Subject: Re: Auth-Type with MySQL being ignored
> yes. It is in the archives. 90% of the docs are incorrect. The > Auth-Type should be in the radgroupcheck or radcheck not the > radgroupreply. I have entered the Auth-Type in the radgroupcheck table. I have the Groupname labeled 'Suspended' and then set the Auth-Type to reject and associated a user with that particular group. I also this morning added in the Auth-Type for a user in the radcheck table indicating the same. Each time however, the user still receives and Access-Accept. It appears as though Freeradius is ignoring any Auth-Type settings in the MySQL database and referencing only what is specified in the 'users' file (of which I have a setting of Auth-Type = Local). This was the only way I could even get users in the MySQL database to receive and Access-Accept response without actually creating a system account for each user. Is there just something I am missing? If there is a specific archive dealing with this, I will go back through and re-read it. Thank you for any additional assistance. > > I am currently running FreeRadius version 0.8.1 with MySQL for the > > AAA. I have > > ran into an issue where the MySQL ignores the Auth-Type and based on > > the 'users' > > file, sets the Auth-Type to 'Local' (which I manually changed from > > 'System' due to no > > users being authenticated against MySQL. Because of this, when I > > specify an Auth-Type > > of 'Reject' for a specific group, any users that are currently > > associated with that group > > still get an 'Access-Accept' response. If I change the 'users' file > > back to 'System', then > > again, no users that are listed in MySQL database are authenticated. > > > > Has anybody else ran into this issue and if so, what did you do to > > fix it? I can change the > > password for the user I want to deny authentication to (i.e.: putting > > an ! at the end of their > > password) however I would prefer to keep them separated into their own > > group for reference > > and follow-up purposes. > > > > Thank you for any input and guidance. > > Rick Evans - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
