Hi, Perhaps this has something to do with it?
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'testuser' ORDER BY priority (0) sql: User not found
Best read the logs .. they offer some valuable insight. Thanks Martin. -----Original Message----- From: Freeradius-Users <freeradius-users-bounces+medge=emersion.com@lists.freeradius.org> On Behalf Of Somanath Mishra Sent: Wednesday, 29 August 2018 5:34 PM To: freeradius-users@lists.freeradius.org Subject: Hi All, I have configured freeradius3. Now i am facing issue with radtest. I am getting Accept-Reject response. My request: radius3@radius3:~$ radtest testuser testpassword localhost 1812 testing123 Sent Access-Request Id 141 from 0.0.0.0:57910 to 127.0.0.1:1812 length 78 User-Name = "testuser" User-Password = "testpassword" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00 Cleartext-Password = "testpassword" Received Access-Reject Id 141 from 127.0.0.1:1812 to 0.0.0.0:0 length 20 (0) -: Expected Access-Accept got Access-Reject radius DB: +----+--------------------+--------------------+----+--------------+ | id | username | attribute | op | value | +----+--------------------+--------------------+----+--------------+ | 1 | testuser | Cleartext-Password | := | testpassword | | 2 | testuser@gmail.com | Cleartext-Password | := | testpassword | | 3 | user@gmail.com | user-password | := | password | and my debug log: Ready to process requests (0) Received Access-Request Id 141 from 127.0.0.1:57910 to 127.0.0.1:1812 length 78 (0) User-Name = "testuser" (0) User-Password = "testpassword" (0) NAS-IP-Address = 127.0.1.1 (0) NAS-Port = 1812 (0) Message-Authenticator = 0x8c4403cf542c7a3facd04010b82c4b76 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/defaul t (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "testuser", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> testuser (0) sql: SQL-User-Name set to 'testuser' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = 'testuser' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User- Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'testuser' O RDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE userna me = 'testuser' ORDER BY priority (0) sql: User not found in any groups rlm_sql (sql): Released connection (1) Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used (0) [sql] = notfound (0) [expiration] = noop (0) [logintime] = noop (0) pap: WARNING: No "known good" password found for the user. Not setting Auth -Type (0) pap: WARNING: Authentication will fail unless a "known good" password is ava ilable (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Post-Auth-Type REJECT { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (2) (0) sql: EXPAND %{User-Name} (0) sql: --> testuser (0) sql: SQL-User-Name set to 'testuser' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet- Type}', '%S') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'testpassword', 'Access-Reject', '2018-08-29 08:26:50') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authda te) VALUES ( 'testuser', 'testpassword', 'Access-Reject', '2018-08-29 08:26:50') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (2) (0) [sql] = ok (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> testuser (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 141 from 127.0.0.1:1812 to 127.0.0.1:57910 length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 141 with timestamp +47 Ready to process requests Please help me on that.Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, When we are installing first time freeradius3, we are pushing data into radcheck only, not in other tables. That user we are passing in radtest. It worked before for version 2 . On Wed, August 29, 2018 2:22 pm, Martin Edge wrote:
Hi,
Perhaps this has something to do with it?
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'testuser' ORDER BY priority (0) sql: User not found
Best read the logs .. they offer some valuable insight.
Thanks Martin.
-----Original Message----- From: Freeradius-Users <freeradius-users-bounces+medge=emersion.com@lists.freeradius.org> On Behalf Of Somanath Mishra Sent: Wednesday, 29 August 2018 5:34 PM To: freeradius-users@lists.freeradius.org Subject:
Hi All,
I have configured freeradius3. Now i am facing issue with radtest. I am getting Accept-Reject response.
My request:
radius3@radius3:~$ radtest testuser testpassword localhost 1812 testing123 Sent Access-Request Id 141 from 0.0.0.0:57910 to 127.0.0.1:1812 length 78 User-Name = "testuser" User-Password = "testpassword" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00 Cleartext-Password = "testpassword" Received Access-Reject Id 141 from 127.0.0.1:1812 to 0.0.0.0:0 length 20 (0) -: Expected Access-Accept got Access-Reject
radius DB:
+----+--------------------+--------------------+----+--------------+ | id | username | attribute | op | value | +----+--------------------+--------------------+----+--------------+ | 1 | testuser | Cleartext-Password | := | testpassword | | 2 | testuser@gmail.com | Cleartext-Password | := | testpassword | | 3 | user@gmail.com | user-password | := | password |
and my debug log:
Ready to process requests (0) Received Access-Request Id 141 from 127.0.0.1:57910 to 127.0.0.1:1812 length 78 (0) User-Name = "testuser" (0) User-Password = "testpassword" (0) NAS-IP-Address = 127.0.1.1 (0) NAS-Port = 1812 (0) Message-Authenticator = 0x8c4403cf542c7a3facd04010b82c4b76 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/defaul t(0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "testuser", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> testuser (0) sql: SQL-User-Name set to 'testuser' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = 'testuser' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User- Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'testuser' O RDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE userna me = 'testuser' ORDER BY priority (0) sql: User not found in any groups rlm_sql (sql): Released connection (1) Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used (0) [sql] = notfound (0) [expiration] = noop (0) [logintime] = noop (0) pap: WARNING: No "known good" password found for the user. Not setting Auth -Type (0) pap: WARNING: Authentication will fail unless a "known good" password is ava ilable (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Post-Auth-Type REJECT { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (2) (0) sql: EXPAND %{User-Name} (0) sql: --> testuser (0) sql: SQL-User-Name set to 'testuser' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-
Type}', '%S') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'testpassword', 'Access-Reject', '2018-08-29 08:26:50') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authda te) VALUES ( 'testuser', 'testpassword', 'Access-Reject', '2018-08-29 08:26:50') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (2) (0) [sql] = ok (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> testuser (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 141 from 127.0.0.1:1812 to 127.0.0.1:57910 length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 141 with timestamp +47 Ready to process requests
Please help me on that.Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Other tables are now required, it seems. Not having the background on the evolution of the product, I would suggest putting data in the table in question.
From my understanding the purpose of the table is to reply with group based attributes
On Aug 29, 2018, at 7:50 PM, Somanath Mishra <somanath.mishra@planetsbrain.com> wrote:
Hi, When we are installing first time freeradius3, we are pushing data into radcheck only, not in other tables. That user we are passing in radtest. It worked before for version 2 .
On Wed, August 29, 2018 2:22 pm, Martin Edge wrote: Hi,
Perhaps this has something to do with it?
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'testuser' ORDER BY priority (0) sql: User not found
Best read the logs .. they offer some valuable insight.
Thanks Martin.
-----Original Message----- From: Freeradius-Users <freeradius-users-bounces+medge=emersion.com@lists.freeradius.org> On Behalf Of Somanath Mishra Sent: Wednesday, 29 August 2018 5:34 PM To: freeradius-users@lists.freeradius.org Subject:
Hi All,
I have configured freeradius3. Now i am facing issue with radtest. I am getting Accept-Reject response.
My request:
radius3@radius3:~$ radtest testuser testpassword localhost 1812 testing123 Sent Access-Request Id 141 from 0.0.0.0:57910 to 127.0.0.1:1812 length 78 User-Name = "testuser" User-Password = "testpassword" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 Message-Authenticator = 0x00 Cleartext-Password = "testpassword" Received Access-Reject Id 141 from 127.0.0.1:1812 to 0.0.0.0:0 length 20 (0) -: Expected Access-Accept got Access-Reject
radius DB:
+----+--------------------+--------------------+----+--------------+ | id | username | attribute | op | value | +----+--------------------+--------------------+----+--------------+ | 1 | testuser | Cleartext-Password | := | testpassword | | 2 | testuser@gmail.com | Cleartext-Password | := | testpassword | | 3 | user@gmail.com | user-password | := | password |
and my debug log:
Ready to process requests (0) Received Access-Request Id 141 from 127.0.0.1:57910 to 127.0.0.1:1812 length 78 (0) User-Name = "testuser" (0) User-Password = "testpassword" (0) NAS-IP-Address = 127.0.1.1 (0) NAS-Port = 1812 (0) Message-Authenticator = 0x8c4403cf542c7a3facd04010b82c4b76 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/defaul t(0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALS E (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "testuser", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> testuser (0) sql: SQL-User-Name set to 'testuser' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE us ername = 'testuser' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User- Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'testuser' O RDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE userna me = 'testuser' ORDER BY priority (0) sql: User not found in any groups rlm_sql (sql): Released connection (1) Need 4 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used (0) [sql] = notfound (0) [expiration] = noop (0) [logintime] = noop (0) pap: WARNING: No "known good" password found for the user. Not setting Auth -Type (0) pap: WARNING: Authentication will fail unless a "known good" password is ava ilable (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Post-Auth-Type REJECT { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (2) (0) sql: EXPAND %{User-Name} (0) sql: --> testuser (0) sql: SQL-User-Name set to 'testuser' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-
Type}', '%S') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'testpassword', 'Access-Reject', '2018-08-29 08:26:50') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authda te) VALUES ( 'testuser', 'testpassword', 'Access-Reject', '2018-08-29 08:26:50') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (2) (0) [sql] = ok (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> testuser (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 141 from 127.0.0.1:1812 to 127.0.0.1:57910 length 20 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 141 with timestamp +47 Ready to process requests
Please help me on that.Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Martin Edge -
Somanath Mishra