Hi Guys, We are currently using FR 3.0.4 on CentOS7 with SQL backend. Now we are planning to migrate it to 3.0.25 installed from https://networkradius.com/packages/#:~:text=number%20of%20platforms-,UBUNTU, -Add%20the%20APT Currently the authentication is getting failed with below logs. Thu Mar 10 13:47:43 2022 : Debug: rlm_sql (sql): Reserved connection (0) Thu Mar 10 13:47:43 2022 : Debug: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id Thu Mar 10 13:47:43 2022 : Debug: Parsed xlat tree: Thu Mar 10 13:47:43 2022 : Debug: literal --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY ' Thu Mar 10 13:47:43 2022 : Debug: attribute --> SQL-User-Name Thu Mar 10 13:47:43 2022 : Debug: literal --> ' ORDER BY id Thu Mar 10 13:47:43 2022 : Debug: (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id Thu Mar 10 13:47:43 2022 : Debug: (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'noctest' ORDER BY id Thu Mar 10 13:47:43 2022 : Debug: (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'noctest' ORDER BY id Thu Mar 10 13:47:43 2022 : Debug: (0) sql: User found in radcheck table Thu Mar 10 13:47:43 2022 : ERROR: (0) sql: Thu Mar 10 13:47:43 2022 : ERROR: (0) sql: ^ Empty expression Thu Mar 10 13:47:43 2022 : WARNING: (0) sql: check items do not match. Thu Mar 10 13:47:43 2022 : Debug: (0) sql: ... falling-through to group processing Thu Mar 10 13:47:43 2022 : Debug: SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority Thu Mar 10 13:47:43 2022 : Debug: Parsed xlat tree: Thu Mar 10 13:47:43 2022 : Debug: literal --> SELECT groupname FROM radusergroup WHERE username = BINARY ' ... Thu Mar 10 13:47:43 2022 : Debug: rlm_sql_mysql: Socket destructor called, closing socket Thu Mar 10 13:47:43 2022 : Debug: (0) modsingle[authorize]: returned from sql (rlm_sql) Thu Mar 10 13:47:43 2022 : Debug: (0) [sql] = ok Thu Mar 10 13:47:43 2022 : Debug: (0) modsingle[authorize]: calling expiration (rlm_expiration) Thu Mar 10 13:47:43 2022 : Debug: (0) modsingle[authorize]: returned from expiration (rlm_expiration) Thu Mar 10 13:47:43 2022 : Debug: (0) [expiration] = noop Thu Mar 10 13:47:43 2022 : Debug: (0) modsingle[authorize]: calling logintime (rlm_logintime) Thu Mar 10 13:47:43 2022 : Debug: (0) modsingle[authorize]: returned from logintime (rlm_logintime) Thu Mar 10 13:47:43 2022 : Debug: (0) [logintime] = noop Thu Mar 10 13:47:43 2022 : Debug: (0) modsingle[authorize]: calling pap (rlm_pap) Thu Mar 10 13:47:43 2022 : WARNING: (0) pap: No "known good" password found for the user. Not setting Auth-Type Thu Mar 10 13:47:43 2022 : WARNING: (0) pap: Authentication will fail unless a "known good" password is available Thu Mar 10 13:47:43 2022 : Debug: (0) modsingle[authorize]: returned from pap (rlm_pap) Thu Mar 10 13:47:43 2022 : Debug: (0) [pap] = noop Thu Mar 10 13:47:43 2022 : Debug: (0) } # authorize = ok Thu Mar 10 13:47:43 2022 : ERROR: (0) No Auth-Type found: rejecting the user via Post-Auth-Type = Reject Thu Mar 10 13:47:43 2022 : Debug: (0) Failed to authenticate the user The full logs are here. https://pastebin.com/r1b2nZRc I am using below values in radcheck table for user. I am using Calling-Station-Id to restrict MAC as well. mysql> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'noctest' ORDER BY id -> ; +---------+----------+--------------------+---------+----+ | id | username | attribute | value | op | +---------+----------+--------------------+---------+----+ | 2882016 | noctest | Cleartext-Password | noctest | := | | 2882017 | noctest | Calling-Station-Id | | =~ | +---------+----------+--------------------+---------+----+ I have tested by removing the Calling-Station-Id ROW from radcheck table. The authentication goes successful Thu Mar 10 18:04:04 2022 : Debug: Parsed xlat tree: Thu Mar 10 18:04:04 2022 : Debug: literal --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = ' Thu Mar 10 18:04:04 2022 : Debug: attribute --> SQL-User-Name Thu Mar 10 18:04:04 2022 : Debug: literal --> ' ORDER BY id Thu Mar 10 18:04:04 2022 : Debug: (3) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id Thu Mar 10 18:04:04 2022 : Debug: (3) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'noctest' ORDER BY id Thu Mar 10 18:04:04 2022 : Debug: (3) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'noctest' ORDER BY id Thu Mar 10 18:04:04 2022 : Debug: (3) sql: User found in radcheck table Thu Mar 10 18:04:04 2022 : Debug: (3) sql: Conditional check items matched, merging assignment check items Thu Mar 10 18:04:04 2022 : Debug: (3) sql: Cleartext-Password := "noctest" Thu Mar 10 18:04:04 2022 : Debug: (3) sql: ::: FROM 1 TO 0 MAX 1 Thu Mar 10 18:04:04 2022 : Debug: (3) sql: ::: Examining Cleartext-Password Thu Mar 10 18:04:04 2022 : Debug: (3) sql: ::: APPENDING Cleartext-Password FROM 0 TO 0 Thu Mar 10 18:04:04 2022 : Debug: (3) sql: ::: TO in 0 out 0 Thu Mar 10 18:04:04 2022 : Debug: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id Thu Mar 10 18:04:04 2022 : Debug: Parsed xlat tree: .. Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authorize]: returned from sql (rlm_sql) Thu Mar 10 18:04:04 2022 : Debug: (3) [sql] = ok Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authorize]: calling expiration (rlm_expiration) Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authorize]: returned from expiration (rlm_expiration) Thu Mar 10 18:04:04 2022 : Debug: (3) [expiration] = noop Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authorize]: calling logintime (rlm_logintime) Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authorize]: returned from logintime (rlm_logintime) Thu Mar 10 18:04:04 2022 : Debug: (3) [logintime] = noop Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authorize]: calling pap (rlm_pap) Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authorize]: returned from pap (rlm_pap) Thu Mar 10 18:04:04 2022 : Debug: (3) [pap] = updated Thu Mar 10 18:04:04 2022 : Debug: (3) } # authorize = updated Thu Mar 10 18:04:04 2022 : Debug: (3) Found Auth-Type = PAP Thu Mar 10 18:04:04 2022 : Debug: (3) # Executing group from file /etc/freeradius/sites-enabled/default Thu Mar 10 18:04:04 2022 : Debug: (3) Auth-Type PAP { Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authenticate]: calling pap (rlm_pap) Thu Mar 10 18:04:04 2022 : Debug: (3) pap: Login attempt with password "noctest" (7) Thu Mar 10 18:04:04 2022 : Debug: (3) pap: Comparing with "known good" Cleartext-Password "noctest" (7) Thu Mar 10 18:04:04 2022 : Debug: (3) pap: User authenticated successfully Thu Mar 10 18:04:04 2022 : Debug: (3) modsingle[authenticate]: returned from pap (rlm_pap) Thu Mar 10 18:04:04 2022 : Debug: (3) [pap] = ok Thu Mar 10 18:04:04 2022 : Debug: (3) } # Auth-Type PAP = ok Thu Mar 10 18:04:04 2022 : Debug: (3) # Executing section session from file /etc/freeradius/sites-enabled/default Thu Mar 10 18:04:04 2022 : Debug: (3) session { Full logs are here. https://pastebin.com/7xvgukiq With my current production setup I am using Calling-Station-Id to restrict MAC for authentication and I want to use the same with 3.0.25. How to achieve this ? Ammad