admin' ORDER BY id (2) sql: Group "admin": Merging reply items (2) sql: Tunnel-Type == VLAN (2) sql: Tunnel-Medium-Type == IEEE-802 (2) sql: Tunnel-Private-Group-Id == "9" rlm_sql (sql): Released connection (5) Need more connections to reach 10 spares rlm_sql (sql): Opening additional connection (7), 1 of 29 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radiusdb' on Localhost via UNIX socket, server version 10.9.8-MariaDB, protocol version 10 rlm_sql (sql): Closing expired connection (6) - Hit idle_timeout limit rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): Closing expired connection (0) - Hit idle_timeout limit rlm_sql_mysql: Socket destructor called, closing socket (2) [sql] = ok (2) [expiration] = noop (2) [logintime] = noop (2) [pap] = updated (2) } # authorize = updated (2) Found Auth-Type = PAP (2) # Executing group from file /etc/raddb/sites-enabled/default (2) Auth-Type PAP { (2) pap: Login attempt with password (2) pap: Comparing with "known good" Cleartext-Password (2) pap: User authenticated successfully (2) [pap] = ok (2) } # Auth-Type PAP = ok (2) # Executing section post-auth from file /etc/raddb/sites-enabled/default (2) post-auth { (2) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) { (2) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE (2) update { (2) No attributes updated for RHS &session-state: (2) } # update = noop (2) sql: EXPAND .query (2) sql: --> .query (2) sql: Using query template 'query' rlm_sql (sql): Reserved connection (5) (2) sql: EXPAND %{User-Name} (2) sql: --> tata (2) sql: SQL-User-Name set to 'tata' (2) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M' ) (2) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'tata', 'passtata', 'Access-Accept', '2025-01-18 01:21:24.187903' ) (2) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'tata', 'passtata', 'Access-Accept', '2025-01-18 01:21:24.187903' ) (2) sql: SQL query returned: success (2) sql: 1 record(s) updated rlm_sql (sql): Released connection (5) (2) [sql] = ok (2) [exec] = noop (2) policy remove_reply_message_if_eap { (2) if (&reply:EAP-Message && &reply:Reply-Message) { (2) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (2) else { (2) [noop] = noop (2) } # else = noop (2) } # policy remove_reply_message_if_eap = noop (2) if (EAP-Key-Name && &reply:EAP-Session-Id) { (2) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE (2) } # post-auth = ok (2) Login OK: [tata] (from client localhost port 1812) (2) Sent Access-Accept Id 54 from 127.0.0.1:1812 to 127.0.0.1:14767 length 20 (2) Finished request Waking up in 4.9 seconds. (2) Cleaning up request packet ID 54 with timestamp +6200 due to cleanup_delay was reached Ready to process requests I don't have any filters in place # grep filt /etc/raddb/radiusd.conf What could be the problem ?