On 11/20/2012 09:55 AM, Murat Bilal wrote: > After changing my schema.I insert a user murat with passw murat and > TACACSGROUPID group3.Debug gets crazy.Endless loop as shown below:
You need 'NoDefault' in your AuthBy. The default behaviour for Radiator is to lookup user DEFAULT, DEFAULT1, ... if user lookup or check attributes fails. It is actually a good thing to have 'NoDefault' in any AuthBy unless you know you need the default lookup behaviour. Also, good to hear you got SQL lookups working. Thanks, Heikki > Radius::AuthSQL REJECT: Bad Password: DEFAULT4303 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Query to 'dbi:mysql:radius:localhost': > 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS': > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL looks for match with > DEFAULT4304 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL REJECT: Bad Password: > DEFAULT4304 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Query to 'dbi:mysql:radius:localhost': > 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS': > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL looks for match with > DEFAULT4305 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL REJECT: Bad Password: > DEFAULT4305 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Query to 'dbi:mysql:radius:localhost': > 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS': > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL looks for match with > DEFAULT4306 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL REJECT: Bad Password: > DEFAULT4306 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Query to 'dbi:mysql:radius:localhost': > 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS': > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL looks for match with > DEFAULT4307 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL REJECT: Bad Password: > DEFAULT4307 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Query to 'dbi:mysql:radius:localhost': > 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS': > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL looks for match with > DEFAULT4308 [murat] > Tue Nov 20 09:52:31 2012: DEBUG: Radius::AuthSQL REJECT: Bad Password: > DEFAULT4308 [murat]^C > > -----Original Message----- > From: Heikki Vatiainen [mailto:[email protected]] > Sent: 20 Kasım 2012 Salı 09:21 > To: Murat Bilal > Cc: [email protected] > Subject: Re: [RADIATOR] group DEFAULT. No matching AuthorizeGroup rule > > On 11/20/2012 09:18 AM, Murat Bilal wrote: > >> AuthSelect select PASSWORD,TACACSGROUPID from SUBSCRIBERS and define >> AuthColumnDef 0, User-Password, check >> AuthColumnDef 1, OSC-Group-Identifier, reply >> >> I got ERR: Execute failed for 'select PASSWORD,TACACSGROUPID from >> SUBSCRIBERS': Unknown column 'TACACSGROUPID' in 'field list' >> >> In my Subscribers table there is no column like this.Do I need to change >> mysql schema ? > > Yes. That was just a configuration example of how to get values to reply > attributes from SQL. Your DB table needs to have the appropriate columns too. > > Thanks, > Heikki > > >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Heikki Vatiainen >> Sent: 19 Kasım 2012 Pazartesi 23:33 >> To: [email protected] >> Subject: Re: [RADIATOR] group DEFAULT. No matching AuthorizeGroup rule >> >> On 11/19/2012 10:13 AM, Murat Bilal wrote: >> >>> <ServerTACACSPLUS> >> >>> GroupMemberAttr OSC-AVPAIR >> >> Hello Murat, >> >> note that you have set GroupMemberAttr to OSC-AVPAIR here. >> >>> <Handler> >>> <AuthBy SQL> >> >>> AuthColumnDef 1, OSC-Group-Identifier, reply >> >> Here you are adding OSC-Group-Identifier to the reply. Maybe this should be >> OSC-AVPAIR or alternatively you should have GropMemberAttr set to >> OSC-Group-Identifier in ServerTACACSPLUS. >> >> Also, since you have not changed AuthSelect from the default, you >> should select it to something like >> >> AuthSelect select PASSWORD,TACACSGROUPID from SUBSCRIBERS >> >> and define >> AuthColumnDef 0, User-Password, check >> AuthColumnDef 1, OSC-Group-Identifier, reply >> >> This will check the request password and and the desired group name to reply >> if password check succeeds. >> >> Thanks, >> Heikki >> >> -- >> Heikki Vatiainen <[email protected]> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator >> > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
