Well - I am not a developer but it seems that is a restriction of the SQL
module. If you comment out that part of the code and recompile freeradius,
it should work as the file-based-auth ;)
Regards,
Edvin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of florian
broder
Sent: Montag, 05. Dezember 2005 14:19
To: freeradius-users@lists.freeradius.org
Subject: SQL Call-Check Authentication (again :( )
Hi.
I'm still having a hard time of implementing the Calling-Station-Id
Authentication. Basis is a Cisco Catalyst with
"Mac-Authentication-Bypass" turned on.
Alan DeKok told me, that I can use sql.conf:
#Use Stripped-User-Name, if it's there.
#Else use User-Name, if it's there,
-->>#Else use hard-coded string "DEFAULT" as the user name.<<--
sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
To tell freeradius, that there is no user-name.
Ok, I've done that, but It gives me this error:
rad_recv: Access-Request packet from host 192.168.1.222:1038, id=13,
length=45
Service-Type = Call-Check
Calling-Station-Id = "11-22-33-44-55-66"
-->> rlm_sql (sql): zero length username not permitted <<--
That's basically the same packet, the Cisco Switch sends as
Auth-Request. Notice, that there is NO user-name in here at all.
The fact is also mentioned in the sql Source-Code:
/*
* They MUST have a user name to do SQL authorization.
*/
if ((request->username == NULL) ||
(request->username->length == 0)) {
radlog(L_ERR, "rlm_sql (%s): zero length username not
permitted\n",
inst->config->xlat_name);
return RLM_MODULE_INVALID;
}
Switching to "file-based-Authentication" (in radiusd.conf) it works
immediately:
rad_recv: Access-Request packet from host 192.168.1.222:1044, id=19,
length=45
Service-Type = Call-Check
Calling-Station-Id = "11-22-33-44-55-66"
Sending Access-Accept of id 19 to 192.168.1.222:1044
Reply-Message = "Hello"
So, it's really a limitation in sql, rather that a misconfiguration?
Would be nice, if anyone can confirm this!
Bye Flo
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html