The problem is that the sql module returns reject you can remove the sql from authorization
On Tue, Jul 28, 2009 at 8:53 PM, Miguel Miranda<miguel.miran...@gmail.com> wrote: > Hi, i want to accept all request coming from a specific nas-ip-assdress , i > used to configure like this (in users file): > > DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept > Fall-Through = Yes > The above settings are not working now, this is the debug of a transaction: > > rad_recv: Access-Request packet from host 192.168.150.25 port 1645, id=52, > length=94 > NAS-IP-Address = 192.168.150.25 > NAS-Port = 108 > NAS-Port-Type = Async > User-Name = "123.com.sv" > Called-Station-Id = "22660321" > Calling-Station-Id = "22264218" > User-Password = "cisco" > Service-Type = Dialout-Framed-User > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > ++[files] returns noop > expand: %{User-Name} -> 123.com.sv > [sql] sql_set_user escaped user --> '123.com.sv' > rlm_sql (sql): Reserving sql socket id: 22 > expand: SELECT id, username, attribute, value, op FROM > radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id > -> SELECT id, username, attribute, value, op FROM > radcheck WHERE username = '123.com.sv' ORDER BY id > expand: SELECT groupname FROM radusergroup WHERE > username = '%{SQL-User-Name}' ORDER BY priority -> SELECT > groupname FROM radusergroup WHERE username = > '123.com.sv' ORDER BY priority > rlm_sql (sql): Released sql socket id: 22 > [sql] User 123.com.sv not found > ++[sql] returns notfound > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. Authentication > may fail because of this. > ++[pap] returns noop > No authenticate method (Auth-Type) configuration found for the request: > Rejecting the user > Failed to authenticate the user. > Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli 22264218) > Using Post-Auth-Type Reject > +- entering group REJECT {...} > expand: %{User-Name} -> 123.com.sv > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 1 for 1 seconds > Going to the next request > > > Im using freeradius 2 and daloradius 0.9, and this a extract of relevant > radius.conf settings: > > authorize { > preprocess > chap > mschap > suffix > eap { > ok = return > } > > files > sql > expiration > logintime > pap > } > > > > authenticate { > Auth-Type PAP { > pap > } > > Auth-Type CHAP { > chap > } > > Auth-Type MS-CHAP { > mschap > } > eap > } > > > preacct { > preprocess > acct_unique > suffix > files > } > > accounting { > detail > sql > attr_filter.accounting_response > } > > > session { > radutmp > } > > > post-auth { > > > > > > exec > > Post-Auth-Type REJECT { > attr_filter.access_reject > } > } > > post-proxy { > eap > } > > > From the debug it appears that users file is not being processed correctly, > what should i check? > regards > Miguel Miranda > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html