rlm_sql not checking radgroupreply

Angelo Compagnucci angelo.compagnucci at gmail.com
Mon Sep 26 21:43:52 CEST 2011


A month ago, I had to read the source code to understand why the group
membership was disabled in my configuration!

I'm using odbc also with mssql!

How have you resolved the unix_timestamp issue? I had to rewrite queries
converting the unix_timestamp to something like CONVERT(datetime, '%S', 20)
to accomodate my db.

Angelo

2011/9/26 John Dunning <jodunni1 at wsc.edu>

>  Angelo - that was it!!  Thanks so much.
>
> Just a note to the maintainers....I used the dialup.conf from the 2.1.10
> source.  The debian packages don't have a dialup.conf for mssql, so I used
> the 2.1.10 source mssql directory and created a logical link for iodbc.
>
> It was, evidently, fixed in 2.1.11 as the one from that version has the
> query.
>
> Thanks all!!
>
> JD
>
>
> >>> Angelo Compagnucci <angelo.compagnucci at gmail.com> 9/26/2011 12:46 PM
> >>>
>
> Hi John,
>
> Your sql configuration lacks of group_membership_query .
>
> Whitout this one, group checking is disabled silently during start up.
>
> Hope this helps!
>
> Angelo
>
>  2011/9/26 John Dunning <jodunni1 at wsc.edu>
>
>>  Arran,
>> Yea - I did give that a try. I'm not sure if fall-through appears in the
>> reply list at the end of the transaction like the other attributes do, but
>> it didn't show up, nor did the group attributes show up.
>>  JD
>>  Re: rlm_sql not checking radgroupreply
>> ------------------------------
>>
>>    - *To*: FreeRadius users mailing list <
>>    freeradius-users at lists.freeradius.org>
>>    - *Subject*: Re: rlm_sql not checking radgroupreply
>>    - *From*: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>>    - *Date*: Mon, 26 Sep 2011 18:50:32 +0200
>>    - *In-reply-to*: < <4E806228.97D9.0098.1%40wsc.edu>
>>    4E806228.97D9.0098.1 at wsc.edu<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>>
>>
>>    - *References*: < <4E806228.97D9.0098.1%40wsc.edu>
>>    4E806228.97D9.0098.1 at wsc.edu<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>>
>>
>>    - *Reply-to*: FreeRadius users mailing list <
>>    freeradius-users at lists.freeradius.org>
>>
>> ------------------------------
>>
>>  I have the read_groups setting set to "yes" in sql.conf and the debug
>> log would make it appear that it's reading it in correctly. The mac is found
>> in radcheck and any attributes in radreply are correctly returned, but
>> rlm_sql never checks for any group memberships at all. I've done a trace on
>> the sql server and it confirms what I see in the debug log from radius - it
>> just never checks.
>>  Thoughts?
>>
>>
>> Weird... Have you tried setting Fall-Through := yes in radcheck... In
>> theory you shouldn't need to, but just to see if it works.
>>
>> -Arran
>>
>>  Arran Cudbard-Bell
>> a.cudbardb at freeradius.org
>>
>> Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
>>
>> ------------------------------
>>
>>    - *References*:
>>       - *rlm_sql not checking radgroupreply<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>
>>       *
>>          - *From:* "John Dunning" <jodunni1 at wsc.edu>
>>
>>
>>    - Previous by Date: Re: EAP authentication accept, user not found<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00531.html>
>>    - Previous by Thread: rlm_sql not checking radgroupreply<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>
>>    - Next by Thread: run more than one radius on single machine<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00077.html>
>>    - Freeradius-Users September 2011 archives indexes sorted by: [ thread
>>    ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/thread.html> [
>>    subject ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/subject.html> [
>>    author ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/author.html> [
>>    date ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/date.html>
>>    - Freeradius-Users list archive Table of Contents<http://lists.freeradius.org/pipermail/freeradius-users/index.html>
>>    - More information about the Freeradius-Users mailing list<http://lists.freeradius.org/mailman/listinfo/freeradius-users>
>>
>> ------------------------------
>> *This archive was generated by a fusion of Pipermail (Mailman edition)
>> and MHonArc <http://www.mhonarc.org/>.*
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110926/34d0cfce/attachment.html>


More information about the Freeradius-Users mailing list