|
thanks alex
I have tried what you suggested but without much
success. When I actually add the sql entry in the
authenticate section and start radiusd
in debug mode --> I get an error stating
root:/usr/local/etc/raddb# radiusd -x
Starting - reading configuration files ... Module: Loaded System Module: Instantiated unix (unix) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) ERROR: Cannot find a configuration entry for module "sql". hence my question : do I need to add further
instruction in the module section on radiusd.conf
to make this work.
Thank you for your response
cheers
raven
-----Original Message-----
>From what I can read in the document, there is NO authentication
method for
the DB. They can only be used for authorization, i.e. verify that the user is recognized (exists) by the DB. I have a different scenario though, if I put the user name and password in etc/raddb/users, I can authenticate the user. If I add the user in the DB, and put the 'sql' before 'files' in the authorize section in radiusd.conf, the authorization part succeeds but the authentication part failed. e.g. when the radius.conf is configured like this authorize { ... files sql ... } authenticate { authtype PAP { pap } authtype CHAP { chap } authtype MS-CHAP { mschap } unix } and I have the following user in etc/raddb/users "ulxp" Auth-Type := Local, User-Password == "xbr" Service-Type = Outbound-User, Reply-Message = "Hello, %u" The authentication works fine. [[EMAIL PROTECTED] root]# radtest ulxp xbr 192.168.1.101 1 secret Sending Access-Request of id 122 to 192.168.1.101:1812 User-Name = "ulxp" User-Password = "\260\031y\325\033F\271v8\257{\323\022\332\235@" NAS-IP-Address = longhorn NAS-Port = 1 rad_recv: Access-Accept packet from host 192.168.1.101:1812, id=122, length=39 Service-Type = Outbound-User Reply-Message = "Hello, ulxp" The radius server trace indicates that the authentication is done at the same time authorization is done, i.e. it reads the 'users' for authorization and finds that the user password matches the one from the request, it does the authentication, too. But if I switch files and sql in authorize section, then the authorization is done in sql. The user is found in radcheck table, and authorization passed. But since there is nothing to authenticate it, the access request gets rejected. I have not figure out a way to use the information stored in the DB, i.e. 'User-Password', to authenticate the user. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 2:32 AM To: [EMAIL PROTECTED] Subject: authenticating user via postgres config Hi all, I needed some help to configure freeradius (0.8) to authenticate users using a postgres database. I tried reading whatever docs (very few) I could find and I am confused as how to go about configuring radius.conf file. I have looked at the authenticate section but how do I actually instruct radius to use sql to authenticate and do I need to add some more instructions in the modules section ..like Unix or Pam, something similar for sql perhaps... any help will be appreciated cheers Raven (I have already had a look at postgres.conf file and the database exists on the local machine, the database radius and all the required tables already created. Also have rlm_sql_postgresql.* in the shared lib dir </usr/local/lib>) |
