Hello, I've been using FreeRadius for quite some time now, but after a recent update (to 2.0.4, debian lenny variant) all users in a certain group have stopped authenticating properly, with the above error -- even though as far as I can tell the password transmitted (and logged) is identical to the one in the database.
I've attached a sample of the logfile, with names and passwords slightly edited but otherwise accurate: I've tried everything I could think of, including deleting the user and entering the data anew by hand, but the error persists. Any suggestions to dig further and help me find what I may have missed would be welcome. Regards, -- Rens Houben <sha...@systemec.nl>
++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated ++[files] returns noop expand: %{User-Name} -> shadur rlm_sql (sql): sql_set_user escaped user --> 'shadur' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'shadur' ORDER BY id +-----+----------+--------------------+-------+------+ | id | UserName | Attribute | Value | op | +-----+----------+--------------------+-------+------+ | 346 | shadur | Cleartext-Password | foo | := | +-----+----------+--------------------+-------+------+ rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'shadur' ORDER BY id +----+----------+---------------+--------+------+ | id | UserName | Attribute | Value | op | +----+----------+---------------+--------+------+ | 56 | shadur | Giganews-mbpm | 512000 | := | +----+----------+---------------+--------+------+ expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' -> SELECT GroupName FROM usergroup WHERE UserName='shadur' +-----------+ | GroupName | +-----------+ | news | +-----------+ expand: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id -> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'shadur' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id +----+-----------+----------------+-------+------+ | id | GroupName | Attribute | Value | op | +----+-----------+----------------+-------+------+ | 8 | news | Huntgroup-Name | news | == | | 9 | news | Auth-Type | Local | := | +----+-----------+----------------+-------+------+ rlm_sql (sql): User found in group news expand: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id -> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'shadur' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id +----+-----------+---------------+-------+------+ | id | GroupName | Attribute | Value | op | +----+-----------+---------------+-------+------+ | 25 | news | Auth-Type | Local | := | | 27 | news | Giganews-mbpm | 512 | := | +----+-----------+---------------+-------+------+ rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [shadur/foo] (from client giganews port 1)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html