Basic freeradius set up problem

Mik J mikydevel at
Wed Jul 11 14:06:36 CEST 2012

Platform: OpenBSD 5.1
Version: 2.1.12


I have a problem setting up freeradius and I think it's related to the domain stripping

Here's what I did for my configuration
1) Imported the scripts schema.sql, admin.sql, ippool.sql, nas.sql in my MySQL radiusdb database

2) Inserted a user: INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('testuser', 'Password', 'passsecret');

3) Configured clients.conf
client localhost {
        ipaddr =
        secret = testing123
        require_message_authenticator = no
        nastype = other        # localhost isn't usually a NAS...

4) Uncommented in radiusd.conf
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sql/mysql/counter.conf

5) In /etc/raddb/sites-enabled/default uncommented
authorize {
accounting {

6) Configured /etc/raddb/sql.conf
sql {
        database = "mysql"
        driver = "rlm_sql_${database}"
        #socket= var/run/mysql/mysql.sock
        server = "localhost"
        port = 3306
        login = "radiususer"
        password = "passradius"
        radius_db = "radius"
        acct_table1 = "radacct"
        acct_table2 = "radacct"
        postauth_table = "radpostauth"
        authcheck_table = "radcheck"
        authreply_table = "radreply"
        groupcheck_table = "radgroupcheck"
        groupreply_table = "radgroupreply"
        usergroup_table = "radusergroup"
        deletestalesessions = yes
        sqltrace = no
        sqltracefile = ${logdir}/sqltrace.sql
        num_sql_socks = 5
        connect_failure_retry_delay = 60
        lifetime = 0
        max_queries = 0
        nas_table = "nas"
        $INCLUDE sql/${database}/dialup.conf

7) In /etc/raddb/sql/mysql/dialup.conf added
sql_user_name = '%{Stripped-User-Name}'

8) I start the radius server
# /usr/local/sbin/radiusd -X
And make a test on the local machine
$ radtest testuser passsecret 1812 testing123
And I receive an access reject: rad_recv: Access-Reject packet from host port 1812, id=222, length=20

9) Le debug says
rad_recv: Access-Request packet from host port 10251, id=122, length=78
        User-Name = "testuser"
        User-Password = "passsecret"
        NAS-IP-Address =
        NAS-Port = 1812
        Message-Authenticator = 0xf16b463a77e5dfefbd9385915a307e88
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{Stripped-User-Name} ->
[sql] sql_set_user escaped user --> ''
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand:  ->
[sql] Error generating query; rejecting user
rlm_sql (sql): Released sql socket id: 3
++[sql] returns fail
Invalid user: [testuser] (from client localhost port 1812)
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> testuser
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 122 to port 10251
Waking up in 4.9 seconds.
Cleaning up request 1 ID 122 with timestamp +74
Ready to process requests.

10) I can see that something goes wrong with this message
[sql] Error generating query; rejecting user
But I don't understand why

Thank you to those who can point the right direction.


More information about the Freeradius-Users mailing list