Freeradius realm using multiple sql and virtual server
Philemon Jaomalaza
philemon.jaomalaza at gmail.com
Sat Jun 23 07:34:35 CEST 2018
This the output receiving packet when I try to authentificate for usertest1 at mydomaintest.com with password: usertest1password
(0) Received Access-Request Id 67 from 127.0.0.1:48406 to 127.0.0.1:1812 length 85
(0) User-Name = "usertest1 at mydomaintest.com"
(0) User-Password = "usertest1password"
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "mydomaintest.com" for User-Name = "usertest1 at mydomaintest.com"
(0) suffix: Found realm "mydomaintest.com"
(0) suffix: Adding Stripped-User-Name = "usertest1"
(0) suffix: Adding Realm = "mydomaintest.com"
(0) suffix: Proxying request from user usertest1 to realm mydomaintest.com
(0) suffix: Preparing to proxy authentication request to realm "mydomaintest.com"
(0) [suffix] = updated
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) [files] = noop
(0) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(0) sql: --> usertest1
(0) sql: SQL-User-Name set to 'usertest1'
rlm_sql (sql): Reserved connection (2)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'usertest1' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'usertest1' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'usertest1' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'usertest1' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (2)
rlm_sql (sql): Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.26-MariaDB-0+deb9u1, protocol version 10
(0) [sql] = notfound
(0) [expiration] = noop
(0) [logintime] = noop
(0) [pap] = noop
(0) } # authorize = updated
(0) Starting proxy to home server 127.0.0.1 port 1812
(0) Proxying request to home server 127.0.0.1 port 1812 timeout 20.000000
(0) Sent Access-Request Id 136 from 0.0.0.0:49801 to 127.0.0.1:1812 length 99
(0) User-Name = "usertest1"
(0) User-Password = "usertest1password"
(0) Event-Timestamp = "Jun 23 2018 08:28:15 EAT"
(0) NAS-IP-Address = 127.0.0.1
(0) Message-Authenticator := 0x00
(0) Proxy-State = 0x3637
Waking up in 0.3 seconds.
(1) Received Access-Request Id 136 from 127.0.0.1:49801 to 127.0.0.1:1812 length 99
(1) User-Name = "usertest1"
(1) User-Password = "usertest1password"
(1) Event-Timestamp = "Jun 23 2018 08:28:15 EAT"
(1) NAS-IP-Address = 127.0.0.1
(1) Message-Authenticator = 0x4ae66a88473e8c58666c1e669cc5a588
(1) Proxy-State = 0x3637
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "usertest1", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: No EAP-Message, not doing EAP
(1) [eap] = noop
(1) [files] = noop
(1) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(1) sql: --> usertest1
(1) sql: SQL-User-Name set to 'usertest1'
rlm_sql (sql): Reserved connection (3)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'usertest1' ORDER BY id
(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'usertest1' ORDER BY id
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'usertest1' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'usertest1' ORDER BY priority
(1) sql: User not found in any groups
rlm_sql (sql): Released connection (3)
(1) [sql] = notfound
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
(1) pap: WARNING: Authentication will fail unless a "known good" password is available
(1) [pap] = noop
(1) } # authorize = ok
(1) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(1) Failed to authenticate the user
(1) Using Post-Auth-Type Reject
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Post-Auth-Type REJECT {
(1) sql: EXPAND .query
(1) sql: --> .query
(1) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(1) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(1) sql: --> usertest1
(1) sql: SQL-User-Name set to 'usertest1'
(1) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(1) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'usertest1', 'usertest1password', 'Access-Reject', '2018-06-23 08:28:15')
(1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'usertest1', 'usertest1password', 'Access-Reject', '2018-06-23 08:28:15')
(1) sql: SQL query returned: success
(1) sql: 1 record(s) updated
rlm_sql (sql): Released connection (4)
(1) [sql] = ok
(1) attr_filter.access_reject: EXPAND %{User-Name}
(1) attr_filter.access_reject: --> usertest1
(1) attr_filter.access_reject: Matched entry DEFAULT at line 11
(1) [attr_filter.access_reject] = updated
(1) [eap] = noop
(1) policy remove_reply_message_if_eap {
(1) if (&reply:EAP-Message && &reply:Reply-Message) {
(1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(1) else {
(1) [noop] = noop
(1) } # else = noop
(1) } # policy remove_reply_message_if_eap = noop
(1) } # Post-Auth-Type REJECT = updated
(1) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
(0) Expecting proxy response no later than 19.667290 seconds from now
Waking up in 0.6 seconds.
(1) Sending delayed response
(1) Sent Access-Reject Id 136 from 127.0.0.1:1812 to 127.0.0.1:49801 length 24
(1) Proxy-State = 0x3637
Waking up in 3.9 seconds.
(0) Marking home server 127.0.0.1 port 1812 alive
(0) Clearing existing &reply: attributes
(0) Received Access-Reject Id 136 from 127.0.0.1:1812 to 127.0.0.1:49801 length 24
(0) Proxy-State = 0x3637
(0) # Executing section post-proxy from file /etc/freeradius/3.0/sites-enabled/default
(0) post-proxy {
(0) eap: No pre-existing handler found
(0) [eap] = noop
(0) } # post-proxy = noop
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) sql: EXPAND .query
(0) sql: --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(0) sql: --> usertest1
(0) sql: SQL-User-Name set to 'usertest1'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'usertest1', 'usertest1password', 'Access-Reject', '2018-06-23 08:28:15')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'usertest1', 'usertest1password', 'Access-Reject', '2018-06-23 08:28:15')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (0)
rlm_sql (sql): Need 3 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (7), 1 of 25 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 10.1.26-MariaDB-0+deb9u1, protocol version 10
(0) [sql] = ok
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject: --> usertest1 at mydomaintest.com
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0) [attr_filter.access_reject] = updated
(0) [eap] = noop
(0) policy remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else {
(0) [noop] = noop
(0) } # else = noop
(0) } # policy remove_reply_message_if_eap = noop
(0) } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 67 from 127.0.0.1:1812 to 127.0.0.1:48406 length 20
Waking up in 2.9 seconds.
(1) Cleaning up request packet ID 136 with timestamp +26
Waking up in 0.9 seconds.
(0) Cleaning up request packet ID 67 with timestamp +26
Ready to process requests
Philemon Jaomalaza
-----Message d'origine-----
De : Freeradius-Users [mailto:freeradius-users-bounces+philemon.jaomalaza=gmail.com at lists.freeradius.org] De la part de Alan DeKok
Envoyé : samedi 23 juin 2018 04:53
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Objet : Re: Freeradius realm using multiple sql and virtual server
> On Jun 22, 2018, at 8:04 PM, Philemon Jaomalaza <philemon.jaomalaza at gmail.com> wrote:
>
> This the output of freeradius -X
Which doesn't show the server receiving any packets.
See: http://wiki.freeradius.org/list-help
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list