Greetings; I've been trying to make FR auth using its SQL module (through MySQL to be specific) and am having no luck whatsoever. I've thoroughly consulted the frontios.com/freeradius.html documentation and just can't seem to make this work. I swear, if someone helps me work this out, I'll write the freakin' FreeRADIUS SQL auth documentation myself, 'cos this is bugging me.
The relevant parts of the radiusd.conf: authorize { preprocess suffix sql files } authentication { } preacct { preprocess suffix files } accounting { acct_unique detail unix # wtmp file sql radutmp } My SQL data: mysql> select * from usergroup; +----+----------+-----------+ | id | UserName | GroupName | +----+----------+-----------+ | 2 | testuser | dynamic | +----+----------+-----------+ mysql> select * from radcheck; +----+----------+-----------+----+----------+ | id | UserName | Attribute | op | Value | +----+----------+-----------+----+----------+ | 2 | testuser | Password | == | testpass | +----+----------+-----------+----+----------+ mysql> select * from radgroupreply; +----+-----------+--------------------+----+---------------------+------+ | id | GroupName | Attribute | op | Value | prio | +----+-----------+--------------------+----+---------------------+------+ | 1 | dynamic | Auth-Type | := | Local | 0 | | 2 | dynamic | Service-Type | = | Framed-User | 0 | | 3 | dynamic | Framed-Protocol | = | PPP | 0 | | 4 | dynamic | Framed-Compression | = | Van-Jacobsen-TCP-IP | 0 | | 5 | dynamic | Framed-MTU | = | 1500 | 0 | +----+-----------+--------------------+----+---------------------+------+ The command I'm using to test: [jphindin@server bin]$ ./radtest testuser testpass localhost 66 *password* Sending Access-Request of id 251 to 127.0.0.1:1812 User-Name = "testuser" User-Password = "\017j\264\354\345\300\311\311\014\317j\215a\310cM" NAS-IP-Address = server NAS-Port = 66 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=251, length=20 The relevant 'radiusd -X' output: rad_recv: Access-Request packet from host 127.0.0.1:33643, id=102, length=60 User-Name = "testuser" User-Password = "testpass" NAS-IP-Address = 255.255.255.255 NAS-Port = 66 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop radius_xlat: 'testuser' rlm_sql (sql): sql_set_user escaped user --> 'testuser' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testuser' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testuser' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testuser' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testuser' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupreply. GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. Login incorrect: [testuser/testpass] (from client localhost port 66) JP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html