Hello,
I was wondering if it is possible to have a sql authenticate{} section,
and if so, how to define the queries?
In the wiki, I find "Many people ask if they can "authenticate" users to
their SQL database however the answer is "You are asking the wrong
question." "
So, my question is:
"When doing PAP (actually EAP-TTLS/PAP, in my case), how do I check a
user's cleartext User-Password against one stored in a MySQL database?"
I'm currently doing this in my authenticate { } section, which uses a
custom MySQL query along the lines of:
SELECT ... FROM users WHERE username='%{User-Name}' AND pass =
SHA2('%{User-Password}', 256)
but since authentication is supposed to happen in the authenticate { }
section, is there any way to move the password checking there? I don't
see any indication of the authenticate{} group in sql.conf or
sql/mysql/dialup.conf.
Thanks,
Jason Antman
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
