Sam Schultz wrote:
radiusd.conf, authorize block:
Autz-Type SQL-BOGUS {
sql-bogus
}
radiusd.conf, authenticate block:
Auth-Type SQL-BOGUS {
sql-bogus
}
Both of these are incomplete.
The latter is almost certainly not valid - rlm_sql doesn't have an
"authenticate" handler, so can't sensibly run during the "authenticate"
block. You need to add config items e.g. User-Password to the request
and run a different module e.g. PAP, mschap to run the authentication.
hints:
DEFAULT Prefix == "BOGUS\", Strip-User-Name = Yes
Hint = "MIE Login",
Service-Type = Framed-User,
Autz-Type := SQL-BOGUS,
Auth-Type := SQL-BOGUS
Both wrong. Autz-Type and Auth-Type are configure items and therefore
get set on the first line of a "users" entry. Since this is a "hints"
file you've added them to the request items here (which is meaningless).
You also shouldn't set Auth-Type (and anyway are setting it to a
meaningless value, see above)
users:
DEFAULT Realm == "bogus", Autz-Type := SQL-BOGUS
This should work, but you've removed "files" from your "authorize"
section so it's not running - hence it breaks.
mysql bogus realms' radcheck table:
+----+----------+---------------+----+----------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+----------+
| 6 | user | User-Password | == | password |
| 7 | user | Auth-Type | := | Local |
+----+----------+---------------+----+----------+
Don't use "==" for User-Password. Use :=
radiusd -X -A (snippet 1, module instantiation):
rlm_sql (sql-bogus): Driver rlm_sql_mysql (module rlm_sql_mysql)
loaded and linked
rlm_sql (sql-bogus): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql-bogus): starting 0
rlm_sql (sql-bogus): Attempting to connect rlm_sql_mysql #0
rlm_sql (sql-bogus): Connected new DB handle, #0
rlm_sql (sql-bogus): starting 1
rlm_sql (sql-bogus): Attempting to connect rlm_sql_mysql #1
rlm_sql (sql-bogus): Connected new DB handle, #1
rlm_sql (sql-bogus): starting 2
rlm_sql (sql-bogus): Attempting to connect rlm_sql_mysql #2
rlm_sql (sql-bogus): Connected new DB handle, #2
rlm_sql (sql-bogus): starting 3
rlm_sql (sql-bogus): Attempting to connect rlm_sql_mysql #3
rlm_sql (sql-bogus): Connected new DB handle, #3
rlm_sql (sql-bogus): starting 4
rlm_sql (sql-bogus): Attempting to connect rlm_sql_mysql #4
rlm_sql (sql-bogus): Connected new DB handle, #4
Module: Instantiated sql (sql-bogus)
radiusd -X -A (snippet 2, module *NOT* getting used):
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: Looking up realm "bogus" for User-Name = "bogus\user"
rlm_realm: Found realm "bogus"
rlm_realm: Adding Stripped-User-Name = "user"
rlm_realm: Proxying request from user user to realm bogus
rlm_realm: Adding Realm = "bogus"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 15
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
Note, no: module "files"
...hence your entry in the "users" file is not being processed and as
discussed your entry in the "hints" file is formatted wrong.
NOTE: My module order, and the fact that radius found the "bogus"
realm means that there should be SQL auth lines appearing
immediately after the "mschap returns noop" line. They don't show
up, which means FR either wasn't seeing Autz-Type at that point, or
some other module changed it.
I disagree. I think you've broken your configuration. The details you've
posted above are clearly incomplete so I can only guess. Please post
your actual, full configs - not extracts - and your actual full debug
output - not extracts.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
