Hi All.
I need to setup vpn server with radius login and store passwords in sql.
I have install all correctly (poptop, ppp, freeradius, mysql), and
configure, users can connect, and go throw the vpn.
And, i what to temporary disable user, but i can't.
That's what i do.
mysql> select * from radcheck;
+----+----------+---------------+----+--------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+--------+
| 1 | test | User-Password | == | test |
| 2 | test | Auth-Type | == | Reject |
+----+----------+---------------+----+--------+
>From radiusd.conf :
authorize {
preprocess
chap
suffix
sql
#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
mschap
}
As describd in comment, MS-CHAP add (or rewrite) Auth-Type for MS-CHAP and
user can login independent of Reject in sql table.
If in authorize section i switch sql and mschap module and set next order
authorize {
...
mschap
sql
}
In that configuration i recive reject if disble user in sql table, but also
recive reject with normal (not disabled users) with following log (radiusd
-X).
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authtype
rlm_mschap: No LM/NT password configured. Check authorization.
modcall[authenticate]: module "mschap" returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client localhost
port 0)
Delaying request 0 for 1 seconds
How i need to configure radius for propertly work?
Or how i can disable user in that configuration?
Thaks.
Rick.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
