Radcheck gives Accept but still moves onto Radgroupcheck
Fajar A. Nugraha
list at fajar.net
Thu Jun 12 03:11:45 CEST 2014
On Thu, Jun 12, 2014 at 6:04 AM, Brent Wilkinson <brent at air2data.com> wrote:
> I am setting up a new Radius server or a mikrotik hotspot system. I am
> getting a wierd issue that I have not been able to solve or find hints to
> what to do to fix it. I have setup the system with mysql. I see the radcheck
> happen and show it retrieved a record. ( I have verified the sql statments
> do actually pull something). I am not sending any reply so nothing is found
> in that table. At this point from what I understand in reading how the sql
> module works at this point it should send back a Access-Accept.
Not really. "not sending any reply" does not mean "it should send back
a Access-Accept."
> Unfortunatly
> it does not and continues to do group checks and I end up with a reject.
... just like "do group checks" does not (normally) cause "end up with
a reject".
> Hoping someone can give me a idea of what I need to look at or what I can
> read up more on to track the issue I am having down.
>
>
>
> Here is the debug:
Did you read the debug output?
> Found Auth-Type = CHAP
...
> [chap] chap user 1 authenticated succesfully
>
> ++[chap] returns ok
this part says authorize and authenticate part works fine, and the
user should be accepted (hence it doesn't matter whether it reads
radgroupcheck or not)
> [sql_log] Processing sql_log_postauth
...
> [sql_log] Couldn't open file /var/log/freeradius/radacct/sql-relay: No such
> file or directory
>
> ++[sql_log] returns fail
See how sql_log_postauth says "fail"
>
> Using Post-Auth-Type Reject
>
... which cause reject?
The above log should be enough for you to find out what's causing the
failure, and how to fix it.
--
Fajar
More information about the Freeradius-Users
mailing list