SQL based User and Cleartext-Password
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Thu Feb 19 10:52:02 CET 2015
When I delete "Cleartext-Password" attribute from user ( I use mysql to
create or delete userand its attribute)
I get this error:
########################
[sql] expand: %{User-Name} -> tevfikceydeliler
[sql] sql_set_user escaped user --> 'tevfikceydeliler'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'tevfikceydeliler' ORDER BY id
rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row.
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
++[sql] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> tevfikceydeliler
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 12 to 10.65.8.117 port 62681
Waking up in 4.9 seconds.
Cleaning up request 0 ID 12 with timestamp +27
Ready to process requests.
############################
I use OTP as realm/proxy to verify password of users.
So, cleartext password is not necessary i think.
What should I do as attribute?
On 02/16/2015 03:54 PM, Alan DeKok wrote:
> On Feb 16, 2015, at 4:22 AM, Tevfik Ceydeliler <tevfik.ceydeliler at astron.yasar.com.tr> wrote:
>> I use OTP servers to verify defines users on Freeradius, I think my OTP server calls proxy in this case.
>> After MOTP verify password, then Freeradius assign an IP address from related IP pool.
>> My question is,under this topologywhile create user in Freeradius, dı I have to need to use Clerstext-Password attribute?
> No.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list