Thanks for your patience so far. I did edit include sql.conf and only edited authorize to uncomment sql line. Now I am getting the below. [chap] ERROR: You set 'Auth-Type = CHAP' for a request that does not contain a CHAP-Password attribute! I did try as LOCAL and it says set CHAP, I also tried mschap ########## Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 36343, id=0, length=67 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "test" Calling-Station-Id = "xxxxxxxx" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> test [sql] sql_set_user escaped user --> 'test' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'normalusers' ORDER BY id [sql] User found in group normalusers [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'normalusers' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = CHAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group CHAP {...} [chap] ERROR: You set 'Auth-Type = CHAP' for a request that does not contain a CHAP-Password attribute! ++[chap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 0 to 127.0.0.1 port 36343 Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +8 Ready to process requests. My DB entries are : INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1, 'test', 'Cleartext-Password', '==', '123456'), INSERT INTO `radgroupcheck` (`id`, `groupname`, `attribute`, `op`, `value`) VALUES (1, 'normalusers', 'Auth-Type', '==', 'chap'); INSERT INTO `radgroupreply` (`id`, `groupname`, `attribute`, `op`, `value`) VALUES (1, 'normalusers', 'Framed-Compression', '=', 'Van-Jacobson-TCP-IP'), (2, 'normalusers', 'Framed-Protocol', '=', 'PPP'), (3, 'normalusers', 'Service-Type', '=', 'Framed-User'); INSERT INTO `radreply` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1, 'test', 'Framed-IP-Address', '=', '192.168.100.233'); INSERT INTO `radusergroup` (`username`, `groupname`, `priority`) VALUES ('test', 'normalusers', 1); On Wed, May 23, 2012 at 12:17 PM, Fajar A. Nugraha <list@fajar.net> wrote:
On Wed, May 23, 2012 at 4:16 PM, Fajar A. Nugraha <list@fajar.net> wrote:
On Wed, May 23, 2012 at 4:11 PM, Ali Jawad <ali.jawad@splendor.net> wrote:
is there something that needs to be done so FR checks in the database like adding sql entries to authorize{}
exactly. sites-available/default should be enough for pptpd since it doesn't use EAP. The comments on that file should be clear enough. Just uncomment "sql" on authorize section.
... and don't forget to read radiusd.conf as well. Read the commetns there, and uncomment the line that includes sql.conf (since you didn't mention it, you probably didn't do that either).
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- *Ali Jawad * *Information Systems Manager* *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554*