Freeradius realms and/or user issue

Nick Ryce nick at njryce.net
Wed Aug 28 13:56:38 UTC 2024 

I'm currently running freeradius (on v2.1.22, don't shoot me) with sql backend.
I need to accept *@randombroadband.co.uk<mailto:*@randombroadband.co.uk> and send an Access Accept.
I have defined the realm in proxy.conf as below:
realm randombroadband.co.uk {
    authhost = LOCAL
    nostrip
}
in my users file I have the following:
DEFAULT User-Name =~ "@randombroadband.co.uk"
        Auth-Type := Accept
In the logs we have the following
rad_recv: Access-Request packet from host a.b.c.d port 61384, id=49, length=183
    User-Name = moo at randombroadband.co.uk<mailto:moo at randombroadband.co.uk>
    User-Password = "moo"
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Chargeable-User-Identity = ""
    Acct-Session-Id = "9277500"
    ERX-Dhcp-Mac-Addr = "abcd.0000.0001"
    NAS-Identifier = "LNS1"
    NAS-Port = 4095
    NAS-Port-Id = "-0/0/0.0"
    NAS-Port-Type = Ethernet
    ERX-Pppoe-Description = "pppoe ab:cd:00:00:00:01"
    NAS-IP-Address = a.b.c.d
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "randombroadband.co.uk" for User-Name = moo at randombroadband.co.uk<mailto:moo at randombroadband.co.uk>
[suffix] Found realm "randombroadband.co.uk"
[suffix] Adding Realm = "randombroadband.co.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files]     expand: %{User-Name} -> moo at randombroadband.co.uk<mailto:moo at randombroadband.co.uk>
[files] users: Matched entry DEFAULT at line 165
[files]     expand: %{User-Name} -> moo at randombroadband.co.uk<mailto:moo at randombroadband.co.uk>
++[files] returns ok
[sql]   expand: %{User-Name} -> moo at randombroadband.co.uk<mailto:moo at randombroadband.co.uk>
[sql] sql_set_user escaped user --> 'moo at randombroadband.co.uk'
rlm_sql (sql): Reserving sql socket id: 48
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'moo at randombroadband.co.uk'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'moo at randombroadband.co.uk'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 48
[sql] User moo at randombroadband.co.uk<mailto:moo at randombroadband.co.uk> not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.

So it finds the realm and the user in the user file then seems to ignore the accept and decides to lookup the SQL table. Is there any way to get it to stop that once it gets to the accept from the users file?

Thanks

More information about the Freeradius-Users mailing list