always received Access-Reject using mysql
Fajar A. Nugraha
list at fajar.net
Mon Nov 28 03:08:26 CET 2011
On Mon, Nov 28, 2011 at 8:29 AM, Bogi Aditya <bogi at imtelkom.ac.id> wrote:
> thanks Alan
>
> I found the problem was in the "attribute" field
> where I put "Cleartext-Password" based on the wiki :
> http://wiki.freeradius.org/SQL-HOWTO
The example should be correct. From
http://wiki.freeradius.org/SQL-HOWTO#Populating+SQL
mysql> select * from radcheck;
+----+----------------+--------------------+------------------+------+
| id | UserName | Attribute | Value | Op |
+----+----------------+--------------------+------------------+------+
| 1 | fredf | Cleartext-Password | wilma | := |
| 2 | barney | Cleartext-Password | betty | := |
| 2 | dialrouter | Cleartext-Password | dialup | := |
+----+----------------+--------------------+------------------+------+
3 rows in set (0.01 sec)
Note how it uses ":=" as op?
>
> after I changed the value to just "password"
> it works fine now.
It has different meaning, actually.
If you use Password (or User-Password) with op "==", you're basically
comparing the attribute User-Password in user request to the one in
the database. It SHOULD work if the request is using PAP, but it won't
work if the request is using MS-CHAPv2 (or some other authentication
protocol that does not send user password as plain text in
User-Password attribute). You can test it with "radtest -t mschap"
(available in newer versions of FR)
I highly suggest you change it to Cleartext-Password and ":="
--
Fajar
More information about the Freeradius-Users
mailing list