--On 30 May 2002 14:12 +0300 Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> You should put an entry for Auth-Type in the radgroupcheck table, not in
> the radgroupreply. Try seting the Auth-Type to MD5. Use the Password
> attribute with an MD5 encrypted password for value. Then in your
> radiusd.conf in the authenticate section do the following:
>
> authenticate {
> authtype MD5{
> pap
> }
> }
>
> Hope it helps
Hi! - Thanks for the reply, I've tried the above, but still no joy :(
I removed the 'Auth-Type' row from radgroupreply, and put an entry into
radgroupcheck (as can be seen below).
The debug output now says:
"
rad_recv: Access-Request packet from host 196.168.0.1:58099, id=97,
length=53
User-Name = "test"
User-Password = "\346\022\211|>}\236\264\323e\356\253\203qC\036"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "1"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
radius_xlat: 'test'
sql_escape in: 'test'
sql_escape out: 'test'
sql_set_user: escaped user --> 'test'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupch
eck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'test' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupre
ply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql: Pairs do not match [test]
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound
modcall: group authorize returns ok
auth: No Auth-Type configuration for the request, rejecting the user
"
The SQL tables so far are populated with:
mysql> select * from radcheck;
+----+----------+-----------+----------------------------------+------+
| id | UserName | Attribute | Value | op |
+----+----------+-----------+----------------------------------+------+
| 1 | test | Password | 098f6bcd4621d373cade4e832627b4f6 | NULL |
+----+----------+-----------+----------------------------------+------+
mysql> select * from radgroupcheck;
+----+-----------+-----------+-------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+-----------+-------+------+
| 1 | my_group | Auth-Type | MD5 | NULL |
+----+-----------+-----------+-------+------+
mysql> select * from radgroupreply;
+----+-----------+-------------------+-----------------+------+------+
| id | GroupName | Attribute | Value | op | prio |
+----+-----------+-------------------+-----------------+------+------+
| 1 | my_group | Framed-Protocol | PPP | NULL | 0 |
| 3 | my_group | Framed-IP-Address | 255.255.255.254 | NULL | 0 |
+----+-----------+-------------------+-----------------+------+------+
mysql> select * from usergroup;
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
| 1 | test | my_group |
+----+----------+-----------+
(all other tables are empty)
Pertinant bits of radius.conf are:
authorize {
preprocess
suffix
sql
}
authenticate {
authtype MD5{
pap
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
