Authentication with existing MySQL database
Quentin Smith
i.am.the.q at gmail.com
Fri May 14 21:05:16 CEST 2010
Hello all,
I've set up and configured freeradius to properly authenticate users
using the MySQL database schema specified on the freeradius.org
website. However, since we already have a different database set up
with users' passwords that is updated by scripts when users change
their passwords or their accounts are disabled etc, I would like to be
able to pull their password hashes directly from that database.
This is what I've tried so far to do so, but it has not worked. I've
changed in the sql.conf file the authorize_check_query to the
following, but left the authorize_reply_query untouched:
authorize_check_query = "SELECT id, name as UserName, 'NT-Password'
as Attribute, nthashpass as Value, ':=' as op \
FROM users \
WHERE name = '%{SQL-User-Name}' \
ORDER BY id"
However, when I run freeradius -X, it appears that for some reason
that setting is erased. The following is the pertinent output:
sql: authorize_check_query = ""
sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value,
op FROM radreply WHERE Username =
'%{SQL-User-Name}' ORDER BY id"
Then, when I try to authenticate a user, the following error is output:
lm_sql (sql): sql_set_user escaped user --> ''******'
radius_xlat: ''
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns fail for request 0
I'm guessing the SQL query error is related to the fact that
authorize_check_query is now an empty string, but I'm not sure why
that's the case.
Anyone have any insight?
--
Quentin Smith
More information about the Freeradius-Users
mailing list