Problem with realms

Bill Larson blarson at
Thu Jul 8 12:02:28 CEST 2010

  I am sure the solution to my problem is simple however I can't  figure 
it out.

This is my user

blarson Auth-Type := Local, Cleartext-Password == "testing"
         Service-Type = Framed-User,
         Session-Timeout = 18000,
         Framed-Protocol = PPP,
         Framed-IP-Address =,
         Framed-IP-Netmask =,
         Framed-Routing = None,
         Framed-MTU = 1006,
         Idle-Timeout = 1200,
         Ascend-Idle-Limit = 1200,
         Framed-Compression = Van-Jacobsen-TCP-IP,
         Port-Limit = 1,
         Slipstream-Auth = "true",
         Ascend-Maximum-Channels = "1"

This is my realm

realm {
         type            = radius
         authhost        = LOCAL
         accthost        = LOCAL

This is the debug

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host port 40159, id=207, 
         User-Name = "blarson at"
         User-Password = "testing"
         NAS-IP-Address =
         NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
     rlm_realm: Looking up realm "" for User-Name = 
"blarson at"
     rlm_realm: Found realm ""
     rlm_realm: Adding Stripped-User-Name = "blarson"
     rlm_realm: Adding Realm = ""
     rlm_realm: Authentication realm is LOCAL.
++[suffix] returns noop
   rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
     users: Matched entry DEFAULT at line 17394
     users: Matched entry DEFAULT at line 17457
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
   rad_check_password:  Found Auth-Type REJECT
   rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect: [blarson at] (from client localhost port 0)
   Found Post-Auth-Type Reject
+- entering group REJECT
         expand: %{User-Name} -> blarson at
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 207 to port 40159
         Reply-Message = "Invalid or unauthorized account"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 207 with timestamp +3
Ready to process requests.

As you can see it's not stripping the realm before checking in the users 
file. So the user is not matched in the users file.  What have I done 

Questions, suggestions, and fixes welcome

More information about the Freeradius-Users mailing list