I have a freeradius server version 0.8.1 that I use to authenticate both EAP users and username/password users in a MySQL database, using rlm_sql. My authorize block from radiusd.conf looks like this:
authorize {
preprocess
eap
suffix
sql
files
}For an EAP authentication, the authorize block modcall calls eap_authorize, which returns "updated." However, rlm_sql runs and searches the database for the EAP user, which isnt there. Everything works, but the database hit is unnecessary. Is there something I can do to prevent that?
Regards, Dave
Here is the full log from radius -xx:
rad_recv: Access-Request packet from host 127.0.0.1:32920, id=0, length=103
Thread 5 assigned request 16
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread 5 handling request 16, (3 handled so far)
User-Name = "[EMAIL PROTECTED]"
Message-Authenticator = 0x0fe7c67b5cbfca68b8d7442142fc9ae2
EAP-Message = 0x020100210131393230353332323830303230333130407472616e7361742e636f6d
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: Looking up realm transat.com for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm transat.com
rlm_realm: Proxying request from user 1920532280020310 to realm transat.com
rlm_realm: Adding Realm = "transat.com"
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module "suffix" returns noop
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User [EMAIL PROTECTED] not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns notfound
users: Matched DEFAULT at 163
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type sim
rlm_eap_sim: Issuing EAP-Request/SIM/Start for [EMAIL PROTECTED]
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 0 to 127.0.0.1:32920
EAP-Message = 0x01020010120a00000f02000200010000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf6ce90c7adfbf64111333a84e037829d2fc8a63ff044ebdd59ef8d45d3643584f2a689ac
Finished request 16
Going to the next request
Thread 5 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 0 with timestamp 3fa6c82f
Nothing to do. Sleeping until we see a request.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
