[RADIATOR] group DEFAULT. No matching AuthorizeGroup rule

Heikki Vatiainen hvn at open.com.au
Tue Nov 20 01:20:33 CST 2012 

On 11/20/2012 09:18 AM, Murat Bilal wrote:

> AuthSelect select PASSWORD,TACACSGROUPID from SUBSCRIBERS
> and define
>   AuthColumnDef 0, User-Password, check
>   AuthColumnDef 1, OSC-Group-Identifier, reply
> 
> I got ERR: Execute failed for 'select PASSWORD,TACACSGROUPID from SUBSCRIBERS': Unknown column 'TACACSGROUPID' in 'field list'
> 
> In my Subscribers table there is no column like this.Do I need to change mysql schema ?

Yes. That was just a configuration example of how to get values to reply
attributes from SQL. Your DB table needs to have the appropriate columns
too.

Thanks,
Heikki


> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Heikki Vatiainen
> Sent: 19 Kasım 2012 Pazartesi 23:33
> To: radiator at open.com.au
> Subject: Re: [RADIATOR] group DEFAULT. No matching AuthorizeGroup rule
> 
> On 11/19/2012 10:13 AM, Murat Bilal wrote:
> 
>> <ServerTACACSPLUS>
> 
>>         GroupMemberAttr OSC-AVPAIR
> 
> Hello Murat,
> 
> note that you have set GroupMemberAttr to OSC-AVPAIR here.
> 
>> <Handler>
>>         <AuthBy SQL>
> 
>>           AuthColumnDef 1, OSC-Group-Identifier, reply
> 
> Here you are adding OSC-Group-Identifier to the reply. Maybe this should be OSC-AVPAIR or alternatively you should have GropMemberAttr set to OSC-Group-Identifier in ServerTACACSPLUS.
> 
> Also, since you have not changed AuthSelect from the default, you should select it to something like
> 
>   AuthSelect select PASSWORD,TACACSGROUPID from SUBSCRIBERS
> 
> and define
>   AuthColumnDef 0, User-Password, check
>   AuthColumnDef 1, OSC-Group-Identifier, reply
> 
> This will check the request password and and the desired group name to reply if password check succeeds.
> 
> Thanks,
> Heikki
> 
> --
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list