Version 2.0 is a lot closer to reality...

Alexander Serkin als at cell.ru
Wed Apr 4 13:14:10 CEST 2007 

Alan, thinking about upcoming upgrade from 1.1.5 to 2.0 i tried 2.0 with 
my configuration from 1.1.5.
There seem to be some difference which i hope you can explain.
proxy.conf configuration is

realm NULL {
         type            = radius
         authhost        = LOCAL
         accthost        = LOCAL
}

and we have a user who has simple radcheck entry in sql:

mobile	Auth-Type:=accept

in 1.1.5 radiusd performs authorize and authorize group checks in sql:

rlm_sql (sqlauth): sql_set_user escaped user --> 'mobile'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'mobile' ORDER BY id'
rlm_sql (sqlauth): Reserving sql socket id: 4
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE (usergroup.Username = 'mobile' or 
usergroup.CLID = '250097000040996') AND usergroup.GroupName = 
radgroupcheck.GroupName ORDER BY usergroup.PRIORITY,radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'mobile' ORDER BY id'
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
  FROM radgroupreply,usergroup WHERE (usergroup.Username = 'mobile' OR 
usergroup.CLID = '250097000040996') AND usergroup.GroupName = 
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sqlauth): Released sql socket id: 4
   modcall[authorize]: module "sqlauth" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
   rad_check_password:  Found Auth-Type Accept
   rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [mobile] (from client localhost port 0 cli 250097000040996)

but in 2.0 we lack the group checks:

rlm_sql (sqlauth): sql_set_user escaped user --> 'mobile'
rlm_sql (sqlauth): Reserving sql socket id: 4
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'mobile' ORDER BY id'
rlm_sql (sqlauth): User found in radcheck table
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'mobile' ORDER BY id'
rlm_sql (sqlauth): Released sql socket id: 4
   modcall[authorize]: module "sqlauth" returns ok for request 0
modcall: group authorize returns ok for request 0
   rad_check_password:  Found Auth-Type Accept
   rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [mobile] (from client localhost port 0 cli 25009700040996)

what could be the possible reason(s) of that?

Alan DeKok wrote:
>   I've just committed massive changes to the server core.  The "diff" is
> about 3k lines, and doesn't include deleted or added files.
> 
>   The good news is that it looks to be nearly 100% backwards compatible
> with the configurations currently allowed by the CVS head.  That is,
> I've written it to be backwards compatible, and validated it via tests,
> but I won't claim it's perfect until people test it.
...


-- 
Sincerely Yours,
Alexander

More information about the Freeradius-Users mailing list