Hi,
> Well, I didn't expect this kind of reactions. I tried to give as much
> information as I had. First of all I upgraded to the newest packages of
> debian etch before I did a dist-upgrade to lenny. With the latest version of
> etch it still worked. The latest version in debian lenny is the 2.0.4 which I
> am running now. I do use the groupreply option (but no groupcheck option
> because the check has been done already in the usercheck option) so the mail
> of Alan doesn't solve the problem. The complete debug text is underneath,
> hopefully this makes it a bit more clear. Sorry for the inconvenience:
basically, when you migrate from 1.x to 2.x you need to manually update the
configuration rather
than cut'n'paste the config over - primarily to ensure correct behaviour, but
also,
the config is massively different for various new functions - you should be
using the
sites-enabled/* system and if you dont see/edit the new configs, you wont see
the
new features and capabilities.
this is very similar to apache 1.x to 2.x upgrades
> WARNING: Found User-Password == "...".
> WARNING: Are you sure you don't mean Cleartext-Password?
> WARNING: See "man rlm_pap" for more information.
> rlm_sql (sql): User found in radcheck table
change your oper and attribute
Cleartext-Password :=
instead of
User-Password ==
if you dont use groups, then change read_groups = yes to read_groups = no
(and then, as per the inline docs, If set to 'no' the user MUST have
Fall-Through = Yes in the radreply table)
another reason to look at the default config files is they ahve lots and lots
of
details/help and descriptions - all too often I see config files that have been
stripped
bare and rejigged eg
sql radius-sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "database-user"
password = "password-we-use"
radius_db = "radius-database"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
deletestalesessions = yes
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 50
connect_failure_retry_delay = 60
nas_table = "nas"
readclients = yes
$INCLUDE /opt/freeradius-3.1.4/sql/${database}/dialup.conf
}
does that help the administrator or operator? nope. i dont think so.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
