Hi, Thanks for your comments Alan.
"Jerlique Ban" <[EMAIL PROTECTED]> wrote: > I've now switched to using freeradius 1.0.0-pre3 on freebsd. I am > trying to authenticate users via my Exec-Program call, which does a > whole lot of other queries and tests before granting access. It all > works if a PAP request is made, but fails on a CHAP request. Now I > understand that CHAP requests are encrypted. Can you compare chap > passwords like you would do so with let say $alreadycrypt == crypt($alreadycrypt, $test)?? I have taken your comments, and spent the time to get sql working. I resited doing this in the beginning, because I didn't want to have to write a script which maintains the radius tables with username/password attributes. Now my problem is, that I have users who can dialup and authenticate adsl with the same username and password. So I've created two entires for each applicable user. But when a customer tries to authenticate adsl, they are receiving 'radgroupreply' items from the wrong group ie dial. As you can see I'm a member of both groups. mysql> select * from usergroup where UserName="jlb"; +----+----------+-----------+ | id | UserName | GroupName | +----+----------+-----------+ | 1 | jlb | dial | | 2 | jlb | adsl | +----+----------+-----------+ Now, the only thing linking the "correct" group to me is the following table. So for ADSL the Nas-Port-Type will match and thus the correct group should be set, but it isn't. The group being used is the first one from the query above. If I alternate the order in the usergroup table, adsl will work, but dial will not. radgroupcheck +----+-----------+---------------+-------+----+ | id | GroupName | Attribute | Value | op | +----+-----------+---------------+-------+----+ | 1 | adsl | Auth-Type | chap | := | | 2 | adsl | NAS-Port-Type | xDSL | == | | 3 | dial | Auth-Type | pap | := | +----+-----------+---------------+-------+----+ Have I missed something here??? Shouldnt the SQL statement be restircting the group name to the "valid" group?? Any suggestions on how this can be done? JB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
