Auth: (24) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject):

Alan DeKok aland at deployingradius.com
Sat Aug 24 21:11:09 CEST 2019 


> On Aug 24, 2019, at 12:37 PM, gilbertrebeiro at gmail.com wrote:
> 
> Ready to process requests
> (0) Received Access-Request Id 49 from 127.0.0.1:52226 to 127.0.0.1:1812 length                                                                                                                                                              102

  Something has mangled the output.  Not terribly, but it's not good.

> (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE us                                                                                                                                                             ername = '%{SQL-User-Name}' ORDER BY id
> (0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE us                                                                                                                                                             ername = 'test at dsl.dido.ca' ORDER BY id
> (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM                                                                                                                                                              radcheck WHERE username = 'test at dsl.dido.ca' ORDER BY id
> (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-                                                                                                                                                             Name}' ORDER BY priority
> (0) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'test at dsl.di                                                                                                                                                             do.ca' ORDER BY priority
> (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE userna                                                                                                                                                             me = 'test at dsl.dido.ca' ORDER BY priority
> (0) sql: User not found in any groups
> rlm_sql (sql): Released connection (6)
> Need 2 more connections to reach min connections (3)
> rlm_sql (sql): Opening additional connection (7), 1 of 31 pending slots used
> (0)     [sql] = notfound

   The user wasn't found in the SQL database.  Presumably that's where the password is stored.  Which explains the following message:

> (0) pap: WARNING: No "known good" password found for the user.  Not setting Auth                                                                                                                                                             -Type
> (0) pap: WARNING: Authentication will fail unless a "known good" password is ava                                                                                                                                                             ilable

  That's pretty clear.  The server has no idea how to authenticate the user.

  Fix the SQL database so that it returns the users information.

  The debug output shows you the SQL queries for a reason:  So that you can run them manually from a SQL client program.  i.e. so you can test them without running the entire RADIUS server.

  Alan DeKok.

More information about the Freeradius-Users mailing list