Digest using an external database for the Password

Alan DeKok aland at deployingradius.com
Thu Apr 25 17:20:04 CEST 2013


Mike Brennan wrote:
> Hi Alan
> Thx for your input I did the following:
> In radiusd.conf file, within the instantiate section the following was
> added:
> sql
> authorize {
> 	...
> 	update control {
> 		Cleartext-Password := "%{sql: SELECT password FROM fusion
> ...}"
> 	}
> 	...
> }

  That is *not* what I said to do.  Some amount of independent thought
is required.

  List "sql" in the "instantiate" section.  DON'T put the rest of the
text above.

  DO edit the "inner-tunnel" file.  Look for the "authorize" section.
The text above shows an EXAMPLE of what you put in the "authorize"
section.  That's why it uses the word "authorize"

  DON'T put the "..." text in the config files.  That was meant to show
that OTHER text was also in the "authorize" section.

  DON'T put the "..." text in the SQL query.  That was meant to show the
REST of the SQL query

  DO think about what you're doing.

  DO put the ENTIRE sql SELECT statement into the example text I showed
above.

> In the inner-tunnel file I commented out the sql in the authorize section.
> 
> It seemed to work - see attached small snippet from my debug. In the
> attached file there is still a rlm_sql_mysql: MYSQL check_error: 1146
> received message
> I have missed something else?

  Yes.

  That error is a MySQL error.  You've mis-typed the query.  Go read
MySQL documentation to see how to create a correct query.

  Alan DeKok.


More information about the Freeradius-Users mailing list