Re: plpgsql freeradius authentication function
Kafui Akyea wrote: I am sending an aaa authorize request to from a cisco tcl ivr script to freeradius. That doesn't matter. After the authentication is done i want to retrieve the Username and Password values that are sent back to the cisco gateway to the IVR script. You've already said that. I am able to retrieve the other H323 attribute value pairs with infotag get aaa_avpair command but i am unable to retrieve the Username and Password from the returned values. The default configuration works. Help will be very much appreciated. Well... my suggestion is for you to not modify things you don't understand. There's nothing magic about the queries. If you have basic SQL knowledge, it should be pretty simple to get the stored procedures to return the same data as the default queries. In any case, this is an SQL issue, and has *nothing* to do with FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
Hi I am sending an aaa authorize request to from a cisco tcl ivr script to freeradius. After the authentication is done i want to retrieve the Username and Password values that are sent back to the cisco gateway to the IVR script. I am able to retrieve the other H323 attribute value pairs with infotag get aaa_avpair command but i am unable to retrieve the Username and Password from the returned values. Help will be very much appreciated. kafui On Tue, Oct 19, 2010 at 11:04 AM, Kafui Akyea kak...@gmail.com wrote: I have not changed the order of the default queries. Because for users in radcheck table it authenticates perfectly but for users who are not thats when i need to get an Access-Reject but i dont get anything at all. On Tue, Oct 19, 2010 at 1:18 AM, Alan DeKok al...@deployingradius.comwrote: Kafui Akyea wrote: This is what the freeradius debug looks like when i try to authenticate a user who is not valid. ... rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row. rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module sql returns fail for request 3 The answer is the same as last time: ensure that your function returns the same values as the default queries. If you're going to modify the default queries, it helps to understand what they do and how they work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
I have not changed the order of the default queries. Because for users in radcheck table it authenticates perfectly but for users who are not thats when i need to get an Access-Reject but i dont get anything at all. On Tue, Oct 19, 2010 at 1:18 AM, Alan DeKok al...@deployingradius.comwrote: Kafui Akyea wrote: This is what the freeradius debug looks like when i try to authenticate a user who is not valid. ... rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row. rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module sql returns fail for request 3 The answer is the same as last time: ensure that your function returns the same values as the default queries. If you're going to modify the default queries, it helps to understand what they do and how they work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: plpgsql freeradius authentication function
In which statement do you implement this query?
Date: Sat, 16 Oct 2010 11:49:36 -0400
Subject: plpgsql freeradius authentication function
From: kak...@gmail.com
To: freeradius-users@lists.freeradius.org
Hi
I have a plpgsql function being called from freeradius to do authentication but
i keep getting
Access-Reject from radius although when i run the function without freeradius
it works fine.
Please find below the function and how i call it
CREATE OR REPLACE FUNCTION try (your_name TEXT, tiger TEXT) RETURNS RECORD AS $$
DECLARE
users_rec RECORD;
BEGIN
if tiger = '' then
SELECT INTO users_rec * FROM aniradcheck WHERE username = your_name;
else
SELECT INTO users_rec * FROM radcheck WHERE username = your_name;
end if;
RETURN users_rec.username;
END;
$$ LANGUAGE plpgsql;
SELECT id,username,attribute,op,value FROM try('714094','') as(id
integer,username varchar,attribute varchar,op character,value varchar);
Appreciate if you can help
Thanks
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
Hi
I implemented this in the freeradius postgresql.conf file
SELECT id,username,attribute,op,value FROM try('714094','') as(id
integer,username varchar,attribute varchar,op character,value varchar);
and implemented this function on the Postgres database server
CREATE OR REPLACE FUNCTION try (your_name TEXT, tiger TEXT) RETURNS RECORD
AS $$
DECLARE
users_rec RECORD;
BEGIN
if tiger = '' then
SELECT INTO users_rec * FROM aniradcheck WHERE username = your_name;
else
SELECT INTO users_rec * FROM radcheck WHERE username = your_name;
end if;
RETURN users_rec.username;
END;
$$ LANGUAGE plpgsql;
I am generally trying to authenticate with a postgres function
Thanks and your help very much appreciated.
On Mon, Oct 18, 2010 at 2:20 AM, Santiago Balaguer García
santiago...@hotmail.com wrote:
In which statement do you implement this query?
--
Date: Sat, 16 Oct 2010 11:49:36 -0400
Subject: plpgsql freeradius authentication function
From: kak...@gmail.com
To: freeradius-users@lists.freeradius.org
Hi
I have a plpgsql function being called from freeradius to do authentication
but i keep getting
Access-Reject from radius although when i run the function without
freeradius it works fine.
Please find below the function and how i call it
CREATE OR REPLACE FUNCTION try (your_name TEXT, tiger TEXT) RETURNS RECORD
AS $$
DECLARE
users_rec RECORD;
BEGIN
if tiger = '' then
SELECT INTO users_rec * FROM aniradcheck WHERE username = your_name;
else
SELECT INTO users_rec * FROM radcheck WHERE username = your_name;
end if;
RETURN users_rec.username;
END;
$$ LANGUAGE plpgsql;
SELECT id,username,attribute,op,value FROM try('714094','') as(id
integer,username varchar,attribute varchar,op character,value varchar);
Appreciate if you can help
Thanks
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
Kafui Akyea wrote: Hi I implemented this in the freeradius postgresql.conf file SELECT id,username,attribute,op,value That's the wrong order. See the default SELECT in raddb/sql/postgresql/dialup.conf. I am generally trying to authenticate with a postgres function Make sure it returns exactly the same information, in the same order, as the default queries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
Alan, Thanks a lot that worked Kafui On Mon, Oct 18, 2010 at 11:52 AM, Alan DeKok al...@deployingradius.comwrote: Kafui Akyea wrote: Hi I implemented this in the freeradius postgresql.conf file SELECT id,username,attribute,op,value That's the wrong order. See the default SELECT in raddb/sql/postgresql/dialup.conf. I am generally trying to authenticate with a postgres function Make sure it returns exactly the same information, in the same order, as the default queries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
Hi
There is one more problem i am encountering although the function works.
If i try to authenticate a user who is not valid i do not get an
Access-Reject but rather
i get
RADIUS: Retransmit to (192.168.1.12:1812,1813) for id 1645/201
RADIUS: Retransmit to (192.168.1.12:1812,1813) for id 1645/201
RADIUS: Retransmit to (192.168.1.12:1812,1813) for id 1645/201
RADIUS: No response from (192.168.1.12:1812,1813) for id 1645/201
RADIUS/DECODE: No response from radius-server; parse response; FAIL
RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse
response; FAIL
But that for a valid user works just fine
I implemented this in the freeradius postgresql.conf file
SELECT id,username,attribute,value,op FROM try('714094','') as(id
integer,username varchar,attribute varchar,value varchar,op character);
and implemented this function on the Postgres database server
CREATE OR REPLACE FUNCTION try (your_name TEXT, tiger TEXT) RETURNS RECORD
AS $$
DECLARE
users_rec RECORD;
BEGIN
if tiger = '' then
SELECT INTO users_rec * FROM aniradcheck WHERE username = your_name;
else
SELECT INTO users_rec * FROM radcheck WHERE username = your_name;
end if;
RETURN users_rec.username;
END;
$$ LANGUAGE plpgsql;
Help will be very much appreciated
On Mon, Oct 18, 2010 at 2:23 PM, Kafui Akyea kak...@gmail.com wrote:
Alan,
Thanks a lot that worked
Kafui
On Mon, Oct 18, 2010 at 11:52 AM, Alan DeKok al...@deployingradius.comwrote:
Kafui Akyea wrote:
Hi
I implemented this in the freeradius postgresql.conf file
SELECT id,username,attribute,op,value
That's the wrong order. See the default SELECT in
raddb/sql/postgresql/dialup.conf.
I am generally trying to authenticate with a postgres function
Make sure it returns exactly the same information, in the same order,
as the default queries.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
Hi, If i try to authenticate a user who is not valid i do not get an Access-Reject but rather i get RADIUS: Retransmit to ([1]192.168.1.12:1812,1813) for id 1645/201 RADIUS: Retransmit to ([2]192.168.1.12:1812,1813) for id 1645/201 RADIUS: Retransmit to ([3]192.168.1.12:1812,1813) for id 1645/201 RADIUS: No response from ([4]192.168.1.12:1812,1813) for id 1645/201 RADIUS/DECODE: No response from radius-server; parse response; FAIL RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL its falling through to sending it off to another server/process - what is 192.168.1.12 - check your proxy.conf - and look at the full debug output of 'radiusd -X' (which you seem to be trying to summarise) - it'll tell you why its doing what it does alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
This is what the freeradius debug looks like when i try to authenticate a
user who is not valid.
I dont get an Access-Reject. But for valid users the function works fine.
radius_xlat: 'SELECT id,username,attribute,value,op FROM
tryagain('7140949870','') as (id integer,username varchar,attribute
varchar,value varchar,op character)'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_postgresql: query: SELECT id,username,attribute,value,op FROM
tryagain('7140949870','') as (id integer,username varchar,attribute
varchar,value varchar,op character)
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row.
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module sql returns fail for request 3
modcall: leaving group authorize (returns fail) for request 3
Finished request 3
On Mon, Oct 18, 2010 at 5:41 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
If i try to authenticate a user who is not valid i do not get an
Access-Reject but rather
i get
RADIUS: Retransmit to ([1]192.168.1.12:1812,1813) for id 1645/201
RADIUS: Retransmit to ([2]192.168.1.12:1812,1813) for id 1645/201
RADIUS: Retransmit to ([3]192.168.1.12:1812,1813) for id 1645/201
RADIUS: No response from ([4]192.168.1.12:1812,1813) for id 1645/201
RADIUS/DECODE: No response from radius-server; parse response; FAIL
RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse
response; FAIL
its falling through to sending it off to another server/process - what
is 192.168.1.12 - check your proxy.conf - and look at the full debug output
of 'radiusd -X' (which you seem to be trying to summarise) - it'll tell
you why its doing what it does
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: plpgsql freeradius authentication function
Kafui Akyea wrote: This is what the freeradius debug looks like when i try to authenticate a user who is not valid. ... rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row. rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module sql returns fail for request 3 The answer is the same as last time: ensure that your function returns the same values as the default queries. If you're going to modify the default queries, it helps to understand what they do and how they work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
