[RADIATOR] group DEFAULT. No matching AuthorizeGroup rule

Murat Bilal murat.bilal at ericsson.com
Tue Nov 20 03:50:27 CST 2012 

Thank you very much Heikki for your great support.

I changed my schema add column TACACSGROUPID and change AuthSelect to select PASSWORD,TACACSGROUPID from SUBSCRIBERS where username = %0 and it is ok for now

-----Original Message-----
From: Heikki Vatiainen [mailto:hvn at open.com.au] 
Sent: 20 Kasım 2012 Salı 09:21
To: Murat Bilal
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] group DEFAULT. No matching AuthorizeGroup rule

On 11/20/2012 09:18 AM, Murat Bilal wrote:

> AuthSelect select PASSWORD,TACACSGROUPID from SUBSCRIBERS and define
>   AuthColumnDef 0, User-Password, check
>   AuthColumnDef 1, OSC-Group-Identifier, reply
> 
> I got ERR: Execute failed for 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS': Unknown column 'TACACSGROUPID' in 'field list'
> 
> In my Subscribers table there is no column like this.Do I need to change mysql schema ?

Yes. That was just a configuration example of how to get values to reply attributes from SQL. Your DB table needs to have the appropriate columns too.

Thanks,
Heikki


> -----Original Message-----
> From: radiator-bounces at open.com.au 
> [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
> Sent: 19 Kasım 2012 Pazartesi 23:33
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] group DEFAULT. No matching AuthorizeGroup rule
> 
> On 11/19/2012 10:13 AM, Murat Bilal wrote:
> 
>> <ServerTACACSPLUS>
> 
>>         GroupMemberAttr OSC-AVPAIR
> 
> Hello Murat,
> 
> note that you have set GroupMemberAttr to OSC-AVPAIR here.
> 
>> <Handler>
>>         <AuthBy SQL>
> 
>>           AuthColumnDef 1, OSC-Group-Identifier, reply
> 
> Here you are adding OSC-Group-Identifier to the reply. Maybe this should be OSC-AVPAIR or alternatively you should have GropMemberAttr set to OSC-Group-Identifier in ServerTACACSPLUS.
> 
> Also, since you have not changed AuthSelect from the default, you 
> should select it to something like
> 
>   AuthSelect select PASSWORD,TACACSGROUPID from SUBSCRIBERS
> 
> and define
>   AuthColumnDef 0, User-Password, check
>   AuthColumnDef 1, OSC-Group-Identifier, reply
> 
> This will check the request password and and the desired group name to reply if password check succeeds.
> 
> Thanks,
> Heikki
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


--
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list