trivial problem?
Yans van Horn
yans at majora.net
Wed Nov 22 23:14:10 CET 2006
Hello,
I'm fairly new to freeradius so to some my problem may seem trivial, but ...
I'm trying to get EAP-TLS to work, and when using "file" setup everything
works as it's suppose to - only selected users can authorize after meeteing
check criteria.
When i switch to SQL (postgresql) it seems that no matter what i insert to
radcheck and radreply tables *any user (if he has valid cert) can authorize
without any problems* :-(
Can anybody shed some light on this issue ?
My configuration:
### USERS ###
"ajax" Auth-Type := EAP, Calling-Station-Id == "some-valid-mac"
# "ajax" Auth-Type := EAP, Calling-Station-Id == "some-invalid-mac"
DEFAULT Auth-Type := Reject
Reply-Message = "ACCESS DENIED"
### SQL ###
radius=> select * from radcheck;
id | username | attribute | op | value
-----+----------+--------------------+----+---------------
410 | ajax | Auth-Type | := | EAP
411 | ajax | Calling-Station-ID | == | some-INVALID-mac
412 | DEFAULT | Auth-Type | := | Reject
(3 rows)
radius=> select * from radreply;
id | username | attribute | op | value
----+----------+---------------+----+---------------
3 | DEFAULT | Reply-Message | = | ACCESS DENIED
(1 row)
All other tables are _empty_
### postgresql.conf ###
Is a default postgresql.conf from freeradius (with database connection
settings set)
### radiusd.conf ###
authorize {
preprocess
suffix
eap
sql
# files
}
authenticate {
eap
}
--
best regards,
Marcin 'Yans' Bazarnik
More information about the Freeradius-Users
mailing list