On Wed, May 29, 2002 at 03:28:36PM -0400, Deramus, Chris wrote: > Simon, > > For the record you are the man :). I'm *almost* there and I do appreciate > you being in a good today...it must be my lucky day. > > I made the changes you suggested and I am now a step further, it does check > the password file it seems, however it is almost like it's checking the > radcheck table and not radgroupcheck. It seems that it's taking TestRad as > the username, and not the group name. This could be the Cisco VPN client or > maybe I should switch up the query order in sql.conf ? The VPN client first > logs into the Group, and then prompts the user to enter their username and > password into a popup dialogue box. It seems that this takes both entries at > once, any way to change this?
I'm not sure i understand what you mean with the group part above, but is it the username TestRad your entering into the dialog box your prompted with? > Thanks again Simon, I owe ya =)! > > User-Name = "TestRad" > User-Password = "\255\014\020e\345\377rG\305\014\000n\351\317\0349" > NAS-Port = 0 > Service-Type = Framed-User > Framed-Protocol = PPP > Tunnel-Client-Endpoint:0 = "63.188.96.2" > Attr-201588758 = "\000\000\000\005" > NAS-IP-Address = 172.16.0.2 > NAS-Port-Type = Virtual Your NAS is sending an auth packet with the attribute User-Name set to TestRad. Just to make everything as simple as possible i suggest you do the following (if it's PAP you want to use for authentication): Add an entry to radcheck with: UserName = TestRad Attribute = Password <-- Literally Value = YourPassword op = := Add an entry to usergroup with: UserName = TestRad GroupName = testgroup Add an entry to radgroupcheck with: GroupName = testgroup Attribute = PAP op = := Then set encryption_scheme in the pap section of the module section in radiusd.conf to clear . Does authentication/authorization work then? > modcall: entering group authorize > radius_xlat: 'TestRad' > sql_escape in: 'TestRad' > sql_escape out: 'TestRad' > sql_set_user: escaped user --> 'TestRad' > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > STRCMP(Username, 'TestRad') = 0 ORDER BY id' > rlm_sql: Reserving sql socket id: 9 > SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE STRCMP(Username, > 'TestRad') = 0 ORDER BY id > sql_escape in: 'DEFAULT' > sql_escape out: 'DEFAULT' > sql_set_user: escaped user --> 'DEFAULT' [big snip] Freeradius seems to be failing to find the username 'TestRad' in your radcheck table, see my comments above. -- Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
