Perhaps do what is suggested wherever you care to look (this list, documentation, website, ...) - run server in debug mode (radiusd -X). Then you will see exactly what is happening.
I did that, and it didn't help. I added a realm definition back in to the config file, and here's the debug output now:
[suffix] Looking up realm "soe.ucsc.edu" for User-Name = "tjg@soe.ucsc.edu" [suffix] Found realm "soe.ucsc.edu" [suffix] Adding Stripped-User-Name = "tjg" [suffix] Adding Realm = "soe.ucsc.edu" [suffix] Authentication realm is LOCAL.
So far so good...
[ldap] performing user authorization for tjg [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=tjg) [ldap] expand: dc=soe,dc=ucsc,dc=edu -> dc=soe,dc=ucsc,dc=edu
Depreciated syntax aside, we're still doing good...
[sql] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [sql] expand: insert into RadiusLog (SessionID, UserName, WapIpAddress, UserMacAddress, StartTime) value ('%{Acct-Session-Id}', '%{Stripped-User-Name:-%{User-Name}}', '%{NAS-IP-Address}', '%{Calling-Station-Id}', '%S') -> insert into RadiusLog (SessionID, UserName, WapIpAddress, UserMacAddress, StartTime) value ('0004F8C5', 'tjg@soe.ucsc.edu', '192.168.32.8', '0024.2b58.2f46', '2009-11-23 14:13:42')
Doh, no dice! Incidentally, as I mentioned in another reply a few minutes ago, using %{SQL-User-Name} instead of %{User-Name} results in an empty string, and using only %{Stripped-User-Name} also results in an empty string. If you really would like me to, I suppose I could get you the whole debug output, but it's a few thousand lines for a single authorization. Tim Gustafson Baskin School of Engineering UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354