Me too, but my questions is about the nas-ip-address entry that i posted as example, acording to the docs, all users should be accepted, no matter what user/pass combitantion they are using. and in my case freeradius rejects the access
On Tue, Jul 28, 2009 at 1:19 PM, Dimitrios Giannakopoulos < d.gianna...@gmail.com> wrote: > Hi Miranda > I use the same users file and authorization configuration (with sql) > and it is work fine. > > > On Tue, Jul 28, 2009 at 9:28 PM, Miguel > Miranda<miguel.miran...@gmail.com> wrote: > > Well, that is not the only one nas i have , the sql module is requiered > for > > several other nas and hotspots users... > > > > On Tue, Jul 28, 2009 at 12:25 PM, Dimitrios Giannakopoulos > > <d.gianna...@gmail.com> wrote: > >> > >> The problem is that the sql module returns reject > >> you can remove the sql from authorization > >> > >> On Tue, Jul 28, 2009 at 8:53 PM, Miguel > >> Miranda<miguel.miran...@gmail.com> wrote: > >> > Hi, i want to accept all request coming from a specific > nas-ip-assdress > >> > , i > >> > used to configure like this (in users file): > >> > > >> > DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept > >> > Fall-Through = Yes > >> > The above settings are not working now, this is the debug of a > >> > transaction: > >> > > >> > rad_recv: Access-Request packet from host 192.168.150.25 port 1645, > >> > id=52, > >> > length=94 > >> > NAS-IP-Address = 192.168.150.25 > >> > NAS-Port = 108 > >> > NAS-Port-Type = Async > >> > User-Name = "123.com.sv" > >> > Called-Station-Id = "22660321" > >> > Calling-Station-Id = "22264218" > >> > User-Password = "cisco" > >> > Service-Type = Dialout-Framed-User > >> > +- entering group authorize {...} > >> > ++[preprocess] returns ok > >> > ++[chap] returns noop > >> > ++[mschap] returns noop > >> > [suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL > >> > [suffix] No such realm "NULL" > >> > ++[suffix] returns noop > >> > [eap] No EAP-Message, not doing EAP > >> > ++[eap] returns noop > >> > ++[files] returns noop > >> > expand: %{User-Name} -> 123.com.sv > >> > [sql] sql_set_user escaped user --> '123.com.sv' > >> > rlm_sql (sql): Reserving sql socket id: 22 > >> > expand: SELECT id, username, attribute, value, op > FROM > >> > radcheck WHERE username = '%{SQL-User-Name}' ORDER > >> > BY id > >> > -> SELECT id, username, attribute, value, op FROM > >> > radcheck WHERE username = '123.com.sv' ORDER BY > id > >> > expand: SELECT groupname FROM radusergroup > >> > WHERE > >> > username = '%{SQL-User-Name}' ORDER BY priority -> SELECT > >> > groupname FROM radusergroup WHERE username = > >> > '123.com.sv' ORDER BY priority > >> > rlm_sql (sql): Released sql socket id: 22 > >> > [sql] User 123.com.sv not found > >> > ++[sql] returns notfound > >> > ++[expiration] returns noop > >> > ++[logintime] returns noop > >> > [pap] WARNING! No "known good" password found for the user. > >> > Authentication > >> > may fail because of this. > >> > ++[pap] returns noop > >> > No authenticate method (Auth-Type) configuration found for the > request: > >> > Rejecting the user > >> > Failed to authenticate the user. > >> > Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli > >> > 22264218) > >> > Using Post-Auth-Type Reject > >> > +- entering group REJECT {...} > >> > expand: %{User-Name} -> 123.com.sv > >> > attr_filter: Matched entry DEFAULT at line 11 > >> > ++[attr_filter.access_reject] returns updated > >> > Delaying reject of request 1 for 1 seconds > >> > Going to the next request > >> > > >> > > >> > Im using freeradius 2 and daloradius 0.9, and this a extract of > relevant > >> > radius.conf settings: > >> > > >> > authorize { > >> > preprocess > >> > chap > >> > mschap > >> > suffix > >> > eap { > >> > ok = return > >> > } > >> > > >> > files > >> > sql > >> > expiration > >> > logintime > >> > pap > >> > } > >> > > >> > > >> > > >> > authenticate { > >> > Auth-Type PAP { > >> > pap > >> > } > >> > > >> > Auth-Type CHAP { > >> > chap > >> > } > >> > > >> > Auth-Type MS-CHAP { > >> > mschap > >> > } > >> > eap > >> > } > >> > > >> > > >> > preacct { > >> > preprocess > >> > acct_unique > >> > suffix > >> > files > >> > } > >> > > >> > accounting { > >> > detail > >> > sql > >> > attr_filter.accounting_response > >> > } > >> > > >> > > >> > session { > >> > radutmp > >> > } > >> > > >> > > >> > post-auth { > >> > > >> > > >> > > >> > > >> > > >> > exec > >> > > >> > Post-Auth-Type REJECT { > >> > attr_filter.access_reject > >> > } > >> > } > >> > > >> > post-proxy { > >> > eap > >> > } > >> > > >> > > >> > From the debug it appears that users file is not being processed > >> > correctly, > >> > what should i check? > >> > regards > >> > Miguel Miranda > >> > > >> > > >> > > >> > - > >> > List info/subscribe/unsubscribe? See > >> > http://www.freeradius.org/list/users.html > >> > > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html