On 02/04/2011 06:29 AM, Michael wrote:
>
> oh, and, you may not want to stop there. you may want to find out why %0 and
> %1
> don't work. I think it should as per source code and manual. Since you are
> using the 2 '?' the order is very important. You can't change the order of:
>
> WHERE
oh, and, you may not want to stop there. you may want to find out why %0 and
%1
don't work. I think it should as per source code and manual. Since you are
using the 2 '?' the order is very important. You can't change the order of:
WHERE username=? AND groupname=?
to this:
WHERE groupname=
Perfect. But it looks like you're just using a default setup. there are other
things that should be considered. very fine details, like one i run into is the
nas wait times, and failover when problems arise. failing over to multiple sql
servers for authentication is great. with accounting, if
Michael,
I have version 4.7 based on the log output during startup.
Your solution works! I really appreciate your assistance on all this. Now to
finish working out a way to add the proper reply type based on group
membership, and I can call my eval "done", and push the move to production.
I
the version, 4.7, that i have, it looks like the GroupMembershipQuery should
honor %0 and %1 and replace them with the 'sql quoted user name' and 'sql
quoted
group name' as per the manual as well.
But, as per your debug, it looks like it's using 'bind variables', so i think
sql would replace
instead of:
roupMembershipQuerySELECT groupname FROM v_usergroups WHERE username=%0 AND
groupname=%1
try:
roupMembershipQuerySELECT groupname FROM v_usergroups WHERE username=? AND
groupname=?
On Thu, 3 Feb 2011, Linuxchuck wrote:
> Michael,
>
> Ok, I gave it a shot, and got some com
With the "called with 2 bind variables when 0 are needed" errors showing, I
believe the initial problem I was experiencing has been solved, and a new,
unrelated one has cropped up in it's place.
Let me provide a full unabridged version of my config file to avoid further
confusion. I am using g
Michael,
Ok, I gave it a shot, and got some completely different results. Thanks for
the suggestion. The order of check items is certainly taken into account,
which I should have thought of. However, the error I am receiving is a little
strange. All I have done is changed the order of the t
ah ok, i see. the AuthSQL specifies "Auth-Type=AuthHOTP". Never done this
type of setup before, but maybe the 'Auth-Type=AuthHOTP' in the sql query
should be after the 'GroupList="Group1 Group2 Group3"?? Again, not sure, but I
would think the 'check' is done in order. it sounds like you want
Michael,
Unfortunately, I need it to be a bit more dynamic. I have both HOTP and
DIGIPASS tokens in use, and the type of token authentication to use is selected
by providing an authtype identifier in the username database. Instead of
forcing the server to try both HOTP and DIGIPASS, I can save
Hi Michael, Thanks for the response.
Actually, it does hit the AuthHOTP section. I should have put a little more
emphasis on the fact that there is an "AuthType=AuthHOTP" for the user when it
is looked up in the database. I did mention that, but it was kind of jammed
into the beginning, and w
Actually, probably nicer to understand, and easier to look at if you clean it
up like this:
# configure AuthSQL
Identifier AuthSQL
GroupMembershipQuerySELECT groupname FROM v_usergroups
WHERE username=%0 AND groupname=%1
your "AuthBy GROUP AuthSQL" will not flow down into the "AuthBy GROUP
AuthHOTP". I don't think the AuthHOTP will be used at all in this config.
Look like you need an "AuthBy AuthHOTP" in the AuthSQL config, like this:
>
> Identifier AuthSQL
> AuthByPolicyContinueWhi
13 matches
Mail list logo
