Auth-type and sql

Tue, 04 Feb 2003 03:53:29 -0800



I have a problem to set atrribute Auth-Type in the sql field.

My table are:

mysql> select * from radcheck;
+----+----------+---------------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+-------+
| 1 | testuser | User-Password | == | test |
+----+----------+---------------+----+-------+

mysql> select * from radgroupreply;
+----+-----------+--------------+----+-------------+------+
| id | GroupName | Attribute | op | Value | prio |
+----+-----------+--------------+----+-------------+------+
| 5 | testgroup | Auth-Type | := | Reject | 1 |
| 3 | testgroup | Service-Type | = | Framed-User | 1 |
+----+-----------+--------------+----+-------------+------+

mysql> select * from radreply;
+----+----------+--------------+----+--------+
| id | UserName | Attribute | op | Value |
+----+----------+--------------+----+--------+
| 3 | testuser | Idle-Timeout | = | 906 |
| 5 | testuser | Auth-Type | := | Reject |
+----+----------+--------------+----+--------+

mysql> select * from usergroup;
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
| 1 | testuser | testgroup |
+----+----------+-----------+

My authorize and authenticate section in radiusd.conf are:

authorize {
preprocess
suffix
sql
}

authenticate {
authtype PAP {
pap
}
authtype CHAP {
chap
}
}

When i try to use radtest i get this:

rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=68, length=32
Idle-Timeout = 906
Service-Type = Framed-User

and output in debug mode is:

rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 68 to 127.0.0.1:32839
Idle-Timeout = 906
Service-Type = Framed-User
Finished request 0

Why the radius server don't reject the user "testuser"?

Thanks in advance,

Alessandro Lazzini

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to