Re: Freeradius + PEAP.. stuck on validating identity..
Bruno Kremel wrote:
> I am posting full log with first is radtest accepted and others are
> failde login from wifi client with 2 different accounts...
>
> FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Mar 29
> 2010 at 15:58:09
You should probably upgrade to 2.1.8. It has a lot of fixes &&
features over 2.0.4.
> server inner-tunnel {
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
> rlm_realm: No '@' in User-Name = "123", looking up realm NULL
> rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> rlm_eap: EAP packet type response id 8 length 62
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
And no "sql". Edit raddb/sites-available/inner-tunnel, and add "sql"
to the "authorize" section. It's already there, so you likely just have
to uncomment it.
> rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for 123 with NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Yup. No "known good" password means no authentication.
You could also try: http://networkradius.com/freeradius.html
This lets you cut && paste the debug output into a form. The response
is a colorized HTML page indicating common errors, and things you should
look into. It won't catch this problem, but it will highlight the fact
that there was no "known good" password for the user.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
2010/4/1 Alan DeKok :
> Bruno Kremel wrote:
>> Sending Access-Challenge of id 0 to 192.168.3.1 port 1320
>> EAP-Message = 0x010c00061900
>> Message-Authenticator = 0x
>> State = 0x53b1704557bd694fbe3359243d2a2638
>> Finished request 40.
>> Going to the next request
>> Waking up in 4.9 seconds.
>> Cleaning up request 40 ID 0 with timestamp +589
>> Ready to process requests.
>
> This is documented in the FAQ, in the comments in raddb/eap.conf, and
> on my web site (http://deployingradius.com/).
>
> Please read the existing documentation,
>
>> That Access-Challenge should authenticate my client if I am not wrong,
>
> No.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Thank you for that links... I have read that FAQ and so I copyed over
default eap.conf and tryed it with uses file.. it is working OK i can
connect to AP with username/password, but when I tryed to use SQL (I
have corret format in SQL now) again it ends up this with
Accept-Reject:
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in
this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [pokus2/] (from client
ciscorouter port 44 cli 001e650ece6c)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> pokus2
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 23 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 23
Sending Access-Reject of id 0 to 192.168.3.1 port 1327
EAP-Message = 0x040a0004
Message-Authenticator = 0x
Waking up in 4.9 seconds.
Cleaning up request 23 ID 0 with timestamp +735
Ready to process requests.
Bud radtest gives me:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 54224,
id=218, length=57
User-Name = "test2"
User-Password = "pokus2"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "test2", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> test2
rlm_sql (sql): sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 2
expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test2' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test2' ORDER BY id
expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'test2' ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "pokus2"
rlm_pap: Using clear text password "pokus2"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [test2/pokus2] (from client localhost port 1812)
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 218 to 127.0.0.1 port 54224
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 10 ID 218 with timestamp +263
Ready to process requests.
So is it sql problem or something with eap?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
Bruno Kremel wrote: > Sending Access-Challenge of id 0 to 192.168.3.1 port 1320 > EAP-Message = 0x010c00061900 > Message-Authenticator = 0x > State = 0x53b1704557bd694fbe3359243d2a2638 > Finished request 40. > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 40 ID 0 with timestamp +589 > Ready to process requests. This is documented in the FAQ, in the comments in raddb/eap.conf, and on my web site (http://deployingradius.com/). Please read the existing documentation, > That Access-Challenge should authenticate my client if I am not wrong, No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
On 01/04/2010, at 8:40 PM, Bruno Kremel wrote: > 2010/4/1 Matt Harlum : >> >> On 01/04/2010, at 1:44 PM, Matt Harlum wrote: >> >> On 01/04/2010, at 7:39 AM, Bruno Kremel wrote: >> >> On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote: >> What should be there? >> Beacuse I don't know I am using Daloradius web interafce for adding data to >> database, so I just loaded default daloradius sql which was intendet >> (according to readme od daloradius) for 2.X Freeradius... and added accounts >> in web interface... >> >> Here's an example from my radcheck table in the SQL Database >> id | UserName | Attribute | op | Value | >> ++--+---+++ >> | 1 | exampleuser | User-Password | == | password123 | >> This is how yours should be set up, otherwise you will get the "validating" >> issue in Windows. >> >> I was wrong >> it should be >> Here's an example from my radcheck table in the SQL Database >> id | UserName | Attribute | op | Value | >> ++--+---+++ >> | 1 | exampleuser | Cleartext-Password | := | password123 | >> My configuration was wrong it'd seem, I hadn't noticed as I'm primarily >> using EAP-TLS with EAP-TTLS as a fallback. didn't test it when I upgraded to >> 2.x >> Regards, >> Matt Harlum >> >> >> To me it seems that name/password was accepted so I have no clue where >> >> is the problem.. >> >> The password was NOT accepted. It was *ignored*. >> >> And what is that Accept-Accept on the end of the log?... also radtest gives >> me >> Accept-Accept only on correct login and password so I think that it's not >> that >> SQL... >> >> >> As Alan said, it was simply ignored because of the misconfiguration >> Regards, >> Matt Harlum >> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Thank you for answer.. You are right with that sql it is some mess in > daloradius, but I tryed to disable SQL and use /etc/freeradius/users > file instead, but I am stuck on Attempting to authenticate now.. log > says this: Are you trying to use EAP-TTLS? > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.3.1 port 1320, id=0, > length=137 > Cleaning up request 39 ID 0 with timestamp +589 >User-Name = "pokus" >NAS-IP-Address = 192.168.3.1 >Called-Station-Id = "00259c523046" >Calling-Station-Id = "001e650eb532" >NAS-Identifier = "00259c523046" >NAS-Port = 9 >Framed-MTU = 1400 >State = 0x53b1704550ba694fbe3359243d2a2638 >NAS-Port-Type = Wireless-802.11 >EAP-Message = 0x020b00061900 >Message-Authenticator = 0x5fde19c57e8672a11c18b0b34d8c3acd > +- entering group authorize > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop >rlm_realm: No '@' in User-Name = "pokus", looking up realm NULL >rlm_realm: No such realm "NULL" > ++[suffix] returns noop > rlm_eap: EAP packet type response id 11 length 6 > rlm_eap: Continuing tunnel setup. > ++[eap] returns ok > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > +- entering group authenticate > rlm_eap: Request found, released from the list > rlm_eap: EAP/peap > rlm_eap: processing type peap > rlm_eap_peap: Authenticate > rlm_eap_tls: processing TLS > rlm_eap_tls: Received EAP-TLS ACK message > rlm_eap_tls: ack handshake fragment handler > eaptls_verify returned 1 > eaptls_process returned 13 > rlm_eap_peap: EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 0 to 192.168.3.1 port 1320 >EAP-Message = 0x010c00061900 >Message-Authenticator = 0x >State = 0x53b1704557bd694fbe3359243d2a2638 > Finished request 40. > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 40 ID 0 with timestamp +589 > Ready to process requests. Hard for me to tell what's going wrong here, radiusd -X should give more diagnostic information that would help also, what was the exact section of your users file like? with obfuscated login credentials of course. > That Access-Challenge should authenticate my client if I am not wrong, > but it still shows me validating identity and the attempting to > authenticate... > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
2010/4/1 Matt Harlum : > > On 01/04/2010, at 1:44 PM, Matt Harlum wrote: > > On 01/04/2010, at 7:39 AM, Bruno Kremel wrote: > > On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote: > What should be there? > Beacuse I don't know I am using Daloradius web interafce for adding data to > database, so I just loaded default daloradius sql which was intendet > (according to readme od daloradius) for 2.X Freeradius... and added accounts > in web interface... > > Here's an example from my radcheck table in the SQL Database > id | UserName | Attribute | op | Value | > ++--+---+++ > | 1 | exampleuser | User-Password | == | password123 | > This is how yours should be set up, otherwise you will get the "validating" > issue in Windows. > > I was wrong > it should be > Here's an example from my radcheck table in the SQL Database > id | UserName | Attribute | op | Value | > ++--+---+++ > | 1 | exampleuser | Cleartext-Password | := | password123 | > My configuration was wrong it'd seem, I hadn't noticed as I'm primarily > using EAP-TLS with EAP-TTLS as a fallback. didn't test it when I upgraded to > 2.x > Regards, > Matt Harlum > > > To me it seems that name/password was accepted so I have no clue where > > is the problem.. > > The password was NOT accepted. It was *ignored*. > > And what is that Accept-Accept on the end of the log?... also radtest gives > me > Accept-Accept only on correct login and password so I think that it's not > that > SQL... > > > As Alan said, it was simply ignored because of the misconfiguration > Regards, > Matt Harlum > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Thank you for answer.. You are right with that sql it is some mess in daloradius, but I tryed to disable SQL and use /etc/freeradius/users file instead, but I am stuck on Attempting to authenticate now.. log says this: Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.3.1 port 1320, id=0, length=137 Cleaning up request 39 ID 0 with timestamp +589 User-Name = "pokus" NAS-IP-Address = 192.168.3.1 Called-Station-Id = "00259c523046" Calling-Station-Id = "001e650eb532" NAS-Identifier = "00259c523046" NAS-Port = 9 Framed-MTU = 1400 State = 0x53b1704550ba694fbe3359243d2a2638 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020b00061900 Message-Authenticator = 0x5fde19c57e8672a11c18b0b34d8c3acd +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "pokus", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 11 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.3.1 port 1320 EAP-Message = 0x010c00061900 Message-Authenticator = 0x State = 0x53b1704557bd694fbe3359243d2a2638 Finished request 40. Going to the next request Waking up in 4.9 seconds. Cleaning up request 40 ID 0 with timestamp +589 Ready to process requests. That Access-Challenge should authenticate my client if I am not wrong, but it still shows me validating identity and the attempting to authenticate... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
On 01/04/2010, at 1:44 PM, Matt Harlum wrote: > > On 01/04/2010, at 7:39 AM, Bruno Kremel wrote: > >> On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote: >> What should be there? >> Beacuse I don't know I am using Daloradius web interafce for adding data to >> database, so I just loaded default daloradius sql which was intendet >> (according to readme od daloradius) for 2.X Freeradius... and added accounts >> in web interface... > > Here's an example from my radcheck table in the SQL Database > id | UserName | Attribute | op | Value | > ++--+---+++ > | 1 | exampleuser | User-Password | == | password123 | > > This is how yours should be set up, otherwise you will get the "validating" > issue in Windows. > I was wrong it should be Here's an example from my radcheck table in the SQL Database id | UserName | Attribute | op | Value | ++--+---+++ | 1 | exampleuser | Cleartext-Password | := | password123 | My configuration was wrong it'd seem, I hadn't noticed as I'm primarily using EAP-TLS with EAP-TTLS as a fallback. didn't test it when I upgraded to 2.x Regards, Matt Harlum > >>> To me it seems that name/password was accepted so I have no clue where is the problem.. >>> >>> The password was NOT accepted. It was *ignored*. >>> >> And what is that Accept-Accept on the end of the log?... also radtest gives >> me >> Accept-Accept only on correct login and password so I think that it's not >> that >> SQL... >> > > As Alan said, it was simply ignored because of the misconfiguration > > Regards, > Matt Harlum > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
On 01/04/2010, at 7:39 AM, Bruno Kremel wrote: > On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote: > What should be there? > Beacuse I don't know I am using Daloradius web interafce for adding data to > database, so I just loaded default daloradius sql which was intendet > (according to readme od daloradius) for 2.X Freeradius... and added accounts > in web interface... Here's an example from my radcheck table in the SQL Database id | UserName | Attribute | op | Value | ++--+---+++ | 1 | exampleuser | User-Password | == | password123 | This is how yours should be set up, otherwise you will get the "validating" issue in Windows. >> >>> To me it seems that name/password was accepted so I have no clue where >>> is the problem.. >> >> The password was NOT accepted. It was *ignored*. >> > And what is that Accept-Accept on the end of the log?... also radtest gives > me > Accept-Accept only on correct login and password so I think that it's not > that > SQL... > As Alan said, it was simply ignored because of the misconfiguration Regards, Matt Harlum - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
Bruno Kremel wrote: >> Why did you put "Auth-Type = Accept" in SQL? >> >> It's breaking the server. Delete it. > What should be there? The user's password? > Beacuse I don't know I am using Daloradius web interafce for adding data to > database, so I just loaded default daloradius sql which was intendet > (according to readme od daloradius) for 2.X Freeradius... and added accounts > in web interface... I don't use daloradius. All I know is from the debug output, which shows that the server isn't configured properly. > And what is that Accept-Accept on the end of the log?... It's useless. The EAP conversation has been short-circuited, and the user WILL NOT end up being online. > also radtest gives me > Accept-Accept only on correct login and password so I think that it's not > that > SQL... Since you obviously know the product better than I do, good luck solving the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote:
> Bruno Kremel wrote:
> > My configuration is pretty much default except of enabling MySQL and
> > setting paths and passwords to certificates (generated with make
> > script in /etc/freeradius/certs, so they should be OK) and addresses
> > of clients.
>
> And what did you put in SQL?
>
> > expand: %{User-Name} -> pokus
> > rlm_sql (sql): sql_set_user escaped user --> 'pokus'
> > rlm_sql (sql): Reserving sql socket id: 3
> > expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
> > username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> > attribute, value, op FROM radcheck WHERE username = 'pokus' ORDER BY
> > id
> > rlm_sql (sql): User found in radcheck table
> > expand: SELECT id, username, attribute, value, op FROM radreply WHERE
> > username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> > attribute, value, op FROM radreply WHERE username = 'pokus' ORDER BY
> > id
> > expand: SELECT groupname FROM radusergroup WHERE username =
> > '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
> > radusergroup WHERE username = 'pokus' ORDER BY priority
>
> ...
>
> > rad_check_password: Found Auth-Type Accept
> > rad_check_password: Auth-Type = Accept, accepting the user
>
> Why did you put "Auth-Type = Accept" in SQL?
>
> It's breaking the server. Delete it.
What should be there?
Beacuse I don't know I am using Daloradius web interafce for adding data to
database, so I just loaded default daloradius sql which was intendet
(according to readme od daloradius) for 2.X Freeradius... and added accounts
in web interface...
>
> > To me it seems that name/password was accepted so I have no clue where
> > is the problem..
>
> The password was NOT accepted. It was *ignored*.
>
And what is that Accept-Accept on the end of the log?... also radtest gives me
Accept-Accept only on correct login and password so I think that it's not that
SQL...
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
Thank you for answer.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PEAP.. stuck on validating identity..
Bruno Kremel wrote:
> My configuration is pretty much default except of enabling MySQL and
> setting paths and passwords to certificates (generated with make
> script in /etc/freeradius/certs, so they should be OK) and addresses
> of clients.
And what did you put in SQL?
> expand: %{User-Name} -> pokus
> rlm_sql (sql): sql_set_user escaped user --> 'pokus'
> rlm_sql (sql): Reserving sql socket id: 3
> expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
> username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> attribute, value, op FROM radcheck WHERE username = 'pokus' ORDER BY
> id
> rlm_sql (sql): User found in radcheck table
> expand: SELECT id, username, attribute, value, op FROM radreply WHERE
> username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
> attribute, value, op FROM radreply WHERE username = 'pokus' ORDER BY
> id
> expand: SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
> radusergroup WHERE username = 'pokus' ORDER BY priority
...
> rad_check_password: Found Auth-Type Accept
> rad_check_password: Auth-Type = Accept, accepting the user
Why did you put "Auth-Type = Accept" in SQL?
It's breaking the server. Delete it.
> To me it seems that name/password was accepted so I have no clue where
> is the problem..
The password was NOT accepted. It was *ignored*.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + PEAP.. stuck on validating identity..
Hi,
I have freeradius for WPA2 Enterprise authentification in small
network in library, it is stable version (2.0.4) on Debian Lenny
compiled from sources with OpenSSL support..
Everything seems to be OK, but when I try to connect to AP from laptop
with Windows XP after I enter name and password I am stuck on
Validating identity, same on Ubuntu machine...
My configuration is pretty much default except of enabling MySQL and
setting paths and passwords to certificates (generated with make
script in /etc/freeradius/certs, so they should be OK) and addresses
of clients.
This is what freeradius -X gives me when I try to connect to AP:
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.3.1 port 1291, id=0,
length=123
User-Name = "pokus"
NAS-IP-Address = 192.168.3.1
Called-Station-Id = "00259c523046"
Calling-Station-Id = "001e650eb532"
NAS-Identifier = "00259c523046"
NAS-Port = 9
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020a01706f6b7573
Message-Authenticator = 0x634f3b088572fda3a12eca56ed6035b9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "pokus", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> pokus
rlm_sql (sql): sql_set_user escaped user --> 'pokus'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radcheck WHERE username = 'pokus' ORDER BY
id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE
username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radreply WHERE username = 'pokus' ORDER BY
id
expand: SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'pokus' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [pokus/] (from client router port 9
cli 001e650eb532)
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 0 to 192.168.3.1 port 1291
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +59
Ready to process requests.
To me it seems that name/password was accepted so I have no clue where
is the problem..
Thank you in advance for any help..
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
