freeradius wont let realms based auth
Andres Pazos
andy at ferengi.com.ar
Fri Nov 11 16:33:09 CET 2005
thanks again!.
I already understand the diference between accounting and authentication.
I have a freeradius server (1.0.5), a MySQL server and an SQL server (with different databases).
what i need to do is, i.e.:
User sends radius request (i.e.: radtest user at realm password server port secretkey).
if realm is "wireless", i want radius to authenticate the user using MySQL. if realm is "dhcp", i want radius to authenticate the user using the SQL server.
i've started redoing all the configuration. If you check the debug info from the "radiusd -X" you will see that before leaving the "authorize { ... }" section Radius never choose to use the "Autz-Type SQL { sql }" section, afterwards in the users file I've seted the Autz-Type to SQL.
these are part of my files:
users file:----------------
DEFAULT Auth-Type := System, Realm == "wireless", Autz-Type := MSSQL1
DEFAULT Auth-Type := System, Realm == "dhcp", Autz-Type := SQL
---------------------------
radiusd.conf file:---------
modules {
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = yes
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/mssql1.conf
}
authorize {
preprocess
suffix
files
Autz-Type WIRELESS {
mssql1
}
Autz-Type SQL{
sql
}
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
}
---------------------------
radtest -------------------
# radtest fbrito at dhcp fbrito localhost 1812 testing123
Sending Access-Request of id 20 to 127.0.0.1:1812
User-Name = "fbrito at dhcp"
User-Password = "fbrito"
NAS-IP-Address = NanO
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=20,
length=20
---------------------------
radiusd -X ----------------
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32791, id=20,
length=63
User-Name = "fbrito at dhcp"
Password = "fbrito"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: Looking up realm "dhcp" for User-Name = "fbrito at dhcp"
rlm_realm: Found realm "dhcp"
rlm_realm: Adding Stripped-User-Name = "fbrito"
rlm_realm: Proxying request from user fbrito to realm dhcp
rlm_realm: Adding Realm = "dhcp"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched entry DEFAULT at line 157
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Accept of id 20 to 127.0.0.1:32791
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
---------------------------
thanks in advance!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4135 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051111/9adac0fc/attachment.bin>
More information about the Freeradius-Users
mailing list