> 1) ok .. I have found a script in icradius called ./scripts/dictimport.pl
> that did the import ...
> [ Note : you might have seen the answer I got from Alan that said
> I should not need it : "You should be able to use 'clients.conf'."
> but you are right, I should take no risk :it doesn't hurt ;-)
> ]
Alan only meant that you don't need to create nas table, because
clients.conf does the same. But he didn't say anything about dictionaries.
>
> 2) but I still cannot authenticate a user from mysql !
> * freeradius does connect to mysql.
> * if a username doesn't exist it doesn't show extra SQL data in the
> debugging
> but if the user exists ( fablab) I have those extra lines quoted bellow !
> * I tried to do as you suggested and to crypt the passwd without extra
luck
I use
UPDATE PPPUsers SET Passwd = ENCRYPT(?) WHERE login=?
to change the password in my scripts and
authorize_check_query = "SELECT IDUser, Login, 'Crypt-Password', Passwd FROM
Account.PPPUsers WHERE Login = '%{SQL-User-Name}';
to tell freeradius how to check the password. I store all settings in
radgroupcheck/radgroupreply so I need to specify only password for each
user. In my case freeradius gets 'Crypt-Password' = blablabla value pair.
So I think you can try to use something like
INSERT INTO radcheck (...) values ('user', ''Crypt-Password',
ENCRYPT('password'))
But don't mix ENCRYPT() and CRYPT() functions. MySQL supports them both but
they ae different.
> ...
> Question : if I use crypt do I have to change the sql.conf ?
> (authorize_check_query = "SELECT id,UserName,Attribute,Value FROM
> ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
doesn't
> say anything about (un/)crypted data ??
Try to enable SQL dumping by running freeradius -X and setting 'sqltrace =
yes' in sql.conf. At least you will see what happens in additional file
/var/log/sqltrace.log.
>
>
> would you mind sending me your radiusd.conf/sql.conf ( trimming the passwd
> of course) ?
> maybe you could do a mysqldump of your DB and cut off all the radcheck
> confidential data
> (except a test account ) and all radacct data ?
>
I made a lot of changes to the standard sql.conf. I use non-standard
database schema.
Andrew.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
