Re: Problems with freeradius set up

Wed, 25 Oct 2006 12:32:47 -0700

Thanks Stefan that worked!

Now I have one more problem.  We give our user a time limit on how much time they can be online for and that seems to be a sticking point.  I didn't get an error when I was testing because I had unlimited time and did not have that field in the database, but when I turned it loose for our customers nobody could connect.  Do I need to add something to the select statement in the sql.conf file?

Thanks again

Mike

The error from radiusd -X is:

radius_xlat:  'jwardlaw'
rlm_sql (sql): sql_set_user escaped user --> 'jwardlaw'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jwardlaw' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql: Failed to create the pair: Unknown attribute "Total-Time-Limit"
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns fail for

and the result when I put that SELECT statement in mysql is:

mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jwardlaw' ORDER BY id
    -> ;
+------+----------+------------------+-----------+----+
| id   | UserName | Attribute        | Value     | op |
+------+----------+------------------+-----------+----+
| 1042 | jwardlaw | Password              | XXXX       | := |
| 1043 | jwardlaw | Simultaneous-Use  | 1                | := |
| 1044 | jwardlaw | Total-Time-Limit    | 2520000   | := |
+------+----------+------------------+-----------+----+
3 rows in set (0.00 sec)








Stefan Winter wrote: 
+------+----------+------------------+--------+----+

| 1118 | mpearson | Password             | XXXX| == |
| 1119 | mpearson | Simultaneous-Use | 1         | == |

+------+----------+------------------+--------+----+
2 rows in set (0.29 sec)
    

You want to force the user to only have one login session. Then you have to 
*set* Simultaneous-Use, by using the operator :=. The way it's in the db 
right now would only match the user if the incoming packet already contained 
an attribute Simultaneus-Use and if this attribute's value was 1 (because == 
is a check item, i.e. it compares things in the packet, it doesn't set 
anything).

So, change the operator (BTW: for both entries, IIRC, Password or 
User-Password should be _set_ with :=). That should work much better. 

  
Also I went down through the debug of radisud and put in the select
statments from I didn't get any results from:
    

That's okay, it's no problem if they are entry. They could cause trouble if 
they were non-empty and filled with rubbish, that's why I wanted you to check 
them too.

Greetings,

Stefan

  

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to