SQL falls through to users file
I have some basic SQL functionality working, but I discovered that if the SQL module returns ok, FreeRadius still falls through to the users file. Is there any way to prevent this? I even tried to set Fall-Through := 0 in the SQL. That did not help. Here's a snippet from my radiusd.conf: authorize { preprocess chap suffix sql files mschap } The included sql.conf is the standard mysql.conf with just the db, host, user and password changed. Here's my sql data: mysql select * from radcheck; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | fred | User-Password | == | fred | ++--+---++---+ 1 row in set (0.00 sec) mysql select * from radreply; ++--+--++---+ | id | UserName | Attribute| op | Value | ++--+--++---+ | 2 | | Fall-Through | := | 0 | ++--+--++---+ 1 row in set (0.00 sec) mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | XX | Inside| | 2 | YY | Inside| | 3 | ZZ | Inside| | 4 | fred | Outside | ++--+---+ 4 rows in set (0.00 sec) The rest of the tables are empty. I was trying to login as fred with passwd fred. If I comment out the whole users file, it works, but I want some DEFAULT entries for special purposes and I don't see how one can put them in an SQL database and control the order that they are applied. I also tried: 1) Set Auth-Type := Accept in SQL and have this in users: DEFAULT Auth-Type != Accept, ... other stuff ... ... replies ... This will always apply my DEFAULT. 2) Set Auth-Type := Accept in SQL and have this in users: DEFAULT Auth-Type == Accept DEFAULT ... other stuff ... ... replies ... This is always accepted, even with bogus users. Any clues? Is there something I can put in the radius.conf like: authorize { preprocess chap suffix sql if (!ok) { files mschap } } -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL falls through to users file
Do you need the users file at all? If not comment out the files entry. -Rob At 01:06 PM 12/11/2003 -0500, you wrote: I have some basic SQL functionality working, but I discovered that if the SQL module returns ok, FreeRadius still falls through to the users file. Is there any way to prevent this? I even tried to set Fall-Through := 0 in the SQL. That did not help. Here's a snippet from my radiusd.conf: authorize { preprocess chap suffix sql files mschap } The included sql.conf is the standard mysql.conf with just the db, host, user and password changed. Here's my sql data: mysql select * from radcheck; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | fred | User-Password | == | fred | ++--+---++---+ 1 row in set (0.00 sec) mysql select * from radreply; ++--+--++---+ | id | UserName | Attribute| op | Value | ++--+--++---+ | 2 | | Fall-Through | := | 0 | ++--+--++---+ 1 row in set (0.00 sec) mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | XX | Inside| | 2 | YY | Inside| | 3 | ZZ | Inside| | 4 | fred | Outside | ++--+---+ 4 rows in set (0.00 sec) The rest of the tables are empty. I was trying to login as fred with passwd fred. If I comment out the whole users file, it works, but I want some DEFAULT entries for special purposes and I don't see how one can put them in an SQL database and control the order that they are applied. I also tried: 1) Set Auth-Type := Accept in SQL and have this in users: DEFAULT Auth-Type != Accept, ... other stuff ... ... replies ... This will always apply my DEFAULT. 2) Set Auth-Type := Accept in SQL and have this in users: DEFAULT Auth-Type == Accept DEFAULT ... other stuff ... ... replies ... This is always accepted, even with bogus users. Any clues? Is there something I can put in the radius.conf like: authorize { preprocess chap suffix sql if (!ok) { files mschap } } -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL falls through to users file
Rob Genovesi wrote: Do you need the users file at all? If not comment out the files entry. -Rob Yes I do. For those people not explicitly listed in the SQL, I need to do one of two Proxy-To-Realm entries, depending upon Client-IP-Address. Or is there a way to put DEFAULT entries in SQL _and_ control the order of application? At 01:06 PM 12/11/2003 -0500, you wrote: I have some basic SQL functionality working, but I discovered that if the SQL module returns ok, FreeRadius still falls through to the users file. Is there any way to prevent this? [...] -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL falls through to users file
Gary Algier [EMAIL PROTECTED] wrote: I have some basic SQL functionality working, but I discovered that if the SQL module returns ok, FreeRadius still falls through to the users file. Is there any way to prevent this? doc/configurable_failover Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html