On Fri, 30 Jul 2004 11:22:08 -0400, Alan DeKok <[EMAIL PROTECTED]> wrote:
> You can't use ANY SQL method for authentication. > Thank you for this important bit of information. I did not see anything in the FAQ mentioning this fact. But I did see on the wepage, <http://www.freeradius.org/features.html>, this paragraph: Authentication methods The following authentication types are some of the methods which are supported by the server * Clear-text password in local configuration file (PAP) * Encrypted password in local configuration file * CHAP * Proxy to another RADIUS server * System authentication. (usually through /etc/passwd ) * PAM (Pluggable Authentication Modules) * LDAP * MySQL DB * PostgreSQL DB * Oracle SQL DB * any IODBC SQL DB * IBM's DB2 * A locally executed program. (like a CGI program.) * Netscape-MTA-MD5 encrypted passwords * Kerberos authentication * X9.9 authentication token (e.g. CRYPTOCard) * EAP (EAP/MD5, Cisco LEAP, with experimental support for EAP/TLS) * MS-CHAP * MS-CHAPv2 and in the file doc/rlm_sql : Once the FreeRADIUS authentication server is connected to the SQL database server, then FreeRADIUS can pull user names and passwords out of the database, and use that information to perform the authentication. and in the file radiusd.conf: # # Look in an SQL database. The schema of the database # is meant to mirror the "users" file. # # See "Authorization Queries" in sql.conf sql > Please run the server in debugging mode, and read the output. It > will tell you WHY there was an Access-Reject. Posting "it doesn't > work" messages to the list is rude. See the FAQ. I am running the server in debug mode, thanks. I did not think I posted a '"it doesn't work" message' to the list, I gave some background info, and then asked a '"is this feature supported" message'. Also the FAQ recommends that I use three deprecated command line options for running the server in debug mode, so I thought, just maybe, the FAQ didn't have all the latest info. I will continue to read through the web pages and doc/* files until I figure out whether I can do what I think I want to do, and then how to get it done, but thank you again Alan for all your valuable time and effort. Perhaps I was too terse in my inital posting. To be more complete about what I am trying to accomplish ... I have installed FreeRADIUS 1.0.0-pre3 and postgreSQL 7.4.2 on a Slackware10.0 pIII server, I have a custom hostap 0.2.4 AP. I want to authenticate win wifi clients via 802.1x (and use dynamic WEP keys), using a postgreSQL database table for holding the usernames and passwords. I didn't want to post my debug logs until I had a better feeling that I had my config files in reasonable order. The config files are >60k, but I'd be happy to post relevant sections. Hoping for a better reception this time ... -Bob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
