Thank you!!!

I put it there but still the same problem:

authorize {
#
#  The preprocess module takes care of sanitizing some bizarre
#  attributes in the request, and turning them into attributes
#  which are more standard.
#
#  It takes care of processing the 'raddb/hints' and the
#  'raddb/huntgroups' files.
preprocess

#
#  If you want to have a log of authentication requests,
#  un-comment the following line, and the 'detail auth_log'
#  section, above.
# auth_log

#
#  The chap module will set 'Auth-Type := CHAP' if we are
#  handling a CHAP request and Auth-Type has not already been set
chap 
#
#  If the users are logging in with an MS-CHAP-Challenge
#  attribute for authentication, the mschap module will find
#  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
#  to the request, which will cause the server to then use
#  the mschap module for authentication.
mschap

#
#  If you have a Cisco SIP server authenticating against
#  FreeRADIUS, uncomment the following line, and the 'digest'
#  line in the 'authenticate' section.
digest
#
#  The WiMAX specification says that the Calling-Station-Id
#  is 6 octets of the MAC.  This definition conflicts with
#  RFC 3580, and all common RADIUS practices.  Un-commenting
#  the "wimax" module here means that it will fix the
#  Calling-Station-Id attribute to the normal format as
#  specified in RFC 3580 Section 3.21
# wimax

#
#  Look for IPASS style 'realm/', and if not found, look for
#  '@realm', and decide whether or not to proxy, based on
#  that.
# IPASS

#
#  If you are using multiple kinds of realms, you probably
#  want to set "ignore_null = yes" for all of them.
#  Otherwise, when the first style of realm doesn't match,
#  the other styles won't be checked.
#
suffix
# ntdomain

#
#  This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
#  authentication.
#
#  It also sets the EAP-Type attribute in the request
#  attribute list to the EAP type from the packet.
#
#  As of 2.0, the EAP module returns "ok" in the authorize stage
#  for TTLS and PEAP.  In 1.x, it never returned "ok" here, so
#  this change is compatible with older configurations.
#
#  The example below uses module failover to avoid querying all
#  of the following modules if the EAP module returns "ok".
#  Therefore, your LDAP and/or SQL servers will not be queried
#  for the many packets that go back and forth to set up TTLS
#  or PEAP.  The load on those servers will therefore be reduced.
#
eap {
ok = return
}

#
#  Pull crypt'd passwords from /etc/passwd or /etc/shadow,
#  using the system API's to get the password.  If you want
#  to read /etc/passwd or /etc/shadow directly, see the
#  passwd module in radiusd.conf.
#
# unix

#
#  Read the 'users' file
#files

#
#  Look in an SQL database.  The schema of the database
#  is meant to mirror the "users" file.
#
#  See "Authorization Queries" in sql.conf
#sql
pgsql-voip
#
#  If you are using /etc/smbpasswd, and are also doing
#  mschap authentication, the un-comment this line, and
#  configure the 'etc_smbpasswd' module, above.
# etc_smbpasswd

#
#  The ldap module will set Auth-Type to LDAP if it has not
#  already been set
# ldap

#
#  Enforce daily limits on time spent logged in.
# daily

#
# Use the checkval module
# checkval

expiration
logintime

pap

# Autz-Type Status-Server {
#
# }
}


#
authenticate {
#
#  PAP authentication, when a back-end database listed
#  in the 'authorize' section supplies a password.  The
#  password can be clear-text, or encrypted.
#Auth-Type PAP {
# pap
#}

#
#  Most people want CHAP authentication
#  A back-end database listed in the 'authorize' section
#  MUST supply a CLEAR TEXT password.  Encrypted passwords
#  won't work.
Auth-Type CHAP {
chap
}

#
#  MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}

#
#  If you have a Cisco SIP server authenticating against
#  FreeRADIUS, uncomment the following line, and the 'digest'
#  line in the 'authorize' section.
digest

#
#  Pluggable Authentication Modules.
pam
#
#  See 'man getpwent' for information on how the 'unix'
#  module checks the users password.  Note that packets
#  containing CHAP-Password attributes CANNOT be authenticated
#  against /etc/passwd!  See the FAQ for details.
#
#  For normal "crypt" authentication, the "pap" module should
#  be used instead of the "unix" module.  The "unix" module should
#  be used for authentication ONLY for compatibility with legacy
#  FreeRADIUS configurations.
#
unix

# Uncomment it if you want to use ldap for authentication
#
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
# Auth-Type LDAP {
# ldap
# }

#
#  Allow EAP authentication.
eap

#
#  The older configurations sent a number of attributes in
#  Access-Challenge packets, which wasn't strictly correct.
#  If you want to filter out these attributes, uncomment
#  the following lines.
#
Auth-Type eap {
eap {
handled = 1  
}
if (handled && (Response-Packet-Type == Access-Challenge)) {
attr_filter.access_challenge.post-auth
handled  # override the "updated" code from attr_filter
}
}
}


#
#  Pre-accounting.  Decide which accounting type to use.
#
preacct {
preprocess

#
#  Session start times are *implied* in RADIUS.
#  The NAS never sends a "start time".  Instead, it sends
#  a start packet, *possibly* with an Acct-Delay-Time.
#  The server is supposed to conclude that the start time
#  was "Acct-Delay-Time" seconds in the past.
#
#  The code below creates an explicit start time, which can
#  then be used in other modules.
#
#  The start time is: NOW - delay - session_length
#

#  update request {
#   FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
# }


#
#  Ensure that we have a semi-unique identifier for every
#  request, and many NAS boxes are broken.
acct_unique

#
#  Look for IPASS-style 'realm/', and if not found, look for
#  '@realm', and decide whether or not to proxy, based on
#  that.
#
#  Accounting requests are generally proxied to the same
#  home server as authentication requests.
# IPASS
suffix
# ntdomain

#
#  Read the 'acct_users' file
#files
}

#
#  Accounting.  Log the accounting data.
#
accounting {

if (noop) {
ok
}


}

session {
radutmp


}


post-auth {


# ldap

exec



# }


edir_account_policy_check = yes' in the ldap module configuration
#
Post-Auth-Type REJECT {
# log failed authentications in SQL, too.
# sql
attr_filter.access_reject
}
}


pre-proxy {

}


post-proxy {

# post_proxy_log

# attr_rewrite


# attr_filter.post-proxy


#
eap


# Post-Proxy-Type Fail {
# detail
# }
}


}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 212.13.228.58 port 49883, id=136, length=206
        Acct-Multi-Session-Id = "1291732743095"
        Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
        Calling-Station-Id = "81609000"
        NAS-Identifier = "intraswitch"
        NAS-IP-Address = 212.13.228.58
        3GPP2-Prepaid-acct-Capability = 0x010600000002
        3GPP2-Session-Termination-Capability = 1
        h323-conf-id = "h323-conf-id=1291732743095"
        Vendor-Specific = 0x00000009
        Event-Timestamp = "Dec  7 2010 15:39:03 CET"
        User-Name = "081609000"
        User-Password = "12345"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "081609000", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[pgsql-voip]    expand: %{User-Name} -> 081609000
[pgsql-voip] sql_set_user escaped user --> '081609000'
rlm_sql (pgsql-voip): Reserving sql socket id: 24
[pgsql-voip]    expand:  -> 
[pgsql-voip] Error generating query; rejecting user
rlm_sql (pgsql-voip): Released sql socket id: 24
++[pgsql-voip] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> 081609000
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.



> Date: Tue, 7 Dec 2010 21:26:18 +0700
> Subject: Re: Voip database
> From: work@fajar.net
> To: freeradius-users@lists.freeradius.org
>
> On Tue, Dec 7, 2010 at 9:24 PM, Fajar A. Nugraha <work@fajar.net> wrote:
> > On Tue, Dec 7, 2010 at 9:17 PM, miha- <miha_zoubek@hotmail.com> wrote:
> >>
> >> I have uncomment only this #  Cisco VoIP specific bulk accounting
> >> pgsql-voip under accounting section.
> >> I have not found it under authorize and authenticate.
> >>
> >> Must I put it there?
> >
> > On second thought, you might not need it in authenticate. You'd need
> > it in authorize and authenticate.
>
> I meant to say "authorize and accounting".
>
> --
> Fajar
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html