rlm_sql not checking radgroupreply

John Dunning jodunni1 at wsc.edu
Mon Sep 26 21:54:16 CEST 2011 

Honestly Angelo, I haven't gotten that far yet....was just trying to get auth working.  Logging and accounting are still on the "to do list".
 
If I figure out something I'll let you know!
 
JD


>>> Angelo Compagnucci <angelo.compagnucci at gmail.com> 9/26/2011 2:43 PM >>>
A month ago,I had to read the source code to understand why the group membership was disabled in my configuration!

I'm using odbc also with mssql!

How have you resolved theunix_timestamp issue? I had to rewrite queries converting theunix_timestamp to something like CONVERT(datetime, '%S', 20) to accomodate my db.

Angelo

2011/9/26 John Dunning <jodunni1 at wsc.edu>


Angelo - that was it!! Thanks so much.
Just a note to the maintainers....I used the dialup.conf from the 2.1.10 source. The debian packages don't have a dialup.conf for mssql, so I used the 2.1.10 source mssql directory and created a logical link for iodbc.
It was, evidently, fixed in 2.1.11 as the one from that version has the query.
Thanks all!!
JD


>>> Angelo Compagnucci <angelo.compagnucci at gmail.com> 9/26/2011 12:46 PM >>>

Hi John, 

Your sql configuration lacks of group_membership_query .

Whitout this one, group checking is disabled silently during start up.

Hope this helps!

Angelo

2011/9/26 John Dunning <jodunni1 at wsc.edu>


Arran,
Yea - I did give that a try. I'm not sure if fall-through appears in the reply list at the end of the transaction like the other attributes do, but it didn't show up, nor did the group attributes show up.


JD
Re: rlm_sql not checking radgroupreply
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org ( mailto:freeradius-users%40lists.freeradius.org )> 
Subject: Re: rlm_sql not checking radgroupreply 
From: Arran Cudbard-Bell <a.cudbardb at freeradius.org ( mailto:a.cudbardb%40freeradius.org )> 
Date: Mon, 26 Sep 2011 18:50:32 +0200 
In-reply-to: < ( mailto:4E806228.97D9.0098.1%40wsc.edu )4E806228.97D9.0098.1 at wsc.edu ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html )> 
References: < ( mailto:4E806228.97D9.0098.1%40wsc.edu )4E806228.97D9.0098.1 at wsc.edu ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html )> 
Reply-to: FreeRadius users mailing list <freeradius-users at lists.freeradius.org ( mailto:freeradius-users%40lists.freeradius.org )>



I have the read_groups setting set to "yes" in sql.conf and the debug log would make it appear that it's reading it in correctly. The mac is found in radcheck and any attributes in radreply are correctly returned, but rlm_sql never checks for any group memberships at all. I've done a trace on the sql server and it confirms what I see in the debug log from radius - it just never checks.
Thoughts?


Weird... Have you tried setting Fall-Through := yes in radcheck... In theory you shouldn't need to, but just to see if it works.

-Arran

Arran Cudbard-Bell
a.cudbardb at freeradius.org 

Betelwiki, Betelwiki, Betelwiki....http://wiki.freeradius.org/ !


References: 
rlm_sql not checking radgroupreply ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html ) 
From:"John Dunning" <jodunni1 at wsc.edu>
Previous by Date:Re: EAP authentication accept, user not found ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00531.html ) 
Previous by Thread:rlm_sql not checking radgroupreply ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html ) 
Next by Thread:run more than one radius on single machine ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00077.html ) 
Freeradius-Users September 2011 archives indexes sorted by:[ thread ] ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/thread.html )[ subject ] ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/subject.html )[ author ] ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/author.html )[ date ] ( http://lists.freeradius.org/pipermail/freeradius-users/2011-September/date.html ) 
Freeradius-Users list archiveTable of Contents ( http://lists.freeradius.org/pipermail/freeradius-users/index.html ) 
More information about the Freeradius-Users mailing list ( http://lists.freeradius.org/mailman/listinfo/freeradius-users )
This archive was generated by a fusion of Pipermail (Mailman edition) andMHonArc ( http://www.mhonarc.org/ ).

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110926/1144f646/attachment.html>

More information about the Freeradius-Users mailing list