Hi,
I have configurated a freeradius server using MySql authentication. When i
run radtest i get a succefull response:
rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209,
length=59
User-Name = sqltest
User-Password = testpwd
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = sqltest, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} - sqltest
[sql] sql_set_user escaped user -- 'sqltest'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = 'sqltest' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT
id, username, attribute, value, op FROM radreply WHERE
username = 'sqltest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority - SELECT
groupname FROM radusergroup WHERE username = 'sqltest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password testpwd
[pap] Using clear text password testpwd
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 209 to 127.0.0.1 port 45562
Finished request 20.
Going to the next request
Now i have configurated a windows supplicant, when i enter the credentials
for login from the suplicant pc, the radius server always sends a rejected
response in the servers terminal(i have freeradius over debug mode to se all
the messages), this is what i get:
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0,
length=139
Cleaning up request 18 ID 0 with timestamp +502
User-Name = sqltest
NAS-IP-Address = 192.168.1.4
Called-Station-Id = 00226b81bae1
Calling-Station-Id = 002369764cef
NAS-Identifier = 00226b81bae1
NAS-Port = 21
Framed-MTU = 1400
State = 0x5589d8c55588dc92d29bccd07151cb7c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060319
Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = sqltest, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} - sqltest
[sql] sql_set_user escaped user -- 'sqltest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = 'sqltest' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT
id, username, attribute, value, op FROM radreply WHERE
username = 'sqltest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority - SELECT
groupname FROM radusergroup WHERE username = 'sqltest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} - sqltest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 19 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 19
Sending Access-Reject of id 0 to 192.168.1.4 port 3666
EAP-Message = 0x04010004
Message-Authenticator