Re: mysql authorization
If you remark out the 'Auth-Type' all together in the 'users' file, then freeradius will begin to use the 'Auth-Type' specified in MySQL. That has been my experience at least. Rick E. - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 5:33 AM Subject: Re: mysql authorization > "John E Murphy" <[EMAIL PROTECTED]> wrote: > > I am trying to use mysql to authorize users. It seems that they are > > authorized but never get through because the system looks at the /etc/passwd > > file. Attached is the -X output. > > So configure the server to use a different Auth-Type. It comes > configured to use 'Auth-Type := System', and it looks like you didn't > change that. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type with MySQL being ignored
Subject: Re: Auth-Type with MySQL being ignored > yes. It is in the archives. 90% of the docs are incorrect. The > Auth-Type should be in the radgroupcheck or radcheck not the > radgroupreply. I have entered the Auth-Type in the radgroupcheck table. I have the Groupname labeled 'Suspended' and then set the Auth-Type to reject and associated a user with that particular group. I also this morning added in the Auth-Type for a user in the radcheck table indicating the same. Each time however, the user still receives and Access-Accept. It appears as though Freeradius is ignoring any Auth-Type settings in the MySQL database and referencing only what is specified in the 'users' file (of which I have a setting of Auth-Type = Local). This was the only way I could even get users in the MySQL database to receive and Access-Accept response without actually creating a system account for each user. Is there just something I am missing? If there is a specific archive dealing with this, I will go back through and re-read it. Thank you for any additional assistance. > > I am currently running FreeRadius version 0.8.1 with MySQL for the > > AAA. I have > > ran into an issue where the MySQL ignores the Auth-Type and based on > > the 'users' > > file, sets the Auth-Type to 'Local' (which I manually changed from > > 'System' due to no > > users being authenticated against MySQL. Because of this, when I > > specify an Auth-Type > > of 'Reject' for a specific group, any users that are currently > > associated with that group > > still get an 'Access-Accept' response. If I change the 'users' file > > back to 'System', then > > again, no users that are listed in MySQL database are authenticated. > > > > Has anybody else ran into this issue and if so, what did you do to > > fix it? I can change the > > password for the user I want to deny authentication to (i.e.: putting > > an ! at the end of their > > password) however I would prefer to keep them separated into their own > > group for reference > > and follow-up purposes. > > > > Thank you for any input and guidance. > > Rick Evans - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type with MySQL being ignored
Hello, I am currently running FreeRadius version 0.8.1 with MySQL for the AAA. I have ran into an issue where the MySQL ignores the Auth-Type and based on the 'users' file, sets the Auth-Type to 'Local' (which I manually changed from 'System' due to no users being authenticated against MySQL. Because of this, when I specify an Auth-Type of 'Reject' for a specific group, any users that are currently associated with that group still get an 'Access-Accept' response. If I change the 'users' file back to 'System', then again, no users that are listed in MySQL database are authenticated. Has anybody else ran into this issue and if so, what did you do to fix it? I can change the password for the user I want to deny authentication to (i.e.: putting an ! at the end of their password) however I would prefer to keep them separated into their own group for reference and follow-up purposes. Thank you for any input and guidance. Rick Evans
Authentication against MySQL
Hello, I am new to using Freeradius as well as to the list so I apologize for any ignorant statements. I am using Freeradius + MySQL and up until a few minutes ago, I could get a user 'test' to authenticate against the Radius server as long as the user was entered into the system, however not if the user was in the Radius database (MySQL). I was getting the same errors about "DEFAULT Auth-Type := System" and it would reject the username/password combination. I have setup in the radgroupreply table, a field entry setting the Auth-Type to Local. I also setup in the radgroupcheck table the same type of entry based on a previous read message. I would still get the same errors when running the Radius server in its 'debbuging' mode. I just recently modified the 'users' file and changed the Default Auth-Type to 'Local' instead of 'System' and it started working. Is this the correct location to specify this attribute or is there a cleaner way of setting it? Thank you for all of your help and suggestions. Rick Evans