FreeRadius authenticate_query over authorize_check_query

Posted on 2004-11-03
Last Modified: 2012-06-27
Hi Folks,

hope there's someone around here who has some expertise on this subject.

This is freeradius 1.0.0 debian sarge with postgresql db

I want to use authenticate_query for user auth without any row entry in authorize_check_query

This is so i can manage the user access (or not, as the case may be) by updatong a custom table row rather than add/remove/manage multiple rows per user in radcheck table.

But if there is no entry for the user in radcheck with attribute = 'User-Password', then freeradius -X complains with "No authenticate method (Auth-Type) configuration found for the request"

Any suggested approaches?

Thanks & Regards,  Mike.
Question by:meverest
    LVL 3

    Accepted Solution

    Hi Meverest,

    I don't know Freeradius that well, but you can probably fix your problem by using stored procedures in Postgresql : you can trigger pretty much anything (including Perl code for example) through a pgsql stored procedure.

    You can definitely generate a 'User-Password' if there is none in your "regular" query.

    I hope it helps.
    LVL 37

    Author Comment

    Thanks for the reply mac, a reasonable suggestion, but it doesn't solve my problem.

    According to replies to a post in the freeradius mailing list, authenticate_query is deprecated with no intent to return.

    So i will have to make do with authorize_check_query which is a much messier way to do it.  beats me why they did it - a good reason maybe, but i can't figure it out :(

    I'll leave this q open for a while to see if there are any brilliant lateral ideas, and then close it off if the only correct answer is "you can't do what you want"


    LVL 37

    Author Comment

    OK, looks like no genius solutions for this one, so i'll provide some minor detail of my workaround for prosperity in case someone else has a similar issue.

    What i did was to use my custom table joined to the radcheck and radreply tables along the lines of:

    select * from <customtable> join radcheck on <customtable.username> = radcheck.username where <customtable>.username = '{%sql-username'} and <customtable constraints>

    now I can manage the users by setting columns in the custom table rows.

    I'll award this q to mac since my solution is sort of similar to mac's comment.  I award a 'b' as it is not entirely a complete solution, but thanks indeed anway.

    cheers,  Mike.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now