radiusd -X SQL suggests "not found" however user attributes are in the radcheck table?

Kaya Saman kayasaman at gmail.com
Wed Aug 1 13:56:40 CEST 2012

On Wed, Aug 1, 2012 at 12:28 PM, Fajar A. Nugraha <list at fajar.net> wrote:
> On Wed, Aug 1, 2012 at 6:17 PM, Kaya Saman <kayasaman at gmail.com> wrote:
>> Upon putting your suggestion in I get:
>> Bare %{...} is invalid in condition at: %{User-Name})
>> ....../default[62]: Errors parsing authorize section.
>> The actual statement looks like so now with the above error in-place:
>> if (%{User-Name}) {
> Try
> if ("%{User-Name}") {
> ... though I'm not sure why an update block by itself (without "if")
> didn't work. AFAIK it should.
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I added the "" as suggested and radiusd now starts however, I am still
getting a REJECT response:

[sql] User 0015c5537baa not found
++[sql] returns notfound
++? if ("%{User-Name}")
	expand: %{User-Name} -> 0015c5537baa
? Evaluating ("%{User-Name}") -> TRUE
++? if ("%{User-Name}") -> TRUE
++- entering if ("%{User-Name}") {...}
+++[reply] returns notfound
++- if ("%{User-Name}") returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
++- group REJECT returns noop
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 147 to port 1645
	Tunnel-Private-Group-Id:0 = "80"
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Preference:0 = 0
Waking up in 4.9 seconds.
Cleaning up request 0 ID 147 with timestamp +20
Ready to process requests.

I'm wondering if a. I put the statement in the correct place:
/etc/raddb/sites-enabled/default - under Authorize -> SQL

and b. if there needs to be some kind of comparison (boolean
expression) done between the %{User-Name} field? - something like: if
%{User-Name} := notfound then bla bla bla

-- I could however be way off base!



More information about the Freeradius-Users mailing list