In a certain context I want to accept all incoming requests. FreeRADIUS is 1.1.3. I hold the accounts in MySQL. This is, what I have stored in the database for one account: mysql> select * from usergroup where UserName='000000000009'; +---------+--------------+--------------+---------------------+---------------------+---------+ | id | UserName | GroupName | loaddate | validto | konftyp | +---------+--------------+--------------+---------------------+---------------------+---------+ | 1160351 | 000000000009 | sondergeraet | 2006-10-24 09:26:59 | 2006-10-31 00:00:00 | NULL | +---------+--------------+--------------+---------------------+---------------------+---------+ 1 row in set (0.00 sec) mysql> select * from radcheck where UserName='000000000009'; +---------+--------------+--------------+----+----------+---------------------+ | id | UserName | Attribute | op | Value | validto | +---------+--------------+--------------+----+----------+---------------------+ | 1159463 | 000000000009 | Hint | += | assignvl | 2006-10-31 00:00:00 | | 2512785 | 000000000009 | Auth-Type | := | Accept | NULL | | 2512786 | 000000000009 | Idle-Timeout | = | 123 | NULL | +---------+--------------+--------------+----+----------+---------------------+ 3 rows in set (0.00 sec) mysql> select * from radreply where UserName='000000000009'; +----+--------------+--------------+----+-------+------------+--------------+---------+ | id | UserName | Attribute | op | Value | ra_nasname | ra_GroupName | validto | +----+--------------+--------------+----+-------+------------+--------------+---------+ | 6 | 000000000009 | Idle-Timeout | = | 123 | NULL | NULL | NULL | +----+--------------+--------------+----+-------+------------+--------------+---------+ 1 row in set (0.00 sec) authorize_check_query from sql.conf is: authorize_check_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' and ( radcheck.Attribute !='Hint' ) \ ORDER BY id" radtest 000000000009 000b5d28f24x4 localhost 1812 testing123 Sending Access-Request of id 243 to 127.0.0.1 port 1812 User-Name = "000000000009" User-Password = "000b5d28f24x4" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=243, length=20 rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) Not the shared secret, the password is incorrect. Nevertheless, I want to ignore this and assign the check-item Auth-Type:=Accept from radcheck. radiusd -AX shows me: ... modcall[authorize]: module "files" returns notfound for request 0 radius_xlat: '000000000009' rlm_sql (sql): sql_set_user escaped user --> '000000000009' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '000000000009' and ( radcheck.Attribute !='Hint' ) ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.UserName = '000000000009' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: '' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE ( usergroup.Username = '000000000009' AND usergroup.GroupName = radgroupreply.Value ) or (usergroup.UserName='000000000009' and (radgroupreply.GroupName in (select type from nas where nasname = '255.255.255.255') and radgroupreply.GroupName='Cisco' and radgroupreply.Attribute!='Tunnel-Private-Group-ID' ) ) ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 rlm_sql: check items Auth-Type := Accept Idle-Timeout = 123 Hint == "assignvl" ^^^^^^^^^^^^^^ (enabled debugging in rlm_sql.c around line 850) rlm_sql: reply items rlm_sql (sql): No matching entry in the database for request from user [000000000009] modcall[authorize]: module "sql" returns notfound for request 0 Why do I get a 'No matching entry in the database for request from user [000000000009]', although the expanded authorize_check_query , copied from above in mysql direct gives me the following: mysql> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '000000000009' and ( radcheck.Attribute !='Hint' ) ORDER BY id; +---------+--------------+--------------+--------+----+ | id | UserName | Attribute | Value | op | +---------+--------------+--------------+--------+----+ | 2512785 | 000000000009 | Auth-Type | Accept | := | | 2512786 | 000000000009 | Idle-Timeout | 123 | = | +---------+--------------+--------------+--------+----+ 2 rows in set (0.00 sec) Thanks Norbert Wegener