FreeRadius authenticate_query over authorize_check_query

Hi Folks,

hope there's someone around here who has some expertise on this subject.

This is freeradius 1.0.0 debian sarge with postgresql db

I want to use authenticate_query for user auth without any row entry in authorize_check_query

This is so i can manage the user access (or not, as the case may be) by updatong a custom table row rather than add/remove/manage multiple rows per user in radcheck table.

But if there is no entry for the user in radcheck with attribute = 'User-Password', then freeradius -X complains with "No authenticate method (Auth-Type) configuration found for the request"

Any suggested approaches?

Thanks & Regards,  Mike.
LVL 37
meverestAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mac_Commented:
Hi Meverest,

I don't know Freeradius that well, but you can probably fix your problem by using stored procedures in Postgresql : you can trigger pretty much anything (including Perl code for example) through a pgsql stored procedure.

You can definitely generate a 'User-Password' if there is none in your "regular" query.

I hope it helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
meverestAuthor Commented:
Thanks for the reply mac, a reasonable suggestion, but it doesn't solve my problem.

According to replies to a post in the freeradius mailing list, authenticate_query is deprecated with no intent to return.

So i will have to make do with authorize_check_query which is a much messier way to do it.  beats me why they did it - a good reason maybe, but i can't figure it out :(

I'll leave this q open for a while to see if there are any brilliant lateral ideas, and then close it off if the only correct answer is "you can't do what you want"

cheers.



0
meverestAuthor Commented:
OK, looks like no genius solutions for this one, so i'll provide some minor detail of my workaround for prosperity in case someone else has a similar issue.

What i did was to use my custom table joined to the radcheck and radreply tables along the lines of:

select * from <customtable> join radcheck on <customtable.username> = radcheck.username where <customtable>.username = '{%sql-username'} and <customtable constraints>

now I can manage the users by setting columns in the custom table rows.

I'll award this q to mac since my solution is sort of similar to mac's comment.  I award a 'b' as it is not entirely a complete solution, but thanks indeed anway.

cheers,  Mike.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.