Get access to User-Password in rlm_sql_mysql

Lars Timmann L at
Mon May 19 16:12:43 CEST 2014

Sorry for asking, fixed myself.

I have an openvpn connecting via pam_radius_auth. What I thought was
that the requests would come in via mschap, but they are coming via pap.
So after I reformed my radtest command to pap I got the %{User-Password}
attribute filled and my question is gone.


Am 19.05.2014 13:02, schrieb Lars Timmann:
> Hello freeradius users,
> I am working on an implementation of one time passwords in radius. I
> know there are many solutions for that, but I don't want to grant the
> freeradius-mysql-user too much.
> So I made three functions and a view in my database that freeradius just
> have to set two variables with username and one time password in the
> mysql session to get the needed results.
> In my freerardius mysql config I want to call it like this:
>         authorize_check_query = "\
>           set @username='%{SQL-User-Name}'; \
>           set @otp='%{User-Password}'; \
>           SELECT id, username, attribute, value, op \
>           FROM ${authcheck_table}"
> The variable username is filled with the User-Name but the variable otp
> stays empty.
> I tried several variations of User-Password like Chap-password,
> SQL-User-Password and so on. Maybe I am to stupid to find it in the
> documentation, but can you please tell me what I have to do or point me
> at the right part of the documentation?
> Or am I completely on the wrong way?
> Thank in advance,
>     Lars
> -
> List info/subscribe/unsubscribe? See

"There is always an easy solution to every human problem -
 neat, plausible and wrong."
(Henry Louis Mencken (1880-1956) American journalist and social critic)
Lars Timmann                                            Lars at
22393 Hamburg

More information about the Freeradius-Users mailing list