Using MySQL and assigning IP-Addresses based on Calling-Station-ID

Phil Mayers p.mayers at imperial.ac.uk
Mon Jan 15 17:31:41 CET 2007


Ackbar Joolia wrote:

> The radcheck table contains an entry for the password.
> The radreply table contains a Fall-Through = Yes for the user user1.
> The radgroupcheck contains groupnames (coming from the usergroup table) and Calling-Station-Id which I need to authenticate against.
> The radgroupreply table contains the replies I want to send to the different groups, which would have been authenticated/differentiated through their calling-station-id.

That's not right, and if I'm understanding you correctly you can't do 
exactly what you want with the current release version of FreeRadius.

Fall-Through does nothing on the current release version of FreeRadius - 
the SQL module merges the user and all the group check items into one, 
checks them, then puts all the reply items in. Since they're all merged, 
putting users into >1 group with conflicting check items will fail, as 
will putting users into >1 group with the same reply items.

Also, you would not normally assign IPs to groups - you would assign 
them to sessions from a pool (see rlm_sqlippool) or statically to users 
(using Framed-IP-Address in the radreply items)

Could you be a bit more specific about what you're trying to do?



More information about the Freeradius-Users mailing list