'-*' operator
Is there any interest in a -* operator that always matches and deletes all attributes from the reply list of the LHS name? It looks to me that -= is designed to only delete LHS attributes if they match the RHS (with the exception if the LHS is ), and that := replaces the attribute named in LHS and = just adds if the LHS is not already in the reply list. What was not clear to me from src/main/valuepair.c pairxlatmove() was that it seems that -= will delete ALL LHS named attributes from the reply list if the RHS from the current loop matches. If I am on track here shouldnt this be done like this: remove the special 'NULL' clause of -=? -= loops through the found list to find the matching RHS, seperates that out, sets -next to NULL and sends it to pairdelete -* Replaces NULL clause of -= and deletes all LHS named attrs from the reply list. (functions most like current -= with NULL RHS) -= is not documented in the users.5 as shipped with the server. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
bang star !* operator fixed?
Hello all,
I seem to recall that the !* operator was known to not be working. Not
that I know much about the code, but this patch seems to activate the
operator.
Joe
--- freeradius-0.9.0/src/main/valuepair.c Thu Apr 10 14:09:03 2003
+++ freeradius-0.9.0-jm/src/main/valuepair.cWed Sep 3 21:36:31 2003
@@ -276,8 +276,14 @@
* Not found, it's not a match.
*/
if (auth_item == NULL) {
- return -1;
+ if(check_item-operator == T_OP_CMP_FALSE)
+ return(0);
+ else
+ return -1;
}
+
+ if(check_item-operator == T_OP_CMP_FALSE)
+ return(-1);
/*
* We've got to xlat the string before doing
Re: Operator =* in users File....
Hi Allen, Did you get any response for this ? If so, could you please share the information ? Thanks, --- Allen Chung [EMAIL PROTECTED] wrote: Hello: Thanks for your advise. I have another question. How to support both Auth-Type EAP-MD5 and Auth-Type Local for a user if the user's data is stored in LDAP server (not in users file) ? - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 28, 2003 9:53 PM Subject: Re: Operator =* in users File ac [EMAIL PROTECTED] wrote: I've tried many ways to configure the file users to support both Auth-Type EAP-MD5 and Auth-Type Local for a user. You don't have to do anything to the server. Just configure the password for the user, and it will figure it out. DEFAULT Message-Authenticator =* , Auth-Type := EAP No. NEVER set 'Auth-Type := EAP' It's ALWAYS unnecessary. I'm going to add large, loud complaints in debugging mode about this. Is there any other way to get the same result on version 0.8.x ? Use version 0.9.1. All older versions are no longer officially supported. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Operator =* in users File....
Hello~ My friend tried this last week, and it was still failed. I don't what users' data are stored in his LDAP Server, so I'm not sure what the problem is... - Original Message - From: Jack J [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 7:14 AM Subject: Re: Operator =* in users File Hi Allen, Did you get any response for this ? If so, could you please share the information ? Thanks, --- Allen Chung [EMAIL PROTECTED] wrote: Hello: Thanks for your advise. I have another question. How to support both Auth-Type EAP-MD5 and Auth-Type Local for a user if the user's data is stored in LDAP server (not in users file) ? - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 28, 2003 9:53 PM Subject: Re: Operator =* in users File ac [EMAIL PROTECTED] wrote: I've tried many ways to configure the file users to support both Auth-Type EAP-MD5 and Auth-Type Local for a user. You don't have to do anything to the server. Just configure the password for the user, and it will figure it out. DEFAULT Message-Authenticator =* , Auth-Type := EAP No. NEVER set 'Auth-Type := EAP' It's ALWAYS unnecessary. I'm going to add large, loud complaints in debugging mode about this. Is there any other way to get the same result on version 0.8.x ? Use version 0.9.1. All older versions are no longer officially supported. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Operator =* in users File....
Allen Chung [EMAIL PROTECTED] wrote: How to support both Auth-Type EAP-MD5 and Auth-Type Local for a user if the user's data is stored in LDAP server (not in users file) ? Very easily. Just put their clear-text password into LDAP, and it will work. The server is designed to work properly, with as little changes as possible to the configuration files. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Operator =* in users File....
Hello: Thanks for your advise. I have another question. How to support both Auth-Type EAP-MD5 and Auth-Type Local for a user if the user's data is stored in LDAP server (not in users file) ? - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 28, 2003 9:53 PM Subject: Re: Operator =* in users File ac [EMAIL PROTECTED] wrote: I've tried many ways to configure the file users to support both Auth-Type EAP-MD5 and Auth-Type Local for a user. You don't have to do anything to the server. Just configure the password for the user, and it will figure it out. DEFAULT Message-Authenticator =* , Auth-Type := EAP No. NEVER set 'Auth-Type := EAP' It's ALWAYS unnecessary. I'm going to add large, loud complaints in debugging mode about this. Is there any other way to get the same result on version 0.8.x ? Use version 0.9.1. All older versions are no longer officially supported. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Operator =* in users File....
ac [EMAIL PROTECTED] wrote: I've tried many ways to configure the file users to support both Auth-Type EAP-MD5 and Auth-Type Local for a user. You don't have to do anything to the server. Just configure the password for the user, and it will figure it out. DEFAULT Message-Authenticator =* , Auth-Type := EAP No. NEVER set 'Auth-Type := EAP' It's ALWAYS unnecessary. I'm going to add large, loud complaints in debugging mode about this. Is there any other way to get the same result on version 0.8.x ? Use version 0.9.1. All older versions are no longer officially supported. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Operator =* in users File....
Hello All~ I've tried many ways to configure the file users to support both Auth-Type EAP-MD5 and Auth-Type Local for a user. for example : test Auth-Type:=EAP, User-Password==1234 The user test can just login from a NAS using EAPoRadius, but a NAS using CHAP. Finally, the configuration is work. -- DEFAULT Auth-Type := Local Fall-Through = Yes DEFAULT Message-Authenticator =* , Auth-Type := EAP Fall-Through = Yes tester User-Password == 1234 - The user tester can login successfully from a NAS whose Auth-Type is either EAP or CHAP. But it seems to work on freeradius-0.9.0 or latter. I've tried it on freeradius-0.8.x, and it's failed. (The user tester can just login from a NAS whose Auth-Type is CHAP) Is there any other way to get the same result on version 0.8.x ? Thanks a lot ~ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Repost: Re: !* operator not working? Bug?
Alan DeKok wrote: Craig [EMAIL PROTECTED] wrote: I have tried to do the following to reject people who don't provide their caller ID. ... It's a bug. I've looked at the code, and it appears that there are situations where !* and =* don't work. This may be fixed before 0.9, and it SHOULD be fixed before 1.0. Alan DeKok. I have something similar which is not working either DEFAULT Hint !* , Auth-Type := Reject Fall-Through = No And this does not match. So has their been any change on this? Where can I find this code anyways? Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: !* operator not working? Bug?
I have something similar which is not working either DEFAULT Hint !* , Auth-Type := Reject Fall-Through = No And this does not match. So has their been any change on this? Where can I find this code anyways? Joe Alan DeKok wrote: Craig [EMAIL PROTECTED] wrote: I have tried to do the following to reject people who don't provide their caller ID. ... It's a bug. I've looked at the code, and it appears that there are situations where !* and =* don't work. This may be fixed before 0.9, and it SHOULD be fixed before 1.0. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: !* operator not working? Bug?
Now I know I am no 1334 coder and have very little radius clue.
This patch (below) let this line work
DEFAULT Hint !* , Auth-Type := Reject
Fall-Through = No
It rejected users who did not have their hint set to something and did
not hamper users who did.
I of course have only tested this in my (live! hows that for adrenalin?)
environment.
So what did I break?
--- freeradius-0.9.0/src/main/valuepair.c Thu Apr 10 14:09:03 2003
+++ freeradius-0.9.0-jm/src/main/valuepair.cWed Sep 3 21:36:31 2003
@@ -276,8 +276,14 @@
* Not found, it's not a match.
*/
if (auth_item == NULL) {
- return -1;
+ if(check_item-operator == T_OP_CMP_FALSE)
+ return(0);
+ else
+ return -1;
}
+
+ if(check_item-operator == T_OP_CMP_FALSE)
+ return(-1);
/*
* We've got to xlat the string before doing
Alan DeKok wrote:
Craig [EMAIL PROTECTED] wrote:
I have tried to do the following to reject people who don't provide their
caller ID.
...
It's a bug. I've looked at the code, and it appears that there are
situations where !* and =* don't work.
This may be fixed before 0.9, and it SHOULD be fixed before 1.0.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: !* operator not working? Bug?
reposted in new thread
Now I know I am no 1334 coder and have very little radius clue.
This patch (below) let this line work
DEFAULT Hint !* , Auth-Type := Reject
Fall-Through = No
It rejected users who did not have their hint set to something and did
not hamper users who did.
I of course have only tested this in my (live! hows that for adrenalin?)
environment.
So what did I break?
--- freeradius-0.9.0/src/main/valuepair.c Thu Apr 10 14:09:03 2003
+++ freeradius-0.9.0-jm/src/main/valuepair.cWed Sep 3 21:36:31 2003
@@ -276,8 +276,14 @@
* Not found, it's not a match.
*/
if (auth_item == NULL) {
- return -1;
+ if(check_item-operator == T_OP_CMP_FALSE)
+ return(0);
+ else
+ return -1;
}
+
+ if(check_item-operator == T_OP_CMP_FALSE)
+ return(-1);
/*
* We've got to xlat the string before doing
Alan DeKok wrote:
Craig [EMAIL PROTECTED] wrote:
I have tried to do the following to reject people who don't provide
their
caller ID.
...
It's a bug. I've looked at the code, and it appears that there are
situations where !* and =* don't work.
This may be fixed before 0.9, and it SHOULD be fixed before 1.0.
Alan DeKok.
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Questions about the += users file operator...
[EMAIL PROTECTED] wrote: I'm trying to understand the semantics of the += users file operator. It's not so much about '+=', as the users file doesn't allow you to do what you want to do lerxst Crypt-Password == KSi8a3j4oasdi, ES-Default-ID += V90LocalUser ... DEFAULT ES-Default-ID == V90LocalUser That won't work. As the 'man' page says, '+=' adds *configuration* items, and '==' checks for items in the request. When I test with a users file like this, FreeRADIUS returns the reply items from the user-specific entry, but it does not trigger the DEFAULT entry. If I add ES-Default-ID = V90LocalUser to the original request, the DEFAULT entry triggers. Exactly. Am I using the += operator incorrectly? The users(5) man page states that the += operator ... adds the current attribute with value to the list of configuration items. Other documents -- notably aaa.txt -- reference the fact that radiusd builds separate lists for check items and configure items. Is += adding the ES-Default-ID attribute to a list which the DEFAULT entry cannot check? Yes. If += cannot be used this way, can anyone recommend a way of accomplishing the same behavior? I have users with many different classes of service and I want to create a DEFAULT entry for each class which the user-specific entry references when authenticating. Use the 'hints' file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Questions about the += users file operator...
Hi,
I'm trying to understand the semantics of the += users file operator.
I'd like to use it to select a particular DEFAULT entry based on a
locally-defined dictionary attribute, as follows...
#
# V.90 dial-up user
#
# ES-Default-ID and V90LocalUser are defined in a local dictionary
#
lerxst Crypt-Password == KSi8a3j4oasdi, ES-Default-ID += V90LocalUser
Filter-Id = 7,
Fall-Through= yes
#
# Default entry for V.90 dial-up users
#
DEFAULT ES-Default-ID == V90LocalUser
Framed-IP-Address = 0.0.0.0,
Framed-IP-Netmask = 255.255.255.255,
Framed-Protocol = PPP
When I test with a users file like this, FreeRADIUS returns the reply
items from the user-specific entry, but it does not trigger the
DEFAULT entry. If I add ES-Default-ID = V90LocalUser to the original
request, the DEFAULT entry triggers.
Am I using the += operator incorrectly? The users(5) man page states
that the += operator ... adds the current attribute with value to the
list of configuration items. Other documents -- notably aaa.txt --
reference the fact that radiusd builds separate lists for check items
and configure items. Is += adding the ES-Default-ID attribute to a
list which the DEFAULT entry cannot check?
If += cannot be used this way, can anyone recommend a way of
accomplishing the same behavior? I have users with many different
classes of service and I want to create a DEFAULT entry for each class
which the user-specific entry references when authenticating.
I'm running FreeRADIUS 0.8.1 and using a vanilla users file (i.e., no
SQL or LDAP database). I've included below (1) my radiusd.conf (with
comments and whitespace removed for brevity), (2) my local dictionary
file, and (3) a transcript of running radiusd with -X.
Thanks!
Ken Maupin
EasyStreet Online Services
radiusd.conf
prefix = /usr/local/freeradius-0.8.1
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/radius
raddbdir= /usr/local/etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file= ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time= 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests= 1024
bind_address= *
port= 0
hostname_lookups= no
allow_core_dumps= no
regular_expressions = yes
extended_expressions= yes
log_stripped_names = no
log_auth= no
log_auth_badpass= no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user= no
nospace_pass= no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
$INCLUDE${confdir}/clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
files {
usersfile = ${confdir}/users
compat = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
}
instantiate {
}
authorize {
preprocess
files
}
authenticate {
}
preacct {
preprocess
files
}
accounting {
}
session {
}
post-auth {
}
Local dictionary
VENDOREasyStreet 2724
ATTRIBUTE ES-Default-ID 1 integer EasyStreet
VALUE ES-Default-ID V90LocalUser1
Operator to match if attribute does not exist or is not value?
According to man 5 users there is no operator that will match as a check item if the attribute plain does not exist in the radius request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Operator question + freeradius 0.8
Hi to all! I need to reject any access where there aren't information about NAS port number. By mean of users.conf i've implemented the next rule: DEFAULT NAS-Port !* 0, Auth-Type := Reject Fall-Through = No I've made few test with RadPing but it seem doesn't work at all. In debug mode I don't see nothing about that match, i see other match (like system) but nothing about that. Thanks in advanced. - Ing. Alessandro Maioli Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 - Rovereta - Rep. di San Marino email: [EMAIL PROTECTED] Tel. +378 0549 886111 or +378 886111 Fax +378 0549 908654 or +378 908654 - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid operator for item Password (freeradius 0.7.1)
Hi, I am new mamber in this discussion. I have used freeradius 0.7.1. I've got such warning from rlm_sql: Error: Invalid operator for item Password: reverting to '==' What must I do? Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Invalid operator for item Password (freeradius 0.7.1)
In radcheck table in OP column you should put equal sign i.e. == MM -Original Message- From: Svetlana Vyslanko [mailto:admin;pop.riak.lg.ua] Sent: Friday, October 25, 2002 3:26 PM To: [EMAIL PROTECTED] Subject: Invalid operator for item Password (freeradius 0.7.1) Hi, I am new mamber in this discussion. I have used freeradius 0.7.1. I've got such warning from rlm_sql: Error: Invalid operator for item Password: reverting to '==' What must I do? Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Invalid operator for item Password (freeradius 0.7.1)
Svetlana Vyslanko [EMAIL PROTECTED] wrote: I am new mamber in this discussion. I have used freeradius 0.7.1. I've got such warning from rlm_sql: Error: Invalid operator for item Password: reverting to '==' Look at the operator your using for the Password attribute? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Invalid operator for item NAS-Port-Type: 11 reverting to'=='
On Mon, 9 Sep 2002, Allister Maguire wrote:
Hello,
I am using FreeRadius v0.7 with rlm_ldap and get this error for all
check items: Mon Sep 9 10:16:53 2002 : Error: Invalid operator for
item NAS-Port-Type: 11 reverting to '=='.
I have looked through the code and found what I think is the cause:
static VALUE_PAIR *
ldap_pairget(LDAP * ld, LDAPMessage * entry,
TLDAP_RADIUS * item_map, VALUE_PAIR **pairs)
{
} else {
/* this is a one-to-one-mapped attribute */
token = gettoken(ptr, value, sizeof(value));
if (token T_EQSTART || token T_EQEND) {
token = T_OP_EQ;
} else {
gettoken(ptr, value, sizeof(value));
}
}
After reading the man on users it says:
Attribute = Value
Not allowed as a check item.
As a reply item, it means add the item to the reply list, but only if
there is no other item of the same attribute.
This means line token = T_OP_EQ; should be for checkItems token =
T_OP_CMP_EQ;, == (as a default). But because ldap_pairget() is used
for replyItems also, therefore it will need to token = T_OP_EQ; for
replyItems.
Now then what would be the best way to solve it, I thought a simple way
might be to pass what type of pairs they are to ldap_pairget(), check or
reply and put a if statement around token = T_OP_EQ; eg:
if (strcasecmp(itemType, checkItem) == 0) {
token = T_OP_CMD_EQ;
}
Else {
token = T_OP_EQ;
}
OK, I 've changed the code a little based on your idea. If we add check items
then we use the '==' operator.
It works correctly as it is, but the log has these error for every auth
attempt. My guess is that the comparing of attributes would be done by
the same piece of code for all modules, there is documented conventions
for operator type, should the rlm_ldap module follow those conventions
as well?
Also because there are other operators that could also be used, maybe a
better option in the future might be specifying the operator in
ldap.attrmap for each item?
You can add an operator in the attribute ldap value. Something like
radiusAuthType: := Local
should work (although I haven't tested it). I think that the defaults are quite
fine.
Regards
Allister Maguire
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: Invalid operator for item NAS-Port-Type: 11 reverting to '=='
Hello,
I am using FreeRadius v0.7 with rlm_ldap and get this error for all
check items: Mon Sep 9 10:16:53 2002 : Error: Invalid operator for
item NAS-Port-Type: 11 reverting to '=='.
I have looked through the code and found what I think is the cause:
static VALUE_PAIR *
ldap_pairget(LDAP * ld, LDAPMessage * entry,
TLDAP_RADIUS * item_map, VALUE_PAIR **pairs)
{
} else {
/* this is a one-to-one-mapped attribute */
token = gettoken(ptr, value, sizeof(value));
if (token T_EQSTART || token T_EQEND) {
token = T_OP_EQ;
} else {
gettoken(ptr, value, sizeof(value));
}
}
After reading the man on users it says:
Attribute = Value
Not allowed as a check item.
As a reply item, it means add the item to the reply list, but only if
there is no other item of the same attribute.
This means line token = T_OP_EQ; should be for checkItems token =
T_OP_CMP_EQ;, == (as a default). But because ldap_pairget() is used
for replyItems also, therefore it will need to token = T_OP_EQ; for
replyItems.
Now then what would be the best way to solve it, I thought a simple way
might be to pass what type of pairs they are to ldap_pairget(), check or
reply and put a if statement around token = T_OP_EQ; eg:
if (strcasecmp(itemType, checkItem) == 0) {
token = T_OP_CMD_EQ;
}
Else {
token = T_OP_EQ;
}
It works correctly as it is, but the log has these error for every auth
attempt. My guess is that the comparing of attributes would be done by
the same piece of code for all modules, there is documented conventions
for operator type, should the rlm_ldap module follow those conventions
as well?
Also because there are other operators that could also be used, maybe a
better option in the future might be specifying the operator in
ldap.attrmap for each item?
Regards
Allister Maguire
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid operator
Wed Mar 6 18:23:21 2002 : Error: Invalid operator for item Service-Type: reverting to '==' Wed Mar 6 18:23:21 2002 : Error: Invalid operator for item Framed-Protocol: reverting to '==' Wed Mar 6 18:23:24 2002 : Info: Sending duplicate authentication reply to client 127.0.0.1:1027 - ID: 143 Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
new error message - Invalid operator ........
This one shows up a few times daily, just wondering if its user error on a password, or something I should be looking closer at. Error: Invalid operator for item Password: reverting to '==' Thanks Tim . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postrgresql and operator field
xiashao7 [EMAIL PROTECTED] wrote: Is any support of operator fileds for postgres? Yes, once you update the schema and the database. I downloaded and compiled freeradius snapshot, but it seems that db schema was changed only for mysql. Is any way to use operator fields with postgres? Has anyone tested it? Yes, and no. I also need Simultaneous-Use attribute but i still can not figure out does it really work with sql or work AT ALL :) I currently run freeradius 0.3 with authetification/authorization via postgresql. I can't help you there, sorry. I don't use SQL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postrgresql and operator field
Would you try xtradius+pstgresql+quick-r ? It also has a web interface for User and Administrator. http://www.q-linux.com/software/quick-r/ Isanysupportofoperatorfiledsforpostgres? Idownloadedandcompiledfreeradiussnapshot,butitseemsthatdbschema waschangedonlyformysql.Isanywaytouseoperatorfieldswith postgres?Hasanyonetestedit? IalsoneedSimultaneous-Useattributebutistillcannotfigureout doesitreallyworkwithsqlorworkATALL:)Icurrentlyrunfreeradius 0.3withauthetification/authorizationviapostgresql. Anyhelpwillbeappreciated. -- cron-ripe - Listinfo/subscribe/unsubscribe?Seehttp://www.freeradius.org/list/users.html
postrgresql and operator field
Is any support of operator fileds for postgres? I downloaded and compiled freeradius snapshot, but it seems that db schema was changed only for mysql. Is any way to use operator fields with postgres? Has anyone tested it? I also need Simultaneous-Use attribute but i still can not figure out does it really work with sql or work AT ALL :) I currently run freeradius 0.3 with authetification/authorization via postgresql. Any help will be appreciated. -- cron-ripe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anyone has patch about sql.c or rlm_sql.c to support operator?
Hi,all, I saw someone posted a patch about sql.c or rlm_sql.c to support operator processing for sql module before, but now I searched all the maillist archive and cannot find it, I use SQL to authorize and authenticate , but the sql module in 0.4 does not support operator processing,so I need it. Anyone has it? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
Hi, Look in src/modules/rlm_sql/sql.c function: sql_userparse it is the mode/row[4]. The schema update is in the latest CVS. bash On Wed, 9 Jan 2002, Steve Sobol wrote: OK, this is getting aggravating. I built the 1/9 nightly snapshot off the ftp site (id's itself as FR 0.5) and... nothing. Searched through the source for rlm_sql and rlm_sql_mysql for any mention of the word operator - not found. Same with the latest source off CVS. I hope this is just a result of me being stupid. (It's happened before. :) Maybe I missed something. Does someone have a tarball with working operator code? Please? :) -- JustThe.net LLC - Steve Web Dude Sobol, CTO ICQ: 56972932/WebDude216 website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
At 11:17 PM 1/9/2002 -0500, Steve Sobol wrote: OK, this is getting aggravating. I built the 1/9 nightly snapshot off the ftp site (id's itself as FR 0.5) and... nothing. Searched through the source for rlm_sql and rlm_sql_mysql for any mention of the word operator - not found. Same with the latest source off CVS. It's not the code the changed, but the table schema: src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql Note that the *check tables have added 'op char(2)' to the table definition. You'll need to update you tables to add this column, and then set that to ':='. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
At 08:52 AM 1/10/02 -0600, you wrote: It's not the code the changed, but the table schema: OK. Well, I did find the new schema, and created a new database using that schema. I pointed sql.conf at the new database and got the same results I'd been getting. Note that the *check tables have added 'op char(2)' to the table definition. You'll need to update you tables to add this column, and then set that to ':='. Noted, and yes, I did set the op column to := for the records containing the Auth-Type attribute. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
At 10:01 AM 1/10/2002 -0500, Steve Sobol wrote: At 08:52 AM 1/10/02 -0600, you wrote: It's not the code the changed, but the table schema: OK. Well, I did find the new schema, and created a new database using that schema. I pointed sql.conf at the new database and got the same results I'd been getting. Also, the queries in sql conf are updated as well as the table schema. You'll need to make sure the queries are retrieving the 'op' value in the auth query. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_mysql operator patch
OK, this is getting aggravating. I built the 1/9 nightly snapshot off the ftp site (id's itself as FR 0.5) and... nothing. Searched through the source for rlm_sql and rlm_sql_mysql for any mention of the word operator - not found. Same with the latest source off CVS. I hope this is just a result of me being stupid. (It's happened before. :) Maybe I missed something. Does someone have a tarball with working operator code? Please? :) -- JustThe.net LLC - Steve Web Dude Sobol, CTO ICQ: 56972932/WebDude216 website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
