Unable to authenticate freeradius using PostgreSQL

Ross McOwat ross.mcowat at first-utility.com
Tue Nov 28 17:00:07 CET 2006 

Hello all,

I'm running freeradius-1.0.1-3.RHEL4, and trying to authenticate using
postgresql-7.4.8-1.RHEL4.1.  My freeradius daemon loads with no
problems, and everything appears ready-to-go.  However I cannot
authenticate against data stored in my Postgres database.  My database
is setup as follows:

radius=# select * from radcheck;
 id | username  |   attribute   |   value   | op
----+-----------+---------------+-----------+----
  1 | ROSStest3 | User-Password | bdwnlc274 | ==
  2 | ROSStest4 | User-Password | nntlpa401 | ==
(2 rows)

radius=# select * from radreply;
 id | username  |     attribute     |     value     | op
----+-----------+-------------------+---------------+----
  1 | ROSStest3 | Framed-IP-Address | 10.150.19.134 | :=
  2 | ROSStest4 | Framed-IP-Address | 10.150.19.134 | :=
(2 rows)

radius=# select * from usergroup;
 id | username  | groupname
----+-----------+-----------
  1 | ROSStest3 | static
  2 | ROSStest4 | static
(2 rows)

Other tables are empty.  Running freeradius in debug mode, the following
output is given when attempting an authentication request using
NTRadPing:

rad_recv: Access-Request packet from host <my ip address>:1859, id=28,
length=49
        User-Name = "ROSStest4"
        User-Password = "nntlpa401"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "ROSStest4", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched DEFAULT at 156
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'ROSStest4'
rlm_sql (sql): sql_set_user escaped user --> 'ROSStest4'
radius_xlat:  ''
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns fail for request 0
modcall: group authorize returns fail for request 0
Finished request 0


I'm running a trace against my database, and no output is given when
attempting a radius query, so I'm assuming that freeradius is not even
reaching the database.  The error...

rlm_sql (sql): SQL query error; rejecting user

...would seem to confirm this.  However I'm not sure what part of the
configuration files I need to change to rectify this.  At a guess, I
would say it's the following line in postgresql.conf:

sql_user_name = "%{User-Name}"

I've tried all sorts of entries in here, without success.  

Any assistance would be appreciated - apologies for the long entry
above!

Ross McOwat

More information about the Freeradius-Users mailing list