On 04/04/12 18:27, Alan Buxey wrote:
Hi,
mysql> select * from radcheck;
+----+----------+--------------------+----+-------------------+
| id | username | attribute | op | value |
+----+----------+--------------------+----+-------------------+
| 1 | user01 | Cleartext-Password | := | pass01 |
| 2 | user01 | Calling-Station-Id | == | 98-4B-4A-F5-BF-40 |
+----+----------+--------------------+----+-------------------+
okay
mysql> SELECT id, username, attribute, value, op FROM radcheck WHERE
username = 'user01' ORDER BY id;
+----+----------+--------------------+-------------------+----+
| id | username | attribute | value | op |
+----+----------+--------------------+-------------------+----+
| 1 | user01 | Cleartext-Password | pass01 | := |
| 2 | user01 | Calling-Station-Id | 98-4B-4A-F5-BF-40 | == |
+----+----------+--------------------+-------------------+----+
yep. okay.
but if you look at your debug output:
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username =
'user01' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
[sql] User user01 not found
so, there is no user01 in the radusergroup SQL table. so it fails. so if you
dont
need the sqlusergroup, turn it off.
Thanks for the explanation.
Just so I understand completely, why does authentication work when there
is only the Cleartext-Password row in the radcheck table? Does the
radusergroup query somehow come into play when there's a second check item?
Nothing else changes, radusergroup is being queried and returning no
results in both cases.
Regards, glen.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
