rlm_sql not checking radgroupreply

Angelo Compagnucci angelo.compagnucci at gmail.com
Mon Sep 26 19:46:30 CEST 2011 

Hi John,

Your sql configuration lacks of group_membership_query .

Whitout this one, group checking is disabled silently during start up.

Hope this helps!

Angelo

2011/9/26 John Dunning <jodunni1 at wsc.edu>

>  Arran,
> Yea - I did give that a try.  I'm not sure if fall-through appears in the
> reply list at the end of the transaction like the other attributes do, but
> it didn't show up, nor did the group attributes show up.
>
> JD
>   Re: rlm_sql not checking radgroupreply
> ------------------------------
>
>    - *To*: FreeRadius users mailing list <
>    freeradius-users at lists.freeradius.org>
>    - *Subject*: Re: rlm_sql not checking radgroupreply
>    - *From*: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>    - *Date*: Mon, 26 Sep 2011 18:50:32 +0200
>    - *In-reply-to*: < <4E806228.97D9.0098.1%40wsc.edu>
>    4E806228.97D9.0098.1 at wsc.edu<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>
>    >
>    - *References*: < <4E806228.97D9.0098.1%40wsc.edu>
>    4E806228.97D9.0098.1 at wsc.edu<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>
>    >
>    - *Reply-to*: FreeRadius users mailing list <
>    freeradius-users at lists.freeradius.org>
>
> ------------------------------
>
>
> I have the read_groups setting set to "yes" in sql.conf and the debug log
> would make it appear that it's reading it in correctly.  The mac is found in
> radcheck and any attributes in radreply are correctly returned, but rlm_sql
> never checks for any group memberships at all.  I've done a trace on the sql
> server and it confirms what I see in the debug log from radius - it just
> never checks.
>
> Thoughts?
>
>
> Weird... Have you tried setting Fall-Through := yes in radcheck... In
> theory you shouldn't need to, but just to see if it works.
>
> -Arran
>
>  Arran Cudbard-Bell
> a.cudbardb at freeradius.org
>
> Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
>
> ------------------------------
>
>    - *References*:
>       - *rlm_sql not checking radgroupreply<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>
>       *
>          - *From:* "John Dunning" <jodunni1 at wsc.edu>
>
>
>    - Previous by Date: Re: EAP authentication accept, user not found<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00531.html>
>    - Previous by Thread: rlm_sql not checking radgroupreply<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00530.html>
>    - Next by Thread: run more than one radius on single machine<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/msg00077.html>
>    - Freeradius-Users September 2011 archives indexes sorted by: [ thread
>    ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/thread.html>
>     [ subject ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/subject.html>
>     [ author ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/author.html>
>     [ date ]<http://lists.freeradius.org/pipermail/freeradius-users/2011-September/date.html>
>    - Freeradius-Users list archive Table of Contents<http://lists.freeradius.org/pipermail/freeradius-users/index.html>
>    - More information about the Freeradius-Users mailing list<http://lists.freeradius.org/mailman/listinfo/freeradius-users>
>
> ------------------------------
> *This archive was generated by a fusion of Pipermail (Mailman edition) and
>  MHonArc <http://www.mhonarc.org/>.*
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110926/1e1ab3f8/attachment.html>

More information about the Freeradius-Users mailing list