FreeRadius using two SQL servers

Fernando Brito fbrito at lq.com.ar
Tue Nov 15 20:09:42 CET 2005 

El mar, 15-11-2005 a las 13:23 -0500, Dusty Doris escribió:
> > what do you think if we try to use a Perl module inside of the autorize
> > section?!?!. I want the Perl module to decide between my two sql servers
> > depending of the incoming realm, I think this can be a possible way to
> > take. If you have any idea please let me know. Thanks!!
> 
> That should work too.  However, you can do this with Autz-Type, I am 
> currently doing it right now, but using ldap instead of sql.
> 
> Comment out your Autz-Type entries in your users file and try this. 
> Actually, comment out all your entries if you're not on a production 
> system.
> 
> DEFAULT Realm == "wireless", Autz-Type := SQL1
> 
> DEFAULT Realm == "dhcp", Autz-Type := SQL2
> 
> Notice that the check item Realm == is first, then Autz-Type.
> 
> Make sure your sql1.conf and sql2.conf files look like this at the top.
> 
> sql1.conf
> sql sql1 {
>    ...
> }
> 
> sql2.conf
> sql sql2 {
>   ...
> }
> 

radiusd -X -----------------------------

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32833, id=25,
length=63
        User-Name = "fbrito at dhcp"
        Password = "fbrito"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
    rlm_realm: Looking up realm "dhcp" for User-Name = "fbrito at dhcp"
    rlm_realm: Found realm "dhcp"
    rlm_realm: Adding Stripped-User-Name = "fbrito"
    rlm_realm: Proxying request from user fbrito to realm dhcp
    rlm_realm: Adding Realm = "dhcp"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched entry DEFAULT at line 9
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  '/home/fbrito/Radius/acct//auth-detail-20051115'
rlm_detail: /home/fbrito/Radius/acct/%{Client-IP-Address}/auth-detail-%Y
%m%d expands to /home/fbrito/Radius/acct//auth-detail-20051115
  modcall[authorize]: module "auth_log" returns ok for request 0
modcall: group authorize returns ok for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [fbrito at dhcp/fbrito] (from client localhost port 1812)
Delaying request 0 for 1 seconds
Finished request 0

----------------------------------------



> Then give it a shot.  If that does not work, try change it to add 
> Auth-Type to the end.
> 
> DEFAULT Realm == "dhcp", Autz-Type := SQL2, Auth-Type := Local
> 
> If neither of those work for you, please post your debug again.  Also, 
> make sure to reply to all, so your replies go back to the list, not just 
> me.
> 
> -Dusty
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



radiusd -X -----------------------------

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32833, id=46,
length=63
        User-Name = "fbrito at dhcp"
        Password = "fbrito"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
    rlm_realm: Looking up realm "dhcp" for User-Name = "fbrito at dhcp"
    rlm_realm: Found realm "dhcp"
    rlm_realm: Adding Stripped-User-Name = "fbrito"
    rlm_realm: Proxying request from user fbrito to realm dhcp
    rlm_realm: Adding Realm = "dhcp"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched entry DEFAULT at line 7
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  '/home/fbrito/Radius/acct//auth-detail-20051115'
rlm_detail: /home/fbrito/Radius/acct/%{Client-IP-Address}/auth-detail-%Y
%m%d expands to /home/fbrito/Radius/acct//auth-detail-20051115
  modcall[authorize]: module "auth_log" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Login OK: [fbrito at dhcp/fbrito] (from client localhost port 1812)
Sending Access-Accept of id 46 to 127.0.0.1:32833
Finished request 0

----------------------------------------


In this case the user is accepted but he never recive the info which he
is looking for. Thanks any way and bye!!



NanO

More information about the Freeradius-Users mailing list