I am in the process of setting up freeradius with mysql. I pretty much have everything working correctly except a issue that has come up. I am not sure if I did something wrong or this cannot be done.
Here is my radcheck database +-----+----------+-----------+----+--------+-------+------------+ | id | username | attribute | op | value | PID | expires | +-----+----------+-----------+----+--------+-------+------------+ | 462 | 10295 | password | == | 912547 | 10295 | 2011-03-21 | | 463 | 10295 | password | == | 659320 | 10295 | 2011-03-21 | | 464 | 10295 | password | == | 322438 | 10295 | 2011-03-28 | | 465 | 10295 | password | == | 339410 | 10295 | 2011-04-04 | | 466 | 10295 | password | == | 987255 | 10295 | 2011-04-11 | | 467 | 10295 | password | == | 990160 | 10295 | 2011-04-18 | | 468 | 10295 | password | == | 373359 | 10295 | 2011-04-25 | | 469 | 10295 | password | == | 974781 | 10295 | 2011-05-02 | | 470 | 10295 | password | == | 121431 | 10295 | 2011-05-09 | | 471 | 10295 | password | == | 566703 | 10295 | 2011-05-16 | | 472 | 10295 | password | == | 430339 | 10295 | 2011-05-23 | +-----+----------+-----------+----+--------+-------+------------+ Here is the debug I get from radius -X using username 10295 and password 912547 Ready to process requests. rad_recv: Access-Request packet from host 192.168.99.175 port 48655, id=43, length=216 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00:13:E8:17:C9:09" Called-Station-Id = "test1" NAS-Port-Id = "ether2" User-Name = "10295" MS-CHAP-Domain = "test" NAS-Port = 2153775123 Acct-Session-Id = "80600013" Framed-IP-Address = 10.0.100.251 Mikrotik-Host-IP = 10.0.100.251 CHAP-Challenge = 0x9a7dde24641b743604ed531068ad4662 CHAP-Password = 0x1ac903f936a5ccd7efdf337e94bd4ba958 Service-Type = Login-User WISPr-Logoff-URL = "http://10.0.100.1/logout" NAS-Identifier = "Air2Data" NAS-IP-Address = 192.168.99.175 Mikrotik-Realm = "test" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "10295", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> 10295 [sql] sql_set_user escaped user --> '10295' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '10295' ORDER BY id WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '10295' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '10295' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = CHAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group CHAP {...} [chap] login attempt by "10295" with CHAP password [chap] Using clear text password "912547" for user 10295 authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 10295 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.99.175 port 48655, id=43, length=216 Waiting to send Access-Reject to client hotspot port 48655 - ID: 43 Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 192.168.99.175 port 48655, id=43, length=216 Waiting to send Access-Reject to client hotspot port 48655 - ID: 43 Waking up in 0.3 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 43 to 192.168.99.175 port 48655 Waking up in 4.9 seconds. Cleaning up request 0 ID 43 with timestamp +2 Ready to process requests. What am I missing in that the chap is failing the password even though it is in the mysql database? Thanks Brent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html