Hi, I'm trying to upgrade my setup from freeradius 1 to freeradius 2.
I've been making little changes to the config as suggested in the doc and I managed to get my setup connecting to my mssql backend. However, when I try and authorize with a user/pass, I get an error - actually more of a warning. I've Googled about but although others have had this error I haven't really seen a good explanation of why it occurs let alone how to solve. The warning is... rad_recv: Access-Request packet from host 10.152.0.7 port 20001, id=16, length=168 NAS-IP-Address = 10.152.0.7 User-Name = "999999999" User-Password = "999999999" Service-Type = Login-User NAS-Port-Type = Async Calling-Station-Id = "1002" Quintum-h323-conf-id = "h323-conf-id=34616537 32353264 62350001 00080000" Quintum-AVPair = "h323-ivr-out=ACCESSCODE:990006" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [suffix] No '@' in User-Name = "999999999", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> 999999999 [sql] sql_set_user escaped user --> '999999999' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT [id], UserName, Attribute, [Value], op FROM dbo.Rad_Authorize_User_Check('%{SQL-User-Name}') -> SELECT [id], UserName, Attribute, [Value], op FROM dbo.Rad_Authorize_User_Check('999999999') query: SELECT [id], UserName, Attribute, [Value], op FROM dbo.Rad_Authorize_User_Check('999999999') WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. [sql] User found in radcheck table rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group PAP {...} [pap] login attempt with password "999999999" [pap] Using clear text password "999999999" [pap] User authenticated successfully ++[pap] returns ok Login OK: [999999999] (from client 10.152.0.7 port 0 cli 1002) +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 16 to 10.152.0.7 port 20001 Finished request 0. Although the last line there says 'Sending Access-Accept', I do not get authorized at the NAS end. Here's how things play out on my old version 1 setup.... rad_recv: Access-Request packet from host 10.152.0.7:20001, id=31, length=168 NAS-IP-Address = 10.152.0.7 User-Name = "999999999" User-Password = "999999999" Service-Type = Login-User NAS-Port-Type = Async Calling-Station-Id = "1002" Quintum-h323-conf-id = "h323-conf-id=34616537 32383034 62640001 00080000" Quintum-AVPair = "h323-ivr-out=ACCESSCODE:990006" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "999999999", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: '999999999' rlm_sql (sql): sql_set_user escaped user --> '999999999' radius_xlat: 'SELECT [id], UserName, Attribute, [Value], op FROM dbo.Rad_Authorize_User_Check('999999999')' rlm_sql (sql): Reserving sql socket id: 49 query: SELECT [id], UserName, Attribute, [Value], op FROM dbo.Rad_Authorize_User_Check('999999999') radius_xlat: 'SELECT * FROM dbo.Rad_Group_Check('999999999')' query: SELECT * FROM dbo.Rad_Group_Check('999999999') radius_xlat: '' radius_xlat: 'EXEC Rad_Authenticate @username = '999999999', @dialstring_from = '1002', @dialstring_to = '', @gw_session_id = '34616537 32383034 62640001 00080000', @ivr_out = 'h323-ivr-out=ACCESSCODE:990006', @gw_ip = '10.152.0.7', @call_origin = '', @gw_name = '' ' query: EXEC Rad_Authenticate @username = '999999999', @dialstring_from = '1002', @dialstring_to = '', @gw_session_id = '34616537 32383034 62640001 00080000', @ivr_out = 'h323-ivr-out=ACCESSCODE:990006', @gw_ip = '10.152.0.7', @call_origin = '', @gw_name = '' rlm_sql (sql): Released sql socket id: 49 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [999999999] (from client cms port 0 cli 1002) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_sql (sql): Processing sql_postauth radius_xlat: '999999999' rlm_sql (sql): sql_set_user escaped user --> '999999999' modcall[post-auth]: module "sql" returns noop for request 0 modcall: leaving group post-auth (returns noop) for request 0 Sending Access-Accept of id 31 to 10.152.0.7 port 20001 h323-return-code = "h323-return-code=0" h323-billing-model = "h323-billing-model=0" h323-credit-amount = "h323-credit-amount=76.15" h323-currency = "h323-currency=AUD" Finished request 0 Thanks for any assistance, Rob
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html