Hi, > Well, I didn't expect this kind of reactions. I tried to give as much > information as I had. First of all I upgraded to the newest packages of > debian etch before I did a dist-upgrade to lenny. With the latest version of > etch it still worked. The latest version in debian lenny is the 2.0.4 which I > am running now. I do use the groupreply option (but no groupcheck option > because the check has been done already in the usercheck option) so the mail > of Alan doesn't solve the problem. The complete debug text is underneath, > hopefully this makes it a bit more clear. Sorry for the inconvenience:
basically, when you migrate from 1.x to 2.x you need to manually update the configuration rather than cut'n'paste the config over - primarily to ensure correct behaviour, but also, the config is massively different for various new functions - you should be using the sites-enabled/* system and if you dont see/edit the new configs, you wont see the new features and capabilities. this is very similar to apache 1.x to 2.x upgrades > WARNING: Found User-Password == "...". > WARNING: Are you sure you don't mean Cleartext-Password? > WARNING: See "man rlm_pap" for more information. > rlm_sql (sql): User found in radcheck table change your oper and attribute Cleartext-Password := instead of User-Password == if you dont use groups, then change read_groups = yes to read_groups = no (and then, as per the inline docs, If set to 'no' the user MUST have Fall-Through = Yes in the radreply table) another reason to look at the default config files is they ahve lots and lots of details/help and descriptions - all too often I see config files that have been stripped bare and rejigged eg sql radius-sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" login = "database-user" password = "password-we-use" radius_db = "radius-database" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" deletestalesessions = yes sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 50 connect_failure_retry_delay = 60 nas_table = "nas" readclients = yes $INCLUDE /opt/freeradius-3.1.4/sql/${database}/dialup.conf } does that help the administrator or operator? nope. i dont think so. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html