Hi, I have tried reordering the elements in the radiusd.conf file so that the database is tried first, and then commented out the section to check the users file, and I am still having the same issues. Here is the output again: Ready to process requests. rad_recv: Access-Request packet from host 10.10.1.1:1320, id=0, length=123 User-Name = "simon" NAS-IP-Address = 10.10.1.1 Called-Station-Id = "0014bff3dac8" Calling-Station-Id = "0013ce29c6d7" NAS-Identifier = "0014bff3dac8" NAS-Port = 56 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a0173696d6f6e Message-Authenticator = 0x68b3f01e605eb032281dd6c99dfd9e52 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "simon", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'simon' rlm_sql (sql): sql_set_user escaped user --> 'simon' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'simon' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'simon' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'simon' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'simon' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'simon' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [simon/<no User-Password attribute>] (from client linksys-434 port 56 cli 0013ce29c6d7) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 10.10.1.1 port 1320 Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 447ef7e2 Nothing to do. Sleeping until we see a request. As before, it still authenticates perfectly when I try it with either NTRadPing or radtest. Thanks again, Simon
hi,
you say it works okay with NTRadPing and that when you use an entry in users file it works...however in the log you supplied its still matching an entry in the users file - and the server is then happy to use that matching entry rather than one in the DB. the log you posted also shows that it is attempting to use the files method...and that the match told it to use Local authentication..the database query is then superfluous.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html