• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1193
  • Last Modified:

FreeRadius authenticate_query over authorize_check_query

Hi Folks,

hope there's someone around here who has some expertise on this subject.

This is freeradius 1.0.0 debian sarge with postgresql db

I want to use authenticate_query for user auth without any row entry in authorize_check_query

This is so i can manage the user access (or not, as the case may be) by updatong a custom table row rather than add/remove/manage multiple rows per user in radcheck table.

But if there is no entry for the user in radcheck with attribute = 'User-Password', then freeradius -X complains with "No authenticate method (Auth-Type) configuration found for the request"

Any suggested approaches?

Thanks & Regards,  Mike.
  • 2
1 Solution
Hi Meverest,

I don't know Freeradius that well, but you can probably fix your problem by using stored procedures in Postgresql : you can trigger pretty much anything (including Perl code for example) through a pgsql stored procedure.

You can definitely generate a 'User-Password' if there is none in your "regular" query.

I hope it helps.
meverestAuthor Commented:
Thanks for the reply mac, a reasonable suggestion, but it doesn't solve my problem.

According to replies to a post in the freeradius mailing list, authenticate_query is deprecated with no intent to return.

So i will have to make do with authorize_check_query which is a much messier way to do it.  beats me why they did it - a good reason maybe, but i can't figure it out :(

I'll leave this q open for a while to see if there are any brilliant lateral ideas, and then close it off if the only correct answer is "you can't do what you want"


meverestAuthor Commented:
OK, looks like no genius solutions for this one, so i'll provide some minor detail of my workaround for prosperity in case someone else has a similar issue.

What i did was to use my custom table joined to the radcheck and radreply tables along the lines of:

select * from <customtable> join radcheck on <customtable.username> = radcheck.username where <customtable>.username = '{%sql-username'} and <customtable constraints>

now I can manage the users by setting columns in the custom table rows.

I'll award this q to mac since my solution is sort of similar to mac's comment.  I award a 'b' as it is not entirely a complete solution, but thanks indeed anway.

cheers,  Mike.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now