Some weeks ago I was asking for this, but didn't receive an answer.
Subject is MySQL Authentication based on a Calling-Station-ID. The problem is, that the cisco Switch doesn't send a user-name&user-password in his access-request, and mysql doesn't like!
-->
Error: rlm_sql
> (sql): zero length username not permitted"
I tried to comment out this part in the sql-module source-code, and recompile freeradius. To my surprise, this actually DOES work.
-->
rad_recv: Access-Request packet from host 127.0.0.1:1046, id=134, length=52
User-Name = ""
User-Password = "michael"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: 'michael'
rlm_sql (sql): sql_set_user escaped user --> 'michael'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck ? WHERE Username = 'michael' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'michael' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'michael' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'michael' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 134 to 127.0.0.1:1046
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 134 with timestamp 43bc1274
Nothing to do. Sleeping until we see a request.
Sql.conf was told, to check for the password, not username. It works!
So, my question is, like in the subject, mainly directed to alan, or some other developper of the sql-module.
WHY was it done like that, i.e. that you HAVE to use a username in sql?
Thanks for your help, I really appreciate it!
Bye.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
