Mark,
We have it working, here is our hints file
DEFAULT Suffix = @domain.com, Strip-User-Name = Yes
Realm = @domain.com
DEFAULT Prefix = ppp#, Strip-User-Name = Yes
For the suffix we also have this in the proxy.conf
realm domain.com {
type= radius
authhost= LOCAL
accthost= LOCAL
secret = testing123
nostrip
}
Also in sql.conf Line 112 look for User-Name we had to change this to
SQL-User-Name.
Our radius.conf looks like this:
authorize {
preprocess
suffix
files
}
authenticate {
unix
}
preacct {
preprocess
suffix
files
}
accounting {
detail
unix
radutmp
}
session {
sql
}
I hope this helps.
- Ryan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mark
Hennessy
Sent: Wednesday, August 21, 2002 9:10 AM
To: [EMAIL PROTECTED]
Subject: Re: hints file somehow not processed against users in sql
database?
I fixed this.
I did the following:
in sql.conf:
I uncommented:
sql_user_name = %{Stripped-User-Name:-%{User-Name:-none}}
and commented out:
sql_user_name = %{User-Name}
causing Stripped-User-Name to be checked as well against the sql
database.
In radiusd.conf:
I added
suffix
in the preprocess section right before the hints file is specified so
that
a hinted username can be properly stripped if it is also realmed.
username.ppp@domain wouldn't work before.
--
Mark P. Hennessy
[EMAIL PROTECTED]
On Wed, 21 Aug 2002, Mark Hennessy wrote:
Date: Wed, 21 Aug 2002 10:20:39 -0400 (EDT)
From: Mark Hennessy [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: hints file somehow not processed against users in sql
database?
For some reason, the hints file doesn't seem to get honored when a
user
with an entry the sql database is trying to authenticate on my system.
Here's my hints file:
DEFAULT Suffix = .ppp, Strip-User-Name = Yes
Hint = PPP,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Fall-Through = Yes
DEFAULT Suffix = .roaming, Strip-User-Name = Yes
Hint = PPP,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Fall-Through = Yes
It doesn't seem to be authenticating properly if the realm is
specified
either, even though the realm is specified in the realms file.
huntgroups is being honored, so it would appear that preprocess is
being used.
This is debug output from an attempt with the realm name, the debug
output
from an attempt with .ppp suffix is the next one below this.
rad_recv: Access-Request packet from host 192.168.1.20:2465, id=96,
length=82
User-Name = [EMAIL PROTECTED]
User-Password = snipped
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-IP-Address = 192.168.1.20
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
rlm_realm: Looking up realm cloud9.net for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm cloud9.net
rlm_realm: Adding Stripped-User-Name = foo
rlm_realm: Proxying request from user foo to realm cloud9.net
rlm_realm: Adding Realm = cloud9.net
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module suffix returns noop
radius_xlat: '[EMAIL PROTECTED]'
sql_set_user: escaped user -- '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
rlm_sql: User [EMAIL PROTECTED] not found
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username =
'[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName
ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username =
'[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName
ORDER BY radgroupreply.id'
sql_set_user: escaped user -- 'DEFAULT'
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'DEFAULT' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'DEFAULT' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql: DEFAULT not found
rlm_sql: Released sql socket id: 4
modcall[authorize]: module sql returns