Freeradius not to read radgroupcheck table from MSSQL

Xiaochen Jing xjing at datavalet.com
Fri Oct 17 16:01:55 CEST 2008 

 

Hello,

 

My Freeradius seems only to read radcheck table, not to read radgroupcheck
table from MS SQL.

 

Here is my settings:

 

In /mssql/dialup.conf, I edit two queries for authorized_check_query and
authorize_group_check_query, instead of using the default ones. Doing this
is easy for our database programming.

 

        authorize_check_query = "RADIUS_authorize_check_query
'%{SQL-User-Name}'"

 

        authorize_group_check_query = "RADIUS_authorize_group_check_query
'%{SQL-User-Name}'"

 

 

in sql.conf, read_group is set to yes. Then I suppose Freeradius should
start to read group tables.

 

 

When I test a user whose username is associated to a group name and
pool-name, Freeradius returns only authentication successful, but no group
info or IP is returned. Here is the debug:

 

rad_recv: Access-Request packet from host 172.16.1.5 port 1723, id=20,
length=57

        User-Name = "dr.julien.olivier"

        User-Password = "acdq"

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = "dr.julien.olivier", looking up realm
NULL

    rlm_realm: No such realm "NULL"

++[suffix] returns noop

  rlm_eap: No EAP-Message, not doing EAP

++[eap] returns noop

++[unix] returns notfound

++[files] returns noop

        expand: %{User-Name} -> dr.julien.olivier

rlm_sql (sql): sql_set_user escaped user --> 'dr.julien.olivier'

rlm_sql (sql): Reserving sql socket id: 2

        expand: RADIUS_authorize_check_query '%{SQL-User-Name}' ->
RADIUS_authorize_check_query 'dr.julien.olivier'

query:  RADIUS_authorize_check_query 'dr.julien.olivier'

rlm_sql (sql): User found in radcheck table

        expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'dr.julien.olivier' ORDER BY id

query:  SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'dr.julien.olivier' ORDER BY id

rlm_sql (sql): Released sql socket id: 2

++[sql] returns ok

++[expiration] returns noop

++[logintime] returns noop

++[pap] returns updated

  rad_check_password:  Found Auth-Type

auth: type "PAP"

+- entering group PAP

rlm_pap: login attempt with password "acdq"

rlm_pap: Using clear text password "acdq"

rlm_pap: User authenticated successfully

++[pap] returns ok

+- entering group post-auth

rlm_ippool: Could not find Pool-Name attribute.

++[netplus] returns noop

rlm_ippool: Could not find Pool-Name attribute.

++[staffnet] returns noop

rlm_ippool: Could not find Pool-Name attribute.

++[julienne] returns noop

rlm_sql (sql): Processing sql_postauth

        expand: %{User-Name} -> dr.julien.olivier

rlm_sql (sql): sql_set_user escaped user --> 'dr.julien.olivier'

++[sql] returns noop

Sending Access-Accept of id 20 to 172.16.1.5 port 1723

Finished request 122.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 122 ID 20 with timestamp +79236

Ready to process requests.

 

 

I don't  know where I set it wrong or anything I miss to configure. I mean
if radcheck table works, it means at least the query that I changed is
working. So I don't know with the same idea, why radgroupcheck does not
work. Could anyone give me some ideas?

 

 

Thanks so much

 

XJ

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081017/e165490f/attachment.html>

More information about the Freeradius-Users mailing list