I can't find the patch so I assume getting today's snapshot will suffice? # ls -al sql.c -rw-r--r-- 1 702 101 15348 Oct 30 14:16 sql.c #
?? > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > [EMAIL PROTECTED] > Sent: October 30, 2001 4:36 PM > To: [EMAIL PROTECTED] > Subject: Re: Auth failures > > > "Jason Lixfeld" <[EMAIL PROTECTED]> wrote: > > Using radpwtst to test code 1 (authentication) packets, I > get a pars > > mismatch error in the -X output of radiusd. The exact > message, from > > what I can interperit is: auth: No Auth-Type configuration for the > > request, rejecting the user > > Yes. The SQL code does not support operators. > > I've just added a patch to sql.c, to support it. You'll > have to update your SQL configuration, and the SQL query. > > From the posted diff: > > 1. Intro > > As for now there is no ability to set operator different from '==' > (T_OP_CMP_EQ) using SQL authorization mode. Here is a small > patch which I suppose can brake this limitation. > > 2. How to apply > > Back up your configuration and sources. > > Place patch in directory where freeradius-0.3/ resides. > > # gunzip -c rlm_sql.diff.gz | patch -p0 > > Now you have sql.c patched and can make new build. > > Then you may add new column (OP VARCHAR(2)) in radcheck, > radreply, radgroupcheck, and radgroupreply tables to make > them look like the following (for Oracle): > > CREATE TABLE radcheck ( > id INT PRIMARY KEY, > username VARCHAR(30) NOT NULL, > attribute VARCHAR(30), > value VARCHAR(40), > op VARCHAR(2) > ); > > CREATE TABLE radreply ( > id INT PRIMARY KEY, > username VARCHAR(30) NOT NULL, > attribute VARCHAR(30), > value VARCHAR(40), > op VARCHAR(2) > ); > > CREATE TABLE radgroupcheck ( > id INT PRIMARY KEY, > groupname VARCHAR(20) NOT NULL, > attribute VARCHAR(40), > value VARCHAR(40). > op VARCHAR(2) > ); > > CREATE TABLE radgroupreply ( > id INT PRIMARY KEY, > groupname VARCHAR(20) NOT NULL, > attribute VARCHAR(40), > value VARCHAR(40). > op VARCHAR(2) > ); > > > After that you have to change some sql.conf statements: > > authorize_check_query = "SELECT > id,UserName,Attribute,Value,op FROM ${authcheck_ table} WHERE > Username = '%{SQL-User-Name}' ORDER BY id" > authorize_reply_query = "SELECT > id,UserName,Attribute,Value,op FROM ${authreply_ table} WHERE > Username = '%{SQL-User-Name}' ORDER BY id" > > authorize_group_check_query = "SELECT > ${groupcheck_table}.id,${groupcheck_table} > .GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.V > alue,${groupcheck_ > table}.op FROM ${groupcheck_table},${usergroup_table} WHERE > ${usergroup_table}.U sername = '%{SQL-User-Name}' AND > ${usergroup_table}.GroupName = ${groupcheck_tab le}.GroupName > ORDER BY ${groupcheck_table}.id" authorize_group_reply_query > = "SELECT ${groupreply_table}.id,${groupreply_table} > .GroupName,${groupreply_table}.Attribute,${groupreply_table}.V > alue,${groupreply_ > table}.op FROM ${groupreply_table},${usergroup_table} WHERE > ${usergroup_table}.U sername = '%{SQL-User-Name}' AND > ${usergroup_table}.GroupName = ${groupreply_tab le}.GroupName > ORDER BY ${groupreply_table}.id" > > *** NOTE: if you didn't do these modifications OR op field is > NULL then SQL authorization will behave as non-patched one, > ie, all AV pairs will have '==' operator. > > > 3. Final > > Install new build, pray GOD and check what you get. Shall > this not work you are free to restore your previous > configuration. Also fell free to contact me at [EMAIL PROTECTED] > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
