Hi, I also configured Cleartext-Password. But the result is same Ready to process requests (1) Received Access-Request Id 72 from 10.26.144.169:51938 to 10.9.15.250:1812 length 45 (1) User-Name = "ahmet" (1) User-Password = "123456" (1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ /@\./) { (1) if (&User-Name =~ /@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "ahmet", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: No EAP-Message, not doing EAP (1) [eap] = noop (1) sql: EXPAND %{User-Name} (1) sql: --> ahmet (1) sql: SQL-User-Name set to 'ahmet' rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 4072 seconds rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 4072 seconds rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 4072 seconds rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 4072 seconds rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 4070 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): Closing connection (6): Hit idle_timeout, was idle for 4070 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 4070 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare" rlm_sql (sql): Opening additional connection (7), 1 of 32 pending slots used rlm_sql (sql): Reserved connection (7) (1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'ahmet' ORDER BY id (1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'ahmet' ORDER BY id (1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'ahmet' ORDER BY priority (1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'ahmet' ORDER BY priority (1) sql: User not found in any groups rlm_sql (sql): Released connection (7) Need 2 more connections to reach min connections (3) rlm_sql (sql): Opening additional connection (8), 1 of 31 pending slots used (1) [sql] = notfound (1) [expiration] = noop (1) [logintime] = noop (1) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (1) pap: WARNING: Authentication will fail unless a "known good" password is available (1) [pap] = noop (1) } # authorize = ok (1) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (1) Failed to authenticate the user (1) Using Post-Auth-Type Reject (1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (1) Post-Auth-Type REJECT { (1) sql: EXPAND .query (1) sql: --> .query (1) sql: Using query template 'query' rlm_sql (sql): Reserved connection (7) (1) sql: EXPAND %{User-Name} (1) sql: --> ahmet (1) sql: SQL-User-Name set to 'ahmet' (1) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (1) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'ahmet', '123456', 'Access-Reject', '2018-10-12 10:45:29') (1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'ahmet', '123456', 'Access-Reject', '2018-10-12 10:45:29') (1) sql: SQL query returned: success (1) sql: 1 record(s) updated rlm_sql (sql): Released connection (7) (1) [sql] = ok (1) attr_filter.access_reject: EXPAND %{User-Name} (1) attr_filter.access_reject: --> ahmet (1) attr_filter.access_reject: Matched entry DEFAULT at line 11 (1) [attr_filter.access_reject] = updated (1) [eap] = noop (1) policy remove_reply_message_if_eap { (1) if (&reply:EAP-Message && &reply:Reply-Message) { (1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (1) else { (1) [noop] = noop (1) } # else = noop (1) } # policy remove_reply_message_if_eap = noop (1) } # Post-Auth-Type REJECT = updated (1) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (1) Sending delayed response (1) Sent Access-Reject Id 72 from 10.9.15.250:1812 to 10.26.144.169:51938 length 20 Waking up in 3.9 seconds. (1) Cleaning up request packet ID 72 with timestamp +4072 Ready to process requests mysql> select * from radcheck; +----+----------+--------------------+----+--------+ | id | username | attribute | op | value | +----+----------+--------------------+----+--------+ | 10 | ahmet | Cleartext-Password | := | 123456 | +----+----------+--------------------+----+--------+ Alan DeKok <aland@deployingradius.com>, 12 Eki 2018 Cum, 13:42 tarihinde şunu yazdı:
On Oct 12, 2018, at 6:38 AM, ahmet erkol <ahmeterkol@gmail.com> wrote:
I installed freeradius 3.0.16 with mysql. But i have an error and warning like this.
(0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
I couldn't find a solution.
You have to set the "known good password" for the user.
This is the mysql radcheck table,
mysql> select * from radcheck; +----+----------+--------------------+----+--------+ | id | username | attribute | op | value | +----+----------+--------------------+----+--------+ | 8 | ahmet | User-Password | := | 123456 | +----+----------+--------------------+----+--------+
No, that's not correct. You have to set Cleartext-Password. All of the documentation and examples say to do this.
If you found something that says to use User-Password, then:
a) that documentation is 10+ years old
b) it's written by some third party who has nothing to do with FreeRADIUS
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html