Hi All. I need to setup vpn server with radius login and store passwords in sql. I have install all correctly (poptop, ppp, freeradius, mysql), and configure, users can connect, and go throw the vpn.
And, i what to temporary disable user, but i can't. That's what i do. mysql> select * from radcheck; +----+----------+---------------+----+--------+ | id | UserName | Attribute | op | Value | +----+----------+---------------+----+--------+ | 1 | test | User-Password | == | test | | 2 | test | Auth-Type | == | Reject | +----+----------+---------------+----+--------+ >From radiusd.conf : authorize { preprocess chap suffix sql # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. mschap } As describd in comment, MS-CHAP add (or rewrite) Auth-Type for MS-CHAP and user can login independent of Reject in sql table. If in authorize section i switch sql and mschap module and set next order authorize { ... mschap sql } In that configuration i recive reject if disble user in sql table, but also recive reject with normal (not disabled users) with following log (radiusd -X). rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group authtype rlm_mschap: No LM/NT password configured. Check authorization. modcall[authenticate]: module "mschap" returns invalid modcall: group authtype returns invalid auth: Failed to validate the user. Login incorrect: [test/<no User-Password attribute>] (from client localhost port 0) Delaying request 0 for 1 seconds How i need to configure radius for propertly work? Or how i can disable user in that configuration? Thaks. Rick. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html