> > On the todo list for Monday, if additional debug output is needed. > > I wouldn't have asked for it if I didn't need it... >
<debug radiusd -X> rad_recv: Access-Request packet from host 10.0.0.11 port 1145, id=104, length=56 User-Name = "[EMAIL PROTECTED]" User-Password = "XXXX" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 rlm_realm: Looking up realm "illicom.net" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "illicom.net" rlm_realm: Adding Stripped-User-Name = "dcox" rlm_realm: Proxying request from user dcox to realm illicom.net rlm_realm: Adding Realm = "illicom.net" rlm_realm: Authentication realm is LOCAL. rlm_realm: Request already proxied. Ignoring. radius_xlat: 'dcox' radius_xlat: 'dcox' rlm_sql (sql): sql_set_user escaped user --> 'dcox' rlm_sql (sql): Reserving sql socket id: 7 radius_xlat: 'select id, username, attribute, value, op from radcheck where username = 'dcox' order by id' rlm_sql (sql): User found in radcheck table radius_xlat: 'select id, username, attribute, value, op from radreply where username = 'dcox' order by id' rlm_sql (sql): Released sql socket id: 7 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type pap auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group PAP for request 1 rlm_pap: login attempt with password eldon rlm_pap: Using clear text password. rlm_pap: User authenticated succesfully modcall: group PAP returns ok for request 1 Login OK: [EMAIL PROTECTED] (from client webclient port 0) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 1 rlm_sql (sql): Processing sql_postauth radius_xlat: 'dcox' rlm_sql (sql): sql_set_user escaped user --> 'dcox' radius_xlat: Running registered xlat function of module config for string 'client[%{Packet-Src-IP-Address}].shortname' radius_xlat: 'client[10.0.0.11]' radius_xlat: 'exec radpostauth '[EMAIL PROTECTED]', 'XXX', 'Access-Accept', '10.0.0.11', '', '', '', '', '', 'webclient'' rlm_sql (sql) in sql_postauth: query is exec radpostauth '[EMAIL PROTECTED]', 'XXX', 'Access-Accept', '10.0.0.11', '', '', '', '', '', 'webclient' rlm_sql (sql): Reserving sql socket id: 6 rlm_sql (sql): Released sql socket id: 6 modcall: group post-auth returns ok for request 1 Sending Access-Accept of id 104 to 10.0.0.11 port 1145 Service-Type = Authenticate-Only Session-Timeout = 86400 Finished request 1 Going to the next request > > > But I am using a recent (-7 days ago) cvs checkout of 2.0.0pre0 > > > > I don't have any debug output right now, but it's rather obvious to > > me that the server doesn't process the radcheckgroup / > > radreplygroup in rlm_sql unless the fall-through = yes is found in > > the radreply for the user, which contradicts the docs (3d) as > > posted below. > > That's all well and good, but I need the debug output to see *what* > the server is doing for/to you and *why* its doing it, especially if > you want *me* to fix it... > > > > Meanwhile, I have set the fall-through = yes during the radreply > > for now to get it to process the groups... > > Make sure your debug output is *without* having "Fall-Through" set in > radreply. done as requested. > > > --Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html