On Wed, May 29, 2002 at 12:26:50PM -0400, Deramus, Chris wrote:
> I'm new to Free-Radius, I'll try to be as descriptive as possible. I have
> taken the advice of this board and read all documentation possible before
> asking this. I've searched on countless search engines for possible answers,
> and the only results I seem to come up with are pre Free Radius 0.5 answers.
>
>
> The current setup that we are running, is a Cisco 3030 Concentrator, which
> has dual-level authentication. First you have to authenticate with your
> group, and then you do individual level authentication. I set up my group
> table with a group name of TestRad and then setup a user TestUser which is
> affiliated to that group.
Not sure about this, but from what i've seen the group tables used in
sql with freeradius are only for easier 'grouping' of the users, to
be able to supply return attributes without setting them individually
etc. They're not used for any external types of groups.
> The big question is what do I put for an Auth-Type. On the net I have seen a
> lot of examples such as Auth-Type := Local however this is for Local
> authentication with the files such as clients, clients.conf, and users
> correct? I set the Auth-Type := sql and it is still doing the same thing. I
> tried setingt the Authentication section of radiusd.conf to use the sql
> module, however, that was disabled in 0.5
SQL doesn't do authentication, only authorization.
> I have the rlm_sql_mysql module loaded correctly, it seems that it attempts
> to access my SQL database, but then returns an error message saying:
>
> Modcall: entering group authorize
> Radius_xlat: 'TestRad'
> Sql_escape in: 'TestRad'
> Sql_escape out: 'TestRad'
> Sql_set_user: escaped user --> 'TestRad'
> Radius_xlat: ''
> Rlm_sql Reserving sql socket id: 4
> MYSQL Error: Cannot get result
> MYSQL Error: Query was empty
> Rlm_sql_getvpndata: database query error
> Rlm_sql: Released sql socket id: 4
> Modcall[authorize]: module "sql" returns noop
> Modcall: group authorize returns noop
> Auth: No Auth-Type configuration for the request, rejecting the user
> Auth: Failed to validate the user.
> Login incorrect: [TestRad]
Are you sure you have mysql setup correctly? The sql module doesn't seem
to be getting anything back from your mysql database, take a look at
the file src/modules/rlm_sql/drivers/rlm_sql_mysql from the radius
source, all the tables you need are there.
In the radcheck table, setting Attribute to Password, Value to a
plaintext password and Op to ':=' will use local authentication.
The same holds true for setting Attribute to Crypt-Password and doing a
'encrypt('password')' when you do an sql insert (so you don't have to
have plaintext passwords stored in the database).
You can also set a plaintext password then, for example, associate the
user with a group in the usergroup table and set an Auth-Type in the
radgroupcheck table, eg.:
mysql> select * from radgroupcheck;
+----+-----------+-----------+-------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+-----------+-------+------+
| 1 | test2 | Auth-Type | PAP | := |
+----+-----------+-----------+-------+------+
Would presumably work.
Taking a look at http://www.frontios.com/freeradius.html might help to.
Hope that helps.
--
Simon
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
