radiusd -X SQL suggests "not found" however user attributes are in the radcheck table?

Kaya Saman kayasaman at gmail.com
Wed Aug 1 16:55:08 CEST 2012


On Wed, Aug 1, 2012 at 3:32 PM, Kaya Saman <kayasaman at gmail.com> wrote:
> On Wed, Aug 1, 2012 at 1:36 PM, Fajar A. Nugraha <list at fajar.net> wrote:
>> On Wed, Aug 1, 2012 at 7:20 PM, Kaya Saman <kayasaman at gmail.com> wrote:
>>> IF %User-Name notfound IN SQL
>>>
>>
>> This one might not work the way you intended. What you've done so far,
>> the "=" part says "add this attribute if it doesn't already exist"
>> (e.g. not in SQL)
>>
>> If you HAVE to do "notfound" check, something like this MIGHT work
>>
>> authorize {
>>
>> sql
>> if (notfound) {
>> ...
>>   }
>>
>> }
>>
>>> Accept AND Provision onto VLAN 80 (my demo guest vlan in this case but
>>> could be any number (n))
>>
>> Then just add Auth-Type = Accept inside the update block.
>>
>> --
>> Fajar
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> I tried this method which didn't work.... The expression came out TRUE
> but then it failed to authenticate :-(
>
>
> If however, as Alan B. suggested to add a DEFAULT entry to the
> /etc/raddb/users file is 'better' then I'd be happy to go down that
> route.
>
>
> I have already started testing with it but again I'm doing something
> wrong so it isn't able to process the information properly.
>
>
> This is the output I have:
>
>
> Users:
>
>
> DEFAULT         Auth-Type := Accept
>                 Tunnel-Type:0 = VLAN,
>                 Tunnel-Medium-type:0 = IEEE-802,
>                 Tunnel-Private-Group-Id:0 = "80",
>                 Tunnel-Preference:0 = 0x000000,
>                 Fall-Through = Yes
>
> I tried also with the basic:
>
> DEFAULT Auth-Type := Accept (tried with = too, though found more
> references to using := in Google)
>
>
> This is the result of trying to start FR with that in place:
>
>
>  Module: Linked to module rlm_files
>  Module: Instantiating module "files" from file /etc/raddb/modules/files
>   files {
>         usersfile = "/etc/raddb/users"
>         acctusersfile = "/etc/raddb/acct_users"
>         preproxy_usersfile = "/etc/raddb/preproxy_users"
>         compat = "no"
>   }
> Couldn't open /etc/raddb/acct_users for reading: Permission denied
> Errors reading /etc/raddb/acct_users
> /etc/raddb/modules/files[7]: Instantiation failed for module "files"
> /etc/raddb/sites-enabled/inner-tunnel[133]: Failed to load module "files".
> /etc/raddb/sites-enabled/inner-tunnel[47]: Errors parsing authorize section.
>
>
> Is the error here due to the 'users' file not containing correct
> information, or do I need to uncomment/adapt one of the lines in
> acct_users?
>
>
>
> Regards,
>
>
> Kaya

Please ignore the above earlier posting!!

I managed to get FR up and running. It was a permissions thing on the
files called by rlm_files module!!!


One quick question now:

This is the only config in my 'users' file:

> DEFAULT         Auth-Type := Accept
>                 Tunnel-Type:0 = VLAN,
>                 Tunnel-Medium-type:0 = IEEE-802,
>                 Tunnel-Private-Group-Id:0 = "80",
>                 Tunnel-Preference:0 = 0x000000,
>                 Fall-Through = Yes


Do I really need the Fall-Through statement?


This basically if I understand correctly, claims that IF nothing
matches against the DEFAULT statement go to the NEXT statement.....


If this is so I can get rid of it since it would 'extra' unnecessary config!


Thanks for all the help in the meantime :-)


Regards,


Kaya


More information about the Freeradius-Users mailing list