SQL falls through to users file
I have some basic SQL functionality working, but I discovered that if
the SQL module returns ok, FreeRadius still falls through to the
users file. Is there any way to prevent this?
I even tried to set Fall-Through := 0 in the SQL. That did not
help.
Here's a snippet from my radiusd.conf:
authorize {
preprocess
chap
suffix
sql
files
mschap
}
The included sql.conf is the standard mysql.conf with just the db, host,
user and password changed.
Here's my sql data:
mysql select * from radcheck;
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | fred | User-Password | == | fred |
++--+---++---+
1 row in set (0.00 sec)
mysql select * from radreply;
++--+--++---+
| id | UserName | Attribute| op | Value |
++--+--++---+
| 2 | | Fall-Through | := | 0 |
++--+--++---+
1 row in set (0.00 sec)
mysql select * from usergroup;
++--+---+
| id | UserName | GroupName |
++--+---+
| 1 | XX | Inside|
| 2 | YY | Inside|
| 3 | ZZ | Inside|
| 4 | fred | Outside |
++--+---+
4 rows in set (0.00 sec)
The rest of the tables are empty.
I was trying to login as fred with passwd fred. If I comment out
the whole users file, it works, but I want some DEFAULT entries for
special purposes and I don't see how one can put them in an SQL database
and control the order that they are applied.
I also tried:
1) Set Auth-Type := Accept in SQL and have this in users:
DEFAULT Auth-Type != Accept, ... other stuff ...
... replies ...
This will always apply my DEFAULT.
2) Set Auth-Type := Accept in SQL and have this in users:
DEFAULT Auth-Type == Accept
DEFAULT ... other stuff ...
... replies ...
This is always accepted, even with bogus users.
Any clues?
Is there something I can put in the radius.conf like:
authorize {
preprocess
chap
suffix
sql
if (!ok) {
files
mschap
}
}
--
Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL falls through to users file
Do you need the users file at all?
If not comment out the files entry.
-Rob
At 01:06 PM 12/11/2003 -0500, you wrote:
I have some basic SQL functionality working, but I discovered that if
the SQL module returns ok, FreeRadius still falls through to the
users file. Is there any way to prevent this?
I even tried to set Fall-Through := 0 in the SQL. That did not
help.
Here's a snippet from my radiusd.conf:
authorize {
preprocess
chap
suffix
sql
files
mschap
}
The included sql.conf is the standard mysql.conf with just the db, host,
user and password changed.
Here's my sql data:
mysql select * from radcheck;
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | fred | User-Password | == | fred |
++--+---++---+
1 row in set (0.00 sec)
mysql select * from radreply;
++--+--++---+
| id | UserName | Attribute| op | Value |
++--+--++---+
| 2 | | Fall-Through | := | 0 |
++--+--++---+
1 row in set (0.00 sec)
mysql select * from usergroup;
++--+---+
| id | UserName | GroupName |
++--+---+
| 1 | XX | Inside|
| 2 | YY | Inside|
| 3 | ZZ | Inside|
| 4 | fred | Outside |
++--+---+
4 rows in set (0.00 sec)
The rest of the tables are empty.
I was trying to login as fred with passwd fred. If I comment out
the whole users file, it works, but I want some DEFAULT entries for
special purposes and I don't see how one can put them in an SQL database
and control the order that they are applied.
I also tried:
1) Set Auth-Type := Accept in SQL and have this in users:
DEFAULT Auth-Type != Accept, ... other stuff ...
... replies ...
This will always apply my DEFAULT.
2) Set Auth-Type := Accept in SQL and have this in users:
DEFAULT Auth-Type == Accept
DEFAULT ... other stuff ...
... replies ...
This is always accepted, even with bogus users.
Any clues?
Is there something I can put in the radius.conf like:
authorize {
preprocess
chap
suffix
sql
if (!ok) {
files
mschap
}
}
--
Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL falls through to users file
Rob Genovesi wrote: Do you need the users file at all? If not comment out the files entry. -Rob Yes I do. For those people not explicitly listed in the SQL, I need to do one of two Proxy-To-Realm entries, depending upon Client-IP-Address. Or is there a way to put DEFAULT entries in SQL _and_ control the order of application? At 01:06 PM 12/11/2003 -0500, you wrote: I have some basic SQL functionality working, but I discovered that if the SQL module returns ok, FreeRadius still falls through to the users file. Is there any way to prevent this? [...] -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL falls through to users file
Gary Algier [EMAIL PROTECTED] wrote: I have some basic SQL functionality working, but I discovered that if the SQL module returns ok, FreeRadius still falls through to the users file. Is there any way to prevent this? doc/configurable_failover Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
