sql.conf problem

Tue, 24 Oct 2006 07:17:06 -0700

In a certain context I want to accept all incoming requests. FreeRADIUS is 1.1.3. 
I hold the accounts in MySQL.

This is, what I have stored in the database for one account:

mysql> select * from usergroup where UserName='000000000009';
+---------+--------------+--------------+---------------------+---------------------+---------+
| id | UserName | GroupName | loaddate | validto | konftyp | 
+---------+--------------+--------------+---------------------+---------------------+---------+
| 1160351 | 000000000009 | sondergeraet | 2006-10-24 09:26:59 | 2006-10-31 00:00:00 | NULL | 
+---------+--------------+--------------+---------------------+---------------------+---------+
1 row in set (0.00 sec)

mysql> select * from radcheck where UserName='000000000009';
+---------+--------------+--------------+----+----------+---------------------+
| id | UserName | Attribute | op | Value | validto | 
+---------+--------------+--------------+----+----------+---------------------+
| 1159463 | 000000000009 | Hint | += | assignvl | 2006-10-31 00:00:00 | | 2512785 | 000000000009 | Auth-Type | := | Accept | NULL | | 2512786 | 000000000009 | Idle-Timeout | = | 123 | NULL | 
+---------+--------------+--------------+----+----------+---------------------+
3 rows in set (0.00 sec)


mysql> select * from radreply where UserName='000000000009';
+----+--------------+--------------+----+-------+------------+--------------+---------+
| id | UserName | Attribute | op | Value | ra_nasname | ra_GroupName | validto | 
+----+--------------+--------------+----+-------+------------+--------------+---------+
| 6 | 000000000009 | Idle-Timeout | = | 123 | NULL | NULL | NULL | 
+----+--------------+--------------+----+-------+------------+--------------+---------+
1 row in set (0.00 sec)



authorize_check_query from sql.conf is:

   authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
         FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' and ( radcheck.Attribute !='Hint' ) \ 
         ORDER BY id"



radtest 000000000009 000b5d28f24x4 localhost 1812 testing123
Sending Access-Request of id 243 to 127.0.0.1 port 1812
       User-Name = "000000000009"
       User-Password = "000b5d28f24x4"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=243, length=20
rad_verify: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) 

Not the shared secret, the password is incorrect.
Nevertheless, I want to ignore this and assign the check-item Auth-Type:=Accept from radcheck. 

radiusd -AX shows me:
...
 modcall[authorize]: module "files" returns notfound for request 0
radius_xlat:  '000000000009'
rlm_sql (sql): sql_set_user escaped user --> '000000000009'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '000000000009' and ( radcheck.Attribute !='Hint' ) ORDER BY id' 
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.UserName = '000000000009' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' 
radius_xlat:  ''
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE ( usergroup.Username = '000000000009' AND usergroup.GroupName = radgroupreply.Value ) or (usergroup.UserName='000000000009' and (radgroupreply.GroupName in (select type from nas where nasname = '255.255.255.255') and radgroupreply.GroupName='Cisco' and radgroupreply.Attribute!='Tunnel-Private-Group-ID' ) ) ORDER BY radgroupreply.id' 
rlm_sql (sql): Released sql socket id: 3
rlm_sql:  check items
    Auth-Type := Accept
    Idle-Timeout = 123
    Hint == "assignvl"
^^^^^^^^^^^^^^ (enabled debugging in rlm_sql.c around line 850)

rlm_sql:  reply items
rlm_sql (sql): No matching entry in the database for request from user [000000000009] 
 modcall[authorize]: module "sql" returns notfound for request 0
Why do I get a 'No matching entry in the database for request from user [000000000009]', although the expanded authorize_check_query , copied from above in mysql direct gives me the following:
mysql> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '000000000009' and ( radcheck.Attribute !='Hint' ) ORDER BY id; 
+---------+--------------+--------------+--------+----+
| id      | UserName     | Attribute    | Value  | op |
+---------+--------------+--------------+--------+----+
| 2512785 | 000000000009 | Auth-Type    | Accept | := |
| 2512786 | 000000000009 | Idle-Timeout | 123    | =  |
+---------+--------------+--------------+--------+----+
2 rows in set (0.00 sec)

Thanks
Norbert Wegener
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to