делаю авторизацию wifi клиентов через freeradius с mysql, но возникла проблема с пользователями в бд
если пользователя прописать в /etc/freeradius/users:
user1 Cleartext-Password :=«password»
то всё ок, пропускает, если в базе, то:
вот записи в базе:
radcheck:
+----+----------+--------------------+----+----------+
| id | username | attribute | op | value |
+----+----------+--------------------+----+----------+
| 1 | user1 | Cleartext-Password | := | password |
+----+----------+--------------------+----+----------+
radusergroup:
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| user1 | DEFAULT | 1 |
+----------+-----------+----------+
часть лога радиуса:
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = «user1», looking up realm NULL
[suffix] Found realm «DEFAULT»
[suffix] Adding Stripped-User-Name = «user1»
[suffix] Adding Realm = «DEFAULT»
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 186 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> user1
[sql] sql_set_user escaped user --> 'user1'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user1' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'user1' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'DEFAULT' ORDER BY id
[sql] User found in group DEFAULT
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'DEFAULT' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No «known good» password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 162 to 192.168.200.253 port 41310
EAP-Message = 0x01bb001604103264d0f72f21a0985cc492681aa9d7c0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe092a75ee029a331ff4d0d3fe0952bdd
Finished request 0.
Going to the next request
**********************************************************************************************
судя по логу в базе находит, но не пропускает, в чём причина может быть?