freeradius proxy question
freeradius at reshetar.us
freeradius at reshetar.us
Thu Aug 25 05:06:03 CEST 2005
>
>
>> freeradius at reshetar.us wrote:
>>> Greetings. I am using freeradius and want to do the following:
>>> 1. proxy authentication to a secondary server for two-factor
>>> authentication
>>> 2. if the user is authenticated via the home server, add attributes
>>> via
>>> definitions from the local freeradius server from a sql database
>>
>> See postauth_query.
>>
>> Alan DeKok.
>>
> From what I can tell, that only enters
> accounting data into the database. is there something I am missing?
>
> The other thing I don't get: I ran radiusd in debug mode, and saw the
> following line:
>
> SELECT
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
> FROM radgroupreply,usergroup WHERE usergroup.Username = 'xxxxx' AND
> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
>
> This query select the attributes that I want to have sent back. However,
> the reply detail logs show that the attributes are not sent.
>
> The only thing I can think of is that the user I am testing with is a
> memmber of several groups and only one of them has attributes to return at
> the moment.
>
> Thanks
>
Since no one ever got back to me on this, I assume either a. i pissed off
the folks that monitor this list b. no one has the answer or c. i missed
the obvious and no one wanted to point it out.
The solution I came up with was to set
post_proxy_authorize = yes
freeradius now passes back the attributes in the sql database. Still
would like to konw how to make this work with postauth_query, but I can't
seem fin d any indications of how to do that..... input would be
appreciated.
respectfully submitted.....
More information about the Freeradius-Users
mailing list