radiusd -X SQL suggests "not found" however user attributes are in the radcheck table?
Kaya Saman
kayasaman at gmail.com
Wed Aug 1 13:56:40 CEST 2012
On Wed, Aug 1, 2012 at 12:28 PM, Fajar A. Nugraha <list at fajar.net> wrote:
> On Wed, Aug 1, 2012 at 6:17 PM, Kaya Saman <kayasaman at gmail.com> wrote:
>> Upon putting your suggestion in I get:
>>
>> Bare %{...} is invalid in condition at: %{User-Name})
>> ....../default[62]: Errors parsing authorize section.
>>
>> The actual statement looks like so now with the above error in-place:
>>
>> if (%{User-Name}) {
>
> Try
>
> if ("%{User-Name}") {
>
>
> ... though I'm not sure why an update block by itself (without "if")
> didn't work. AFAIK it should.
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I added the "" as suggested and radiusd now starts however, I am still
getting a REJECT response:
[sql] User 0015c5537baa not found
++[sql] returns notfound
++? if ("%{User-Name}")
expand: %{User-Name} -> 0015c5537baa
? Evaluating ("%{User-Name}") -> TRUE
++? if ("%{User-Name}") -> TRUE
++- entering if ("%{User-Name}") {...}
+++[reply] returns notfound
++- if ("%{User-Name}") returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
++- group REJECT returns noop
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 147 to 10.0.0.1 port 1645
Tunnel-Private-Group-Id:0 = "80"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Preference:0 = 0
Waking up in 4.9 seconds.
Cleaning up request 0 ID 147 with timestamp +20
Ready to process requests.
I'm wondering if a. I put the statement in the correct place:
/etc/raddb/sites-enabled/default - under Authorize -> SQL
and b. if there needs to be some kind of comparison (boolean
expression) done between the %{User-Name} field? - something like: if
%{User-Name} := notfound then bla bla bla
-- I could however be way off base!
Regards,
Kaya
More information about the Freeradius-Users
mailing list