SQL Authentication (mainly @Alan!)

florian broder flobroed at googlemail.com
Fri Jan 6 13:54:34 CET 2006


Hi.

Some weeks ago I was asking for this, but didn't receive an answer.

Subject is MySQL Authentication based on a Calling-Station-ID. The problem
is, that the cisco Switch doesn't send a user-name&user-password in his
access-request, and mysql doesn't like!

-->

*Error: rlm_sql
*>* (sql): zero length username not permitted"

I tried to comment out this part in the sql-module source-code, and
recompile freeradius. To my surprise, this actually DOES work.

-->

rad_recv: Access-Request packet from host 127.0.0.1:1046, id=134, length=52
        User-Name = ""
        User-Password = "michael"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'michael'
rlm_sql (sql): sql_set_user escaped user --> 'michael'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op          
FROM radcheck ?  WHERE Username = 'michael'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
 FROM radgroupcheck,usergroup WHERE usergroup.Username = 'michael' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op          
FROM radreply           WHERE Username = 'michael'           ORDER BY
id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
 FROM radgroupreply,usergroup WHERE usergroup.Username = 'michael' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type Accept
  rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 134 to 127.0.0.1:1046
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 134 with timestamp 43bc1274
Nothing to do.  Sleeping until we see a request.

Sql.conf was told, to check for the password, not username. It works!


So, my question is, like in the subject, mainly directed to alan, or
some other developper of the sql-module.

WHY was it done like that, i.e. that you HAVE to use a username in sql?

Thanks for your help, I really appreciate it!


Bye.

*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060106/20ca72df/attachment.html>


More information about the Freeradius-Users mailing list