I have a problem to set atrribute Auth-Type in the sql field.
My table are:
mysql> select * from radcheck;
+----+----------+---------------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+-------+
| 1 | testuser | User-Password | == | test |
+----+----------+---------------+----+-------+
mysql> select * from radgroupreply;
+----+-----------+--------------+----+-------------+------+
| id | GroupName | Attribute | op | Value | prio |
+----+-----------+--------------+----+-------------+------+
| 5 | testgroup | Auth-Type | := | Reject | 1 |
| 3 | testgroup | Service-Type | = | Framed-User | 1 |
+----+-----------+--------------+----+-------------+------+
mysql> select * from radreply;
+----+----------+--------------+----+--------+
| id | UserName | Attribute | op | Value |
+----+----------+--------------+----+--------+
| 3 | testuser | Idle-Timeout | = | 906 |
| 5 | testuser | Auth-Type | := | Reject |
+----+----------+--------------+----+--------+
mysql> select * from usergroup;
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
| 1 | testuser | testgroup |
+----+----------+-----------+
My authorize and authenticate section in radiusd.conf are:
authorize {
preprocess
suffix
sql
}
authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
}
When i try to use radtest i get this:
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=68, length=32
Idle-Timeout = 906
Service-Type = Framed-User
and output in debug mode is:
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 68 to 127.0.0.1:32839
Idle-Timeout = 906
Service-Type = Framed-User
Finished request 0
Why the radius server don't reject the user "testuser"?
Thanks in advance,
Alessandro Lazzini
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- Re: Auth-type and sql Alessandro Lazzini
- Re: Auth-type and sql Kevin Bonner