Radcheck gives Accept but still moves onto Radgroupcheck
Fajar A. Nugraha
list at fajar.net
Thu Jun 12 03:11:45 CEST 2014
On Thu, Jun 12, 2014 at 6:04 AM, Brent Wilkinson <brent at air2data.com> wrote:
> I am setting up a new Radius server or a mikrotik hotspot system. I am
> getting a wierd issue that I have not been able to solve or find hints to
> what to do to fix it. I have setup the system with mysql. I see the radcheck
> happen and show it retrieved a record. ( I have verified the sql statments
> do actually pull something). I am not sending any reply so nothing is found
> in that table. At this point from what I understand in reading how the sql
> module works at this point it should send back a Access-Accept.
Not really. "not sending any reply" does not mean "it should send back
> it does not and continues to do group checks and I end up with a reject.
... just like "do group checks" does not (normally) cause "end up with
> Hoping someone can give me a idea of what I need to look at or what I can
> read up more on to track the issue I am having down.
> Here is the debug:
Did you read the debug output?
> Found Auth-Type = CHAP
> [chap] chap user 1 authenticated succesfully
> ++[chap] returns ok
this part says authorize and authenticate part works fine, and the
user should be accepted (hence it doesn't matter whether it reads
radgroupcheck or not)
> [sql_log] Processing sql_log_postauth
> [sql_log] Couldn't open file /var/log/freeradius/radacct/sql-relay: No such
> file or directory
> ++[sql_log] returns fail
See how sql_log_postauth says "fail"
> Using Post-Auth-Type Reject
... which cause reject?
The above log should be enough for you to find out what's causing the
failure, and how to fix it.
More information about the Freeradius-Users