Rlm_sql in freeradius-1.1.7

Dashamir Hoxha dhoxha at albaniaonline.net
Thu Jan 17 15:42:18 CET 2008


Hi,

Actually, what I am trying to do is this:
I have several access points that have hotspot
and use radius for AAA. I would like to register
users in radius so that they are able to login
using some of the access points, and not able to
login using the others.

The way that I was trying to do it is like this:
Suppose that there are the access points A1, A2, A3
and the user 'test' should be able to access the
internet only from A1 and A3. The data in radius
that would make this scenario work, could be like this:

radcheck:
+------+----------+------------------+----+-------+
| id   | UserName | Attribute        | op | Value |
+------+----------+------------------+----+-------+
| 5272 | test     | User-Password    | := | test  |
| 5262 | test     | Simultaneous-Use | := | 5     |
+------+----------+------------------+----+-------+

radreply:
+----+----------+---------------+----+----------+
| id | UserName | Attribute     | op | Value    |
+----+----------+---------------+----+----------+
| 42 | test     | Auth-Type     | := | Reject   |
| 43 | test     | Fall-Through  | := | Yes      |
+----+----------+---------------+----+----------+

usergroup:
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| test     | A1        |        1 |
| test     | A2        |        1 |
| test     | A3        |        1 |
+----------+-----------+----------+

radgroupcheck:
+----+-----------+----------------+----+-------+
| id | GroupName | Attribute      | op | Value |
+----+-----------+----------------+----+-------+
| 42 | A1        | NAS-Identifier | == | ID-A1 |
| 43 | A2        | NAS-Identifier | == | ID-A2 |
| 44 | A2        | NAS-Identifier | == | ID-A3 |
+----+-----------+----------------+----+-------+

radgroupreply:
+----+-----------+---------------+----+--------+
| id | GroupName | Attribute     | op | Value  |
+----+-----------+---------------+----+--------+
| 52 | A1        | Auth-Type     | := | Accept |
| 53 | A1        | Fall-Through  | := | No     |
| 54 | A2        | Auth-Type     | := | Reject |
| 55 | A2        | Fall-Through  | := | Yes    |
| 56 | A3        | Auth-Type     | := | Accept |
| 57 | A3        | Fall-Through  | := | No     |
+----+-----------+---------------+----+--------+

However, if the radius does not follow the algorithm
described in http://wiki.freeradius.org/Rlm_sql,
then this setup should not work.

Do you have any suggestion or idea on how to make the
scenario above work?

Regards,
Dashamir


Dashamir Hoxha wrote:
> I have installed freeradius-1.1.7 in fedora8. However I find that the 
> module
> rlm_sql does not work as described in this page:
>  http://wiki.freeradius.org/Rlm_sql




More information about the Freeradius-Users mailing list