> > On the todo list for Monday, if additional debug output is needed.
>
> I wouldn't have asked for it if I didn't need it...
>
<debug radiusd -X>
rad_recv: Access-Request packet from host 10.0.0.11 port 1145, id=104, length=56
User-Name = "[EMAIL PROTECTED]"
User-Password = "XXXX"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
rlm_realm: Looking up realm "illicom.net" for User-Name = "[EMAIL
PROTECTED]"
rlm_realm: Found realm "illicom.net"
rlm_realm: Adding Stripped-User-Name = "dcox"
rlm_realm: Proxying request from user dcox to realm illicom.net
rlm_realm: Adding Realm = "illicom.net"
rlm_realm: Authentication realm is LOCAL.
rlm_realm: Request already proxied. Ignoring.
radius_xlat: 'dcox'
radius_xlat: 'dcox'
rlm_sql (sql): sql_set_user escaped user --> 'dcox'
rlm_sql (sql): Reserving sql socket id: 7
radius_xlat: 'select id, username, attribute, value, op
from radcheck
where username = 'dcox' order by id'
rlm_sql (sql): User found in radcheck table
radius_xlat: 'select id, username, attribute, value, op
from radreply where username = 'dcox'
order by id'
rlm_sql (sql): Released sql socket id: 7
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type pap
auth: type "PAP"
Processing the authenticate section of radiusd.conf
modcall: entering group PAP for request 1
rlm_pap: login attempt with password eldon
rlm_pap: Using clear text password.
rlm_pap: User authenticated succesfully
modcall: group PAP returns ok for request 1
Login OK: [EMAIL PROTECTED] (from client webclient port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 1
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'dcox'
rlm_sql (sql): sql_set_user escaped user --> 'dcox'
radius_xlat: Running registered xlat function of module config for string
'client[%{Packet-Src-IP-Address}].shortname'
radius_xlat: 'client[10.0.0.11]'
radius_xlat: 'exec radpostauth '[EMAIL PROTECTED]',
'XXX', 'Access-Accept',
'10.0.0.11', '', '',
'',
'', '', 'webclient''
rlm_sql (sql) in sql_postauth: query is exec radpostauth '[EMAIL PROTECTED]',
'XXX',
'Access-Accept', '10.0.0.11',
'', '',
'', '',
'', 'webclient'
rlm_sql (sql): Reserving sql socket id: 6
rlm_sql (sql): Released sql socket id: 6
modcall: group post-auth returns ok for request 1
Sending Access-Accept of id 104 to 10.0.0.11 port 1145
Service-Type = Authenticate-Only
Session-Timeout = 86400
Finished request 1
Going to the next request
>
> > But I am using a recent (-7 days ago) cvs checkout of 2.0.0pre0
> >
> > I don't have any debug output right now, but it's rather obvious to
> > me that the server doesn't process the radcheckgroup /
> > radreplygroup in rlm_sql unless the fall-through = yes is found in
> > the radreply for the user, which contradicts the docs (3d) as
> > posted below.
>
> That's all well and good, but I need the debug output to see *what*
> the server is doing for/to you and *why* its doing it, especially if
> you want *me* to fix it...
>
>
> > Meanwhile, I have set the fall-through = yes during the radreply
> > for now to get it to process the groups...
>
> Make sure your debug output is *without* having "Fall-Through" set in
> radreply.
done as requested.
>
>
> --Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
