Get access to User-Password in rlm_sql_mysql
Hello freeradius users, I am working on an implementation of one time passwords in radius. I know there are many solutions for that, but I don't want to grant the freeradius-mysql-user too much. So I made three functions and a view in my database that freeradius just have to set two variables with username and one time password in the mysql session to get the needed results. In my freerardius mysql config I want to call it like this: authorize_check_query = "\ set @username='%{SQL-User-Name}'; \ set @otp='%{User-Password}'; \ SELECT id, username, attribute, value, op \ FROM ${authcheck_table}" The variable username is filled with the User-Name but the variable otp stays empty. I tried several variations of User-Password like Chap-password, SQL-User-Password and so on. Maybe I am to stupid to find it in the documentation, but can you please tell me what I have to do or point me at the right part of the documentation? Or am I completely on the wrong way? Thank in advance, Lars
Sorry for asking, fixed myself. I have an openvpn connecting via pam_radius_auth. What I thought was that the requests would come in via mschap, but they are coming via pap. So after I reformed my radtest command to pap I got the %{User-Password} attribute filled and my question is gone. Greetings, Lars Am 19.05.2014 13:02, schrieb Lars Timmann:
Hello freeradius users,
I am working on an implementation of one time passwords in radius. I know there are many solutions for that, but I don't want to grant the freeradius-mysql-user too much.
So I made three functions and a view in my database that freeradius just have to set two variables with username and one time password in the mysql session to get the needed results.
In my freerardius mysql config I want to call it like this:
authorize_check_query = "\ set @username='%{SQL-User-Name}'; \ set @otp='%{User-Password}'; \ SELECT id, username, attribute, value, op \ FROM ${authcheck_table}"
The variable username is filled with the User-Name but the variable otp stays empty. I tried several variations of User-Password like Chap-password, SQL-User-Password and so on. Maybe I am to stupid to find it in the documentation, but can you please tell me what I have to do or point me at the right part of the documentation?
Or am I completely on the wrong way?
Thank in advance, Lars
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- "There is always an easy solution to every human problem - neat, plausible and wrong." (Henry Louis Mencken (1880-1956) American journalist and social critic) _______________________________________________________________________ Lars Timmann Lars@Timmann.de 22393 Hamburg http://lars.timmann.de/ http://www.fleischfressendepflanzen.de/ Xing: https://www.xing.com/profile/Lars_Timmann LinkedIn: https://www.linkedin.com/in/LarsTimmann FaceBook: https://www.facebook.com/lars.timmann
participants (1)
-
Lars Timmann