Hi There, I have been looking at an issue we are having with out deployment and for the life of me cant see what is wrong. We have version 2.1.8 but I couldn't find any mention of a bug like this in releases since.
The issue is I want to do a realm based auth for one realm and return some L2TP information. So in proxy.conf I have added the realm, in users I have added a user like this: realm and ip changed to protect the innocent DEFAULT Realm == "womble.co.nz", Auth-Type := Accept Tunnel-Type := L2TP, Tunnel-Medium-Type := IP, Tunnel-Server-Endpoint := 1.1.1.1, Alc-Tunnel-Idle-Timeout := 600, Tunnel-Assignment-Id := Tunnel1, Fall-Through = No In the default enabled site I have file and sql enabled for authorization. When I run freeradius -X I get the output as follows: again changed to protect [suffix] Looking up realm "wombles.co.nz" for User-Name = "wib...@womble.co.nz" [suffix] Found realm "womble.co.nz" [suffix] Adding Stripped-User-Name = "wibble" [suffix] Adding Realm = "womble.co.nz" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [files] users: Matched entry DEFAULT at line 87 ++[files] returns ok [sql] expand: %{Orcon-User-Name} -> [sql] sql_set_user escaped user --> '' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: CALL authorize_check_query(query) -> CALL authorize_check_query(query) rlm_sql_mysql: query: CALL authorize_check_query(query) rlm_sql_mysql: MYSQL check_error: 1054 received rlm_sql_getvpdata: database query error [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 0 ++[sql] returns fail Invalid user: [wib...@womble.co.nz] (from client bng1 port 0 cli 103249698) Using Post-Auth-Type Reject I would have thought this configuration should result in the users file being scanned and then returning Auth-Type: Accept and not then processing the sql authorize module. Have I missed something simple, or does this config look right. Any clues appreciated. Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html