> From: Nick Davis
> Sent: Wednesday, 1 October 2003 7:48 AM
> > > The freeradius I downloaded is: freeradius-snapshot-20030930
> One thing to note, when installing the deb files with dpkg -i, it will try to
> start the freeradius daemon. That failed because all of the modules that I
> removed were still defined in radius.conf.
> So one think to keep in mind when splitting out the modules: if the module is
> not being installed, do not try to use it in radius.conf. You will probably
> want to work some sed magic to (un)comment the modules in the auth type
> sections at the bottom of the radius.conf based on which modules are
> installed.
Interesting point... I might have to go fix it so that failing to start
the server doesn't cause installation failure... To my mind server start
failure is probably not so bad 'cause I suspect an unconfigured RADIUS
server would not be a pleasant thing to have running.
On the other hand, the idea of the default config is to have a running
server as easily as possible, so I might indeed have to comment out those
modules (ldap, krb5) which are split out but referenced by default... I
can't do that in the main server CVS, it'll have to be a change in a
Debian-local .diff.gz. So it'll have to wait until we're actually in Debian.
> One other thing, if there is database module that is separate from the main
> freeradius package, make sure to instruct the user to create the database and
> modify "sql.conf" for things to work. It might be obvious to you and I, but
> it will save some help questions!
I think I will leave this alone. That would be required whether the DB module
was part of the main server or a seperate package, and the examples directory
has sample .sql files. I think it's well-enough documented that we don't need
extra notifications for people...
> I noticed a new change in sql.conf. My older version has these definitions:
>
> 1.
> # simul_zap_query - query to close "stale" sessions where NAS
> shows call
> # - was disconnected, but no stop account packet
> was received.
> # - ( %s will be replaced with the appropriate
> RadAcctId )
> # - Leave blank or commented out to skip zapping
> stale sessions
> #######################################################################
>
> 2.
> simul_zap_query = "DELETE FROM ${acct_table1} WHERE RadAcctId = '%s'"
>
>
> Why are these not in the new version?
http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/raddb/sql.conf
sql.conf 1.21
"Remove simul_zap_query and replace it with a call to session_zap.
Fix a typo in the dialup_admin Changelog"
> I also noticed that this has been removed:
>
> #######################################################################
> # Authentication Query
>
> #######################################################################
> # This query is used only to get the password for the
> # user we want to authenticate. The password MUST
> # be the first field in the return row data.
> # The 'Password' attribute is deprecated in favor of 'User-Password'.
>
> #######################################################################
>
> authenticate_query = "SELECT passwd,Attribute FROM ${authcheck_table}
> WHERE userid = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute
> = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC"
sql.conf 1.20
"Add an sql_groupcmp and a corresponding attribute Sql-Group. Remove the
authenticate_query from rlm_sql. The authorize_query should be enough."
Funnily enough, these are the first two changes after 0.71's release,
which was the last version in Debian and what I presume you used to be
running.
> I'm guessing this was removed because you cannot put the sql module in the
> authentication section of radius.conf anymore, but I am not sure which sql
> query takes its place. My guess is the "authorize_check_query". If I am wrong
> please correct me.
That makes sense to me.
--
Paul "TBBle" Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]
On a sidewalk near Portland State
University someone wrote `Trust Jesus', and
someone else wrote `But Cut the Cards'.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
