Hello, In src/modules/rlm_sql/rlm_sql.c around line 575 there is a block of code which looks like:
if (paircmp(request, request->packet->vps, check_tmp, &reply_tmp) != 0) { radlog(L_INFO, "rlm_sql (%s): Pairs do not match for user [%s]", inst->config->xlat_name, sqlusername); /* Remove the username we (maybe) added above */ pairdelete(&request->packet->vps, PW_SQL_USER_NAME); sql_release_socket(inst, sqlsocket); pairfree(&reply_tmp); pairfree(&check_tmp); return RLM_MODULE_NOTFOUND; } This seems to be comparing the pairs from the: authorize_group_check_query and authorize_group_reply_query results when used with the rlm_sql module. My question is why should the reply and check pairs be the same? The code has no comments explaining this (I'll write some up and submit a patch if someone explains it to me). I uncommented the extra debugging above this section, and what I see is: rlm_sql: check items Crypt-Password = "$1$xxxxxxx$xxxxxxxxxxxxxxxxx" Simultaneous-Use = 1 rlm_sql: reply items rlm_sql (sql): Pairs do not match for user [wizardit] rlm_sql (sql): Released sql socket id: 9 modcall[authorize]: module "sql" returns notfound modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: No password configured for the user Section 4 of the doc/Simultaneous-Use says: Note that you need to add the Simultaneous-Use parameter to the check item (first line), not the reply item, using the ':=' operator. So it seems to me that there the check_items should never match the reply items (of which I have none) when using Simultaneous-Use. Is this correct? If so the code in rlm_sql.c is wrong, otherwise what am I missing? With the block of code above commented out in rlm_sql.c authentication works properly (as it did in previous versions), and I haven't noticed any other problems. Is there a problem with leaving this out? Thanks, Josh -- Josh Wilsdon <[EMAIL PROTECTED]> Programmer Analyst Wizard IT Services - http://www.wizard.ca Linux Support Specialist - http://linuxmagic.com Unix Administration, Website Hosting, Network Services, Programming (604) 589-0037 Beautiful British Columbia, Canada LinuxMagic is a TradeMark of Wizard Tower TechnoServices Ltd. -------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html