We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crash or memory corruption (segv, abort, etc...)
Hello , i have very strange problem, I can authetificate from radius itself but can`t from any other sourse (cisco router) by same user
I`m using radius taking base from sql
Authentificate from router (0) Received Access-Request Id 22 from 10.10.81.254:1645 to 10.10.81.31:1812 length 71 (0) User-Name = "rovshan" (0) User-Password = "\254\323c\253\360\214\315g\321\3035 :4\314\"" (0) NAS-Port = 2 (0) NAS-Port-Id = "tty2" (0) NAS-Port-Type = Virtual (0) NAS-IP-Address = 10.10.81.254 (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "rovshan", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> rovshan (0) sql: SQL-User-Name set to 'rovshan' rlm_sql (sql): Reserved connection (0) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rovshan' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rovshan' ORDER BY id (0) sql: User found in radcheck table (0) sql: Conditional check items matched, merging assignment check items (0) sql: Crypt-Password := "SAKL/NQfXrXtw" (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rovshan' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rovshan' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'rovshan' ORDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'rovshan' ORDER BY priority (0) sql: User not found in any groups rlm_sql (sql): Released connection (0) Need more connections to reach 10 spares rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used rlm_sql_mysql: Starting connect to MySQL server WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. rlm_sql_mysql: Connected to database 'raddb' on Localhost via UNIX socket, server version 5.5.5-10.6.12-MariaDB-0ubuntu0.22.04.1, protocol version 10 (0) [sql] = ok (0) [expiration] = noop (0) [logintime] = noop (0) [pap] = updated (0) } # authorize = updated (0) Found Auth-Type = PAP (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Auth-Type PAP { (0) pap: Login attempt with password (0) pap: Comparing with "known-good" Crypt-password (0) pap: ERROR: Crypt digest does not match "known good" digest (0) pap: Passwords don't match (0) [pap] = reject (0) } # Auth-Type PAP = reject (0) Failed to authenticate the user (0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Post-Auth-Type REJECT { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND %{User-Name} (0) sql: --> rovshan (0) sql: SQL-User-Name set to 'rovshan' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M' ) (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rovshan', '=3DAC=3DD3c=3DAB=3DF0=3D8C=3DCDg=3DD1=3DC35 :4=3DCC=3D22', 'Access-Reject', '2024-01-18 10:20:16.630819' ) (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rovshan', '=3DAC=3DD3c=3DAB=3DF0=3D8C=3DCDg=3DD1=3DC35 :4=3DCC=3D22', 'Access-Reject', '2024-01-18 10:20:16.630819' ) (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (1) (0) [sql] = ok (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> rovshan (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated Authetificate from server it self (5) Received Access-Request Id 189 from 10.10.81.31:51924 to 10.10.81.31:1812 length 47 (5) User-Name = "rovshan" (5) User-Password = "P@55w0rd123" (5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ /@\./) { (5) if (&User-Name =~ /@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "rovshan", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: No EAP-Message, not doing EAP (5) [eap] = noop (5) [files] = noop (5) sql: EXPAND %{User-Name} (5) sql: --> rovshan (5) sql: SQL-User-Name set to 'rovshan' rlm_sql (sql): Reserved connection (9) (5) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (5) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rovshan' ORDER BY id (5) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rovshan' ORDER BY id (5) sql: User found in radcheck table (5) sql: Conditional check items matched, merging assignment check items (5) sql: Crypt-Password := "SAKL/NQfXrXtw" (5) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id (5) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rovshan' ORDER BY id (5) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rovshan' ORDER BY id (5) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (5) sql: --> SELECT groupname FROM radusergroup WHERE username = 'rovshan' ORDER BY priority (5) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'rovshan' ORDER BY priority (5) sql: User not found in any groups rlm_sql (sql): Released connection (9) Need 1 more connections to reach min connections (3) Need more connections to reach 10 spares rlm_sql (sql): Opening additional connection (10), 1 of 30 pending slots used rlm_sql_mysql: Starting connect to MySQL server WARNING: MYSQL_OPT_RECONNECT is deprecated and will be removed in a future version. rlm_sql_mysql: Connected to database 'raddb' on Localhost via UNIX socket, server version 5.5.5-10.6.12-MariaDB-0ubuntu0.22.04.1, protocol version 10 rlm_sql (sql): You probably need to lower "min" rlm_sql (sql): Closing expired connection (2) - Hit idle_timeout limit rlm_sql_mysql: Socket destructor called, closing socket (5) [sql] = ok (5) [expiration] = noop (5) [logintime] = noop (5) [pap] = updated (5) } # authorize = updated (5) Found Auth-Type = PAP (5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (5) Auth-Type PAP { (5) pap: Login attempt with password (5) pap: Comparing with "known-good" Crypt-password (5) pap: User authenticated successfully (5) [pap] = ok (5) } # Auth-Type PAP = ok (5) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default (5) post-auth { (5) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) { (5) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE (5) update { (5) No attributes updated for RHS &session-state: (5) } # update = noop (5) sql: EXPAND .query (5) sql: --> .query (5) sql: Using query template 'query' rlm_sql (sql): Reserved connection (9) (5) sql: EXPAND %{User-Name} (5) sql: --> rovshan (5) sql: SQL-User-Name set to 'rovshan' (5) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M' ) (5) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rovshan', 'P@55w0rd123', 'Access-Accept', '2024-01-18 10:23:35.078740' ) (5) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( 'rovshan', 'P@55w0rd123', 'Access-Accept', '2024-01-18 10:23:35.078740' ) (5) sql: SQL query returned: success (5) sql: 1 record(s) updated rlm_sql (sql): Released connection (9) (5) [sql] = ok (5) [exec] = noop (5) policy remove_reply_message_if_eap { (5) if (&reply:EAP-Message && &reply:Reply-Message) { (5) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (5) else { (5) [noop] = noop (5) } # else = noop (5) } # policy remove_reply_message_if_eap = noop (5) if (EAP-Key-Name && &reply:EAP-Session-Id) { (5) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE (5) } # post-auth = ok (5) Sent Access-Accept Id 189 from 10.10.81.31:1812 to 10.10.81.31:51924 length 20 (5) Finished request Waking up in 4.9 seconds. (5) Cleaning up request packet ID 189 with timestamp +208 due to cleanup_delay was reached Ready to process requests
No response
The text was updated successfully, but these errors were encountered:
Please ask questions on the freeradius-users mailing list.
Sorry, something went wrong.
No branches or pull requests
What type of defect/bug is this?
Crash or memory corruption (segv, abort, etc...)
How can the issue be reproduced?
Hello , i have very strange problem, I can authetificate from radius itself but can`t from any other sourse (cisco router) by same user
I`m using radius taking base from sql
Log output from the FreeRADIUS daemon
Relevant log output from client utilities
No response
Backtrace from LLDB or GDB
No response
The text was updated successfully, but these errors were encountered: