installtion of freeradius

Javier Escalante Javier.Escalante at bwireless.eu
Thu Jun 21 12:38:33 CEST 2018


Hello;

Here the whole response:

Ready to process requests
(0) Received Access-Request Id 228 from 127.0.0.1:59026 to 127.0.0.1:1812 length 74
(0)   User-Name = "test"
(0)   User-Password = "test"
(0)   NAS-IP-Address = 5.135.246.127
(0)   NAS-Port = 10
(0)   Message-Authenticator = 0xbded15ecdcfa0ae5f56719bd868649b1
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0)   authorize {
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "test", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
(0)     [files] = noop
(0) sql: EXPAND %{User-Name}
(0) sql:    --> test
(0) sql: SQL-User-Name set to 'test'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
(0)     [sql] = notfound
(0)     [expiration] = noop
(0)     [logintime] = noop
(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0)     [pap] = noop
(0)   } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0)   Post-Auth-Type REJECT {
(0) sql: EXPAND .query
(0) sql:    --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (1)
(0) sql: EXPAND %{User-Name}
(0) sql:    --> test
(0) sql: SQL-User-Name set to 'test'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{                     reply:Packet-Type}', '%S')
(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', 'test', 'Access-Reject', '2018-06-21 10:37:36')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'test', 'test', 'Access-Reject', '2018-06-21 10:37:36'                     )
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (1)
(0)     [sql] = ok
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject:    --> test
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0)     [attr_filter.access_reject] = updated
(0)     [eap] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)   } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 228 from 127.0.0.1:1812 to 127.0.0.1:59026 length 20
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 228 with timestamp +12
Ready to process requests


BR
Javier Escalante
Business Development Manager
Javier.escalante at bwireless.eu 
00 34 626 785 675
00 34 93 141 56 36
00 41 78 689 85 69
Skype: fruiz002
Do you know our IoT solutions? Have a look here: www.bsmart.global
http://www.bwireless.eu
Le informamos que, de conformidad con la Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter  Personal, se informa que todos los datos personales que nos ha facilitado serán incorporados y tratados en los ficheros de B’W & TAKACS TELECOM, S.L. para las finalidades de su e-mail. 
Puede ejercer sus derechos de acceso, rectificación, cancelación y oposición mediante una comunicación a B’W & TAKACS TELECOM, S.L. con domicilio en Camil Oliveras, 26, 08032 Barcelona (España), o bien mediante una comunicación a la dirección de correo electrónico info at bwireless.eu. En ambos casos, deberá  acompañar una copia de su documento nacional de identidad o documento válido que lo identifique. 


-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+javier.escalante=bwireless.eu at lists.freeradius.org] On Behalf Of Matthew Newton
Sent: jueves, 21 de junio de 2018 12:15
To: FreeRadius users mailing list
Subject: Re: installtion of freeradius

On Thu, 2018-06-21 at 11:38 +0200, Javier Escalante wrote:
> Freeradius (3.0.16) authenticates correctly with files, but gives the 
> following error when I use a user from the DB.

This part of the debug output is the bit you need to read:





This bit doesn't contain anything helpful:

> (2)     [logintime] = noop
> (2) pap: WARNING: No "known good" password found for the user.  Not 
> setting
> Auth                                                                 
>                        -Type
> (2) pap: WARNING: Authentication will fail unless a "known good"
> password is
> ava                                                                  
>                       ilable
> (2)     [pap] = noop
> (2)   } # authorize = ok
> (2) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = 
> Reject
> (2) Failed to authenticate the user
> (2) Using Post-Auth-Type Reject
> (2) # Executing group from file /etc/freeradius/3.0/sites- 
> enabled/default
> (2)   Post-Auth-Type REJECT {
> (2) sql: EXPAND .query
...


> Could somebody give me a clue of what is going on?


The SQL configuration looks like it's OK, because it succeeded on the insert into radpostauth after the auth failure.

There's a reason https://wiki.freeradius.org/list-help says to post the full debug output... the SQL search isn't coming back with anything, but no idea why because we can't see it.

--
Matthew

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list