"Jason Lixfeld" <[EMAIL PROTECTED]> wrote:
> Using radpwtst to test code 1 (authentication) packets, I get a pars
> mismatch error in the -X output of radiusd. The exact message, from
> what I can interperit is: auth: No Auth-Type configuration for the
> request, rejecting the user
Yes. The SQL code does not support operators.
I've just added a patch to sql.c, to support it. You'll have to
update your SQL configuration, and the SQL query.
From the posted diff:
1. Intro
As for now there is no ability to set operator different from '=='
(T_OP_CMP_EQ) using SQL authorization mode. Here is a small patch
which I suppose can brake this limitation.
2. How to apply
Back up your configuration and sources.
Place patch in directory where freeradius-0.3/ resides.
# gunzip -c rlm_sql.diff.gz | patch -p0
Now you have sql.c patched and can make new build.
Then you may add new column (OP VARCHAR(2)) in radcheck, radreply,
radgroupcheck, and radgroupreply tables to make them look like
the following (for Oracle):
CREATE TABLE radcheck (
id INT PRIMARY KEY,
username VARCHAR(30) NOT NULL,
attribute VARCHAR(30),
value VARCHAR(40),
op VARCHAR(2)
);
CREATE TABLE radreply (
id INT PRIMARY KEY,
username VARCHAR(30) NOT NULL,
attribute VARCHAR(30),
value VARCHAR(40),
op VARCHAR(2)
);
CREATE TABLE radgroupcheck (
id INT PRIMARY KEY,
groupname VARCHAR(20) NOT NULL,
attribute VARCHAR(40),
value VARCHAR(40).
op VARCHAR(2)
);
CREATE TABLE radgroupreply (
id INT PRIMARY KEY,
groupname VARCHAR(20) NOT NULL,
attribute VARCHAR(40),
value VARCHAR(40).
op VARCHAR(2)
);
After that you have to change some sql.conf statements:
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
${authcheck_
table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
${authreply_
table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_group_check_query = "SELECT
${groupcheck_table}.id,${groupcheck_table}
.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_
table}.op FROM ${groupcheck_table},${usergroup_table} WHERE
${usergroup_table}.U
sername = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName =
${groupcheck_tab
le}.GroupName ORDER BY ${groupcheck_table}.id"
authorize_group_reply_query = "SELECT
${groupreply_table}.id,${groupreply_table}
.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_
table}.op FROM ${groupreply_table},${usergroup_table} WHERE
${usergroup_table}.U
sername = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName =
${groupreply_tab
le}.GroupName ORDER BY ${groupreply_table}.id"
*** NOTE: if you didn't do these modifications OR op field is NULL
then
SQL authorization will behave as non-patched one, ie, all AV pairs
will have
'==' operator.
3. Final
Install new build, pray GOD and check what you get. Shall this not
work
you are free to restore your previous configuration. Also fell free to
contact me at [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
