On Mon, Nov 28, 2011 at 8:29 AM, Bogi Aditya <b...@imtelkom.ac.id> wrote: > thanks Alan > > I found the problem was in the "attribute" field > where I put "Cleartext-Password" based on the wiki : > http://wiki.freeradius.org/SQL-HOWTO
The example should be correct. From http://wiki.freeradius.org/SQL-HOWTO#Populating+SQL mysql> select * from radcheck; +----+----------------+--------------------+------------------+------+ | id | UserName | Attribute | Value | Op | +----+----------------+--------------------+------------------+------+ | 1 | fredf | Cleartext-Password | wilma | := | | 2 | barney | Cleartext-Password | betty | := | | 2 | dialrouter | Cleartext-Password | dialup | := | +----+----------------+--------------------+------------------+------+ 3 rows in set (0.01 sec) Note how it uses ":=" as op? > > after I changed the value to just "password" > it works fine now. It has different meaning, actually. If you use Password (or User-Password) with op "==", you're basically comparing the attribute User-Password in user request to the one in the database. It SHOULD work if the request is using PAP, but it won't work if the request is using MS-CHAPv2 (or some other authentication protocol that does not send user password as plain text in User-Password attribute). You can test it with "radtest -t mschap" (available in newer versions of FR) I highly suggest you change it to Cleartext-Password and ":=" -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html