users file ignored and still checks sql
Paul Tinson
Paul.Tinson at team.orcon.net.nz
Tue Apr 24 13:33:12 CEST 2012
Hi There,
I have been looking at an issue we are having with out deployment and for
the life of me cant see what is wrong.
We have version 2.1.8 but I couldn't find any mention of a bug like this
in releases since.
The issue is I want to do a realm based auth for one realm and return some
L2TP information.
So in proxy.conf I have added the realm, in users I have added a user like
this: realm and ip changed to protect the innocent
DEFAULT Realm == "womble.co.nz", Auth-Type := Accept
Tunnel-Type := L2TP,
Tunnel-Medium-Type := IP,
Tunnel-Server-Endpoint := 1.1.1.1,
Alc-Tunnel-Idle-Timeout := 600,
Tunnel-Assignment-Id := Tunnel1,
Fall-Through = No
In the default enabled site I have file and sql enabled for authorization.
When I run freeradius -X I get the output as follows: again changed to
protect
[suffix] Looking up realm "wombles.co.nz" for User-Name =
"wibble at womble.co.nz"
[suffix] Found realm "womble.co.nz"
[suffix] Adding Stripped-User-Name = "wibble"
[suffix] Adding Realm = "womble.co.nz"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 87
++[files] returns ok
[sql] expand: %{Orcon-User-Name} ->
[sql] sql_set_user escaped user --> ''
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: CALL authorize_check_query(query) -> CALL
authorize_check_query(query)
rlm_sql_mysql: query: CALL authorize_check_query(query)
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql_getvpdata: database query error
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 0
++[sql] returns fail
Invalid user: [wibble at womble.co.nz] (from client bng1 port 0 cli 103249698)
Using Post-Auth-Type Reject
I would have thought this configuration should result in the users file
being scanned and then returning Auth-Type: Accept and not then processing
the sql authorize module.
Have I missed something simple, or does this config look right.
Any clues appreciated.
Paul
More information about the Freeradius-Users
mailing list