attribute assignment in post-auth?
With 1.1.7 I want to add attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to use
mysql and stored procedures to determine the values that have to be applied.
When I call the corresponding sql module from the authorize section, I
run into the problem described at:
https://lists.freeradius.org/pipermail/freeradius-users/2007-September/066381.html
to which Alan already answered:
> Ideally, the attributes in the reply should be sent ONLY on
Access-Accept. i.e. the configuration should NOT update the reply until
it has determined that the user has been authenticated.
This involves moving most of the policy from the "authorize" section
to the "post-auth" section.
That is why I want to call the stored procedure in the post-auth section.
Therefore in sql.conf I set :
postauth_query = "call speap ('%{SQL-User-Name}', '%{NAS-IP-Address}','2')"
radiusd -AX shows , that procedure is called,
.....
rlm_sql (sp1): Processing sql_postauth
radius_xlat: 'host/28tef003.ww006.mycompany.net'
rlm_sql (sp1): sql_set_user escaped user --> 'host/28tef003.ww006.mycompany.net'
radius_xlat: 'call speap ('host/28tef003.ww006.mycompany.net', '172.31.110.146','2')'
rlm_sql (sp1) in sql_postauth: query is call speap ('host/28tef003.ww006.mycompany.net', '172.31.110.146','2')
rlm_sql (sp1): Reserving sql socket id: 28
rlm_sql_mysql: SQL statement returned unexpected result
..
unfortunately with an unexpected result.
When I call that stored procedure directly from mysql I get the expected result:
mysql> call speap ('host/28tef003.ww006.mycompany.net', '172.31.110.146','2')
+---+-----------------------------------+--------------+-----+----+
| 0 | s_username | Fall-Through | Yes | += |
+---+-----------------------------------+--------------+-----+----+
| 0 | HOST/28tef003.ww006.mycompany.net | Fall-Through | Yes | += |
+---+-----------------------------------+--------------+-----+----+
what I would expect.
So, what is unexpected with that result?
Norbert Wegener
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.