> 1) ok ..  I have found a script in icradius called ./scripts/dictimport.pl
>     that did the import ...
> [ Note : you might have seen the answer I got from Alan that said
> I should not need it : "You should be able to use 'clients.conf'."
> but you are right, I should take no risk :it doesn't hurt ;-)
> ]

Alan only meant that you don't need to create nas table, because
clients.conf does the same. But he didn't say anything about dictionaries.

>
> 2) but I still cannot authenticate a user from mysql !
> * freeradius does connect to mysql.
> * if a username doesn't exist it doesn't show extra SQL data in the
> debugging
> but if the user exists ( fablab) I have those extra lines quoted bellow !
> * I tried to do as you suggested and to crypt the passwd  without extra
luck

I use

UPDATE PPPUsers SET Passwd = ENCRYPT(?) WHERE login=?

to change the password in my scripts and

authorize_check_query = "SELECT IDUser, Login, 'Crypt-Password', Passwd FROM
Account.PPPUsers WHERE Login = '%{SQL-User-Name}';

to tell freeradius how to check the password. I store all settings in
radgroupcheck/radgroupreply so I need to specify only password for each
user. In my case freeradius gets 'Crypt-Password' = blablabla value pair.

So I think you can try to use something like

INSERT INTO radcheck (...)  values ('user',  ''Crypt-Password',
ENCRYPT('password'))

But don't mix ENCRYPT() and CRYPT() functions. MySQL supports them both but
they ae different.

> ...
> Question : if I use crypt do I have to change the sql.conf ?
> (authorize_check_query = "SELECT id,UserName,Attribute,Value FROM
> ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
doesn't
> say anything about (un/)crypted data ??

Try to  enable SQL dumping by running freeradius -X and setting 'sqltrace =
yes' in sql.conf. At least you will see what happens in additional file
/var/log/sqltrace.log.

>
>
> would you mind sending me your radiusd.conf/sql.conf ( trimming the passwd
> of course) ?
> maybe you could do a mysqldump of your DB and cut off all the radcheck
> confidential data
> (except a test account ) and all radacct data ?
>
I made a lot of changes to the standard sql.conf. I use non-standard
database schema.

Andrew.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to