Checking MAC address with rlm_sql
Glen Harris
astfgl at iamnota.org
Wed Apr 4 10:41:06 CEST 2012
On 04/04/12 18:27, Alan Buxey wrote:
> Hi,
>
>> mysql> select * from radcheck;
>> +----+----------+--------------------+----+-------------------+
>> | id | username | attribute | op | value |
>> +----+----------+--------------------+----+-------------------+
>> | 1 | user01 | Cleartext-Password | := | pass01 |
>> | 2 | user01 | Calling-Station-Id | == | 98-4B-4A-F5-BF-40 |
>> +----+----------+--------------------+----+-------------------+
>
> okay
>
>> mysql> SELECT id, username, attribute, value, op FROM radcheck WHERE
>> username = 'user01' ORDER BY id;
>> +----+----------+--------------------+-------------------+----+
>> | id | username | attribute | value | op |
>> +----+----------+--------------------+-------------------+----+
>> | 1 | user01 | Cleartext-Password | pass01 | := |
>> | 2 | user01 | Calling-Station-Id | 98-4B-4A-F5-BF-40 | == |
>> +----+----------+--------------------+-------------------+----+
> yep. okay.
>
> but if you look at your debug output:
>
> [sql] expand: SELECT groupname FROM radusergroup
> WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
> SELECT groupname FROM radusergroup WHERE username =
> 'user01' ORDER BY priority
> rlm_sql (sql): Released sql socket id: 4
> [sql] User user01 not found
>
> so, there is no user01 in the radusergroup SQL table. so it fails. so if you dont
> need the sqlusergroup, turn it off.
Thanks for the explanation.
Just so I understand completely, why does authentication work when there
is only the Cleartext-Password row in the radcheck table? Does the
radusergroup query somehow come into play when there's a second check item?
Nothing else changes, radusergroup is being queried and returning no
results in both cases.
Regards, glen.
More information about the Freeradius-Users
mailing list