configuring groups in sql tables

Alexander Serkin als at cell.ru
Mon Nov 27 16:07:52 CET 2006


Hi,
Wther i'm missing something in docs or it is impossible to do more than 
one groupcheck for the same username by sql.
I have two groups which should be authorized differently - group1:
DEFAULT Huntgroup-Name == MSK, Realm == domain.com, Auth-Type := Accept
         Service-Type =  Outbound-User,
         Tunnel-Type = L2TP,
         Tunnel-Server-Endpoint =  xxx.yyy.97.71,
         Cisco-AVpair += "vpdn:l2tp-tunnel-password=secret"

and group2:
DEFAULT Realm == domain.com, NAS-IP-Address == xxx.yyy.117.1
         Framed-Protocol = PPP,
         Service-Type = Framed,
         Framed-IP-Netmask = 255.255.255.255,
         cisco-avpair = "lcp:interface-config=peer default ip address
pool VRFNAM\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp ipcp wins
aaa.bbb.1.253\n"

What i can do:
insert into RADGROUPCHECK values('','group2','Realm','==','domain.com');
insert into RADGROUPCHECK
values('','group2','NAS-IP-Address','==','xxx.yyy.117.1');
insert into RADGROUPREPLY values('','group2','Framed-Protocol','=','PPP');
insert into RADGROUPREPLY values('','group2','Service-Type','=','Framed');
insert into RADGROUPREPLY
values('','group2','Framed-IP-Netmask','=','255.255.255.255');
insert into RADGROUPREPLY
values('','group2','cisco-avpair','=','lcp:interface-config=peer default
ip address pool group1\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp
ipcp wins aaa.bbb.1.253\n');

and

insert into USERGROUP values('','user at domain.com','','group2','5');

Then i can remove group2 description from users file and it works.
But when i do the same with group1 - both groups 1 and 2 stop working.
The difference is that both radgroupcheck and radgroupreply sql queries 
now return two attribute sets for group 1 and 2 simultaneously.
I thought that radiusd should follow check items and select the proper 
group according to attributes present in the request, but sqlauth module 
returns notfound. So the users file and sql tables are not processed in 
the same manner. What am i missing?

-- 
Sincerely Yours,
Alexander




More information about the Freeradius-Users mailing list