configuring groups in sql tables

Alexander Serkin als at cell.ru
Thu Dec 14 09:39:48 CET 2006 

Sorry, may be my question was not spelled well.
Actually i need to move multiple default entries from users file into 
sql table. Is it possible to create multiple DEFAULT instances in sql 
tables istead of placing them in users file like this:

DEFAULT Huntgroup-Name == MSK, Realm == domain1.com, Auth-Type := Accept
         Service-Type =  Outbound-User,
         Tunnel-Type = L2TP,
         Tunnel-Server-Endpoint =  1.1.1.1,
         Cisco-AVpair += "vpdn:l2tp-tunnel-password=secret1"

DEFAULT Huntgroup-Name == MSK, Realm == domain2.com, Auth-Type := Accept
         Service-Type =  Outbound-User,
         Tunnel-Type = L2TP,
         Tunnel-Server-Endpoint =  2.2.2.2,
         Cisco-AVpair += "vpdn:l2tp-tunnel-password=secret2"

and so on ?


Alexander Serkin wrote:
> Hi,
> Wther i'm missing something in docs or it is impossible to do more than 
> one groupcheck for the same username by sql.
> I have two groups which should be authorized differently - group1:
> DEFAULT Huntgroup-Name == MSK, Realm == domain.com, Auth-Type := Accept
>         Service-Type =  Outbound-User,
>         Tunnel-Type = L2TP,
>         Tunnel-Server-Endpoint =  xxx.yyy.97.71,
>         Cisco-AVpair += "vpdn:l2tp-tunnel-password=secret"
> 
> and group2:
> DEFAULT Realm == domain.com, NAS-IP-Address == xxx.yyy.117.1
>         Framed-Protocol = PPP,
>         Service-Type = Framed,
>         Framed-IP-Netmask = 255.255.255.255,
>         cisco-avpair = "lcp:interface-config=peer default ip address
> pool VRFNAM\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp ipcp wins
> aaa.bbb.1.253\n"
> 
> What i can do:
> insert into RADGROUPCHECK values('','group2','Realm','==','domain.com');
> insert into RADGROUPCHECK
> values('','group2','NAS-IP-Address','==','xxx.yyy.117.1');
> insert into RADGROUPREPLY values('','group2','Framed-Protocol','=','PPP');
> insert into RADGROUPREPLY values('','group2','Service-Type','=','Framed');
> insert into RADGROUPREPLY
> values('','group2','Framed-IP-Netmask','=','255.255.255.255');
> insert into RADGROUPREPLY
> values('','group2','cisco-avpair','=','lcp:interface-config=peer default
> ip address pool group1\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp
> ipcp wins aaa.bbb.1.253\n');
> 
> and
> 
> insert into USERGROUP values('','user at domain.com','','group2','5');
> 
> Then i can remove group2 description from users file and it works.
> But when i do the same with group1 - both groups 1 and 2 stop working.
> The difference is that both radgroupcheck and radgroupreply sql queries 
> now return two attribute sets for group 1 and 2 simultaneously.
> I thought that radiusd should follow check items and select the proper 
> group according to attributes present in the request, but sqlauth module 
> returns notfound. So the users file and sql tables are not processed in 
> the same manner. What am i missing?
> 


-- 
Sincerely Yours,
Alexander Serkin,
Moscow Cellular Communications,
ph. +7(495)7952089
fa. +7(495)7952084
skype: aserkin

More information about the Freeradius-Users mailing list