Platform: OpenBSD 5.1 Version: 2.1.12 Hello,
I have a problem setting up freeradius and I think it's related to the domain stripping Here's what I did for my configuration 1) Imported the scripts schema.sql, admin.sql, ippool.sql, nas.sql in my MySQL radiusdb database 2) Inserted a user: INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('testuser', 'Password', 'passsecret'); 3) Configured clients.conf client localhost { ipaddr = 127.0.0.1 secret = testing123 require_message_authenticator = no nastype = other # localhost isn't usually a NAS... } 4) Uncommented in radiusd.conf $INCLUDE ${confdir}/sql.conf $INCLUDE ${confdir}/sql/mysql/counter.conf 5) In /etc/raddb/sites-enabled/default uncommented authorize { sql } accounting { sql sql_log } 6) Configured /etc/raddb/sql.conf sql { database = "mysql" driver = "rlm_sql_${database}" #socket= var/run/mysql/mysql.sock server = "localhost" port = 3306 login = "radiususer" password = "passradius" radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 lifetime = 0 max_queries = 0 nas_table = "nas" $INCLUDE sql/${database}/dialup.conf } 7) In /etc/raddb/sql/mysql/dialup.conf added sql_user_name = '%{Stripped-User-Name}' 8) I start the radius server # /usr/local/sbin/radiusd -X And make a test on the local machine $ radtest testuser passsecret 127.0.0.1 1812 testing123 And I receive an access reject: rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=222, length=20 9) Le debug says rad_recv: Access-Request packet from host 127.0.0.1 port 10251, id=122, length=78 User-Name = "testuser" User-Password = "passsecret" NAS-IP-Address = 192.168.1.1 NAS-Port = 1812 Message-Authenticator = 0xf16b463a77e5dfefbd9385915a307e88 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{Stripped-User-Name} -> [sql] sql_set_user escaped user --> '' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: -> [sql] Error generating query; rejecting user rlm_sql (sql): Released sql socket id: 3 ++[sql] returns fail Invalid user: [testuser] (from client localhost port 1812) Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 122 to 127.0.0.1 port 10251 Waking up in 4.9 seconds. Cleaning up request 1 ID 122 with timestamp +74 Ready to process requests. 10) I can see that something goes wrong with this message [sql] Error generating query; rejecting user But I don't understand why Thank you to those who can point the right direction. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html