radgroupcheck and sql module return value

Tue, 23 Nov 2004 14:23:34 -0800 

Hi,

I am trying to proxy to a remote server if the user is not found in the local database. To do this I added a DEFAULT Proxy-To-Realm in the users file and a failover entry to radiusd.conf:

authorize {
        group {
                sql {
                notfound = 1
                ok =return
                }
                files
        }
}


The problem I am seeing is that the sql module returns "ok" even when the user is not found in the database. Essentially this messes up my configurable_failover setup.

Looking at the log (included at the end) it looks like radcheck returns "notfound" but radgroupcheck returns "ok" - which in turn results in the sql module returning "ok".

In my postgresql.conf I have COMMENTED out all the relevant lines for RADGROUPCHECK and RADGROUPREPLY. If I uncomment the queries and add dummy queries - that is - queries that will always result in the row not being found then _everything_ is OK (sql module returns "notfound" for non-existent users as expected and the request is proxied to the remote host).

How do I make the above configuration work while having empty queries for radgroupcheck (I have no use for it).

Thanks!

Vinod.


------------------------------------------------------------------

rad_recv: Access-Request packet from host 127.0.0.1:1094, id=204, length=56
User-Name = "vino"
User-Password = "root123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
modcall: entering group group for request 0
radius_xlat: 'vino'
rlm_sql (sql): sql_set_user escaped user --> 'vino'
radius_xlat: 'SELECT pkey, uid, attribute, password, op_req ??FROM radius_check ??WHERE uid = 'vino' ??ORDER BY pkey'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT pkey, uid, attribute, password, op_req ??FROM radius_check ??WHERE uid = 'vino' ??ORDER BY pkey
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): User vino not found in radcheck
radius_xlat: ''
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: group group returns ok for request 0

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to