Hello all, I've set up and configured freeradius to properly authenticate users using the MySQL database schema specified on the freeradius.org website. However, since we already have a different database set up with users' passwords that is updated by scripts when users change their passwords or their accounts are disabled etc, I would like to be able to pull their password hashes directly from that database.
This is what I've tried so far to do so, but it has not worked. I've changed in the sql.conf file the authorize_check_query to the following, but left the authorize_reply_query untouched: authorize_check_query = "SELECT id, name as UserName, 'NT-Password' as Attribute, nthashpass as Value, ':=' as op \ FROM users \ WHERE name = '%{SQL-User-Name}' \ ORDER BY id" However, when I run freeradius -X, it appears that for some reason that setting is erased. The following is the pertinent output: sql: authorize_check_query = "" sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" Then, when I try to authenticate a user, the following error is output: lm_sql (sql): sql_set_user escaped user --> ''******' radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns fail for request 0 I'm guessing the SQL query error is related to the fact that authorize_check_query is now an empty string, but I'm not sure why that's the case. Anyone have any insight? -- Quentin Smith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html