freeradius wont let realms based auth

Andres Pazos andy at ferengi.com.ar
Fri Nov 11 16:33:09 CET 2005


thanks again!. 

I already understand the diference between accounting and authentication. 


I have a freeradius server (1.0.5), a MySQL server and an SQL server (with different databases).
what i need to do is, i.e.: 

User sends radius request (i.e.: radtest user at realm password server port secretkey). 

if realm is "wireless", i want radius to authenticate the user using MySQL. if realm is "dhcp", i want radius to authenticate the user using the SQL server. 

i've started redoing all the configuration. If you check the debug info from the "radiusd -X" you will see that before leaving the "authorize { ... }" section Radius never choose to use the "Autz-Type SQL { sql }" section, afterwards in the users file I've seted the Autz-Type to SQL.



these are part of my files:



users file:----------------

DEFAULT Auth-Type := System, Realm == "wireless", Autz-Type := MSSQL1

DEFAULT Auth-Type := System, Realm == "dhcp", Autz-Type := SQL

---------------------------



radiusd.conf file:---------

modules {
        realm suffix {
                format = suffix
                delimiter = "@"
                ignore_default = no
                ignore_null = yes
        }
        files {
                usersfile = ${confdir}/users
                acctusersfile = ${confdir}/acct_users
                preproxy_usersfile = ${confdir}/preproxy_users
                compat = no
        }
        preprocess {
                huntgroups = ${confdir}/huntgroups
                hints = ${confdir}/hints
                with_ascend_hack = no
                ascend_channels_per_line = 23
                with_ntdomain_hack = no
                with_specialix_jetstream_hack = no
                with_cisco_vsa_hack = no
        }
        $INCLUDE  ${confdir}/sql.conf
        $INCLUDE  ${confdir}/mssql1.conf
}
authorize {
        preprocess
        suffix
        files
        Autz-Type WIRELESS {
                mssql1
        }
        Autz-Type SQL{
                sql
        }
}
authenticate {
        Auth-Type PAP {
                pap
        }
        Auth-Type CHAP {
                chap
        }
        Auth-Type MS-CHAP {
                mschap
        }
        unix
        eap
}

---------------------------



radtest -------------------

# radtest fbrito at dhcp fbrito localhost 1812 testing123
Sending Access-Request of id 20 to 127.0.0.1:1812
        User-Name = "fbrito at dhcp"
        User-Password = "fbrito"
        NAS-IP-Address = NanO
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=20,
length=20

---------------------------



radiusd -X ----------------

Ready to process requests.


rad_recv: Access-Request packet from host 127.0.0.1:32791, id=20,
length=63
        User-Name = "fbrito at dhcp"
        Password = "fbrito"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
    rlm_realm: Looking up realm "dhcp" for User-Name = "fbrito at dhcp"
    rlm_realm: Found realm "dhcp"
    rlm_realm: Adding Stripped-User-Name = "fbrito"
    rlm_realm: Proxying request from user fbrito to realm dhcp
    rlm_realm: Adding Realm = "dhcp"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched entry DEFAULT at line 157
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Accept of id 20 to 127.0.0.1:32791
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...

---------------------------


thanks in advance!














-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4135 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051111/9adac0fc/attachment.bin>


More information about the Freeradius-Users mailing list