Re: Rlm_sql in freeradius-1.1.7

[orion <meshkruaj@gmail.com>]

pershendetje/Hi dashamir.

sorry for my english , not my  mother language.

i use the same scenario at our isp but we
check the MAC address of the NAS where the client comes from.

In mysql we have:

+----+----------+--------------------+----+--------------+
| id | username | attribute          | op | value        |
+----+----------+--------------------+----+--------------+
|  1 | orion    | Calling-Station-Id | == | 001bd136e285 |
|  2 | orioni   | Cleartext-Password | := | test        |
|  3 | orioni    | Simultaneous-Use   | := | 2            |
+----+----------+--------------------+----+--------------+


shnet e pare / bye.

On 17/01/2008, Dashamir Hoxha <dhoxha@albaniaonline.net> wrote:

Hi,

Actually, what I am trying to do is this:
I have several access points that have hotspot
and use radius for AAA. I would like to register
users in radius so that they are able to login
using some of the access points, and not able to
login using the others.

The way that I was trying to do it is like this:
Suppose that there are the access points A1, A2, A3
and the user 'test' should be able to access the
internet only from A1 and A3. The data in radius
that would make this scenario work, could be like this:

radcheck:
+------+----------+------------------+----+-------+
| id   | UserName | Attribute        | op | Value |
+------+----------+------------------+----+-------+
| 5272 | test     | User-Password    | := | test  |
| 5262 | test     | Simultaneous-Use | := | 5     |
+------+----------+------------------+----+-------+

radreply:
+----+----------+---------------+----+----------+
| id | UserName | Attribute     | op | Value    |
+----+----------+---------------+----+----------+
| 42 | test     | Auth-Type     | := | Reject   |
| 43 | test     | Fall-Through  | := | Yes      |
+----+----------+---------------+----+----------+

usergroup:
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| test     | A1        |        1 |
| test     | A2        |        1 |
| test     | A3        |        1 |
+----------+-----------+----------+

radgroupcheck:
+----+-----------+----------------+----+-------+
| id | GroupName | Attribute      | op | Value |
+----+-----------+----------------+----+-------+
| 42 | A1        | NAS-Identifier | == | ID-A1 |
| 43 | A2        | NAS-Identifier | == | ID-A2 |
| 44 | A2        | NAS-Identifier | == | ID-A3 |
+----+-----------+----------------+----+-------+

radgroupreply:
+----+-----------+---------------+----+--------+
| id | GroupName | Attribute     | op | Value  |
+----+-----------+---------------+----+--------+
| 52 | A1        | Auth-Type     | := | Accept |
| 53 | A1        | Fall-Through  | := | No     |
| 54 | A2        | Auth-Type     | := | Reject |
| 55 | A2        | Fall-Through  | := | Yes    |
| 56 | A3        | Auth-Type     | := | Accept |
| 57 | A3        | Fall-Through  | := | No     |
+----+-----------+---------------+----+--------+

However, if the radius does not follow the algorithm
described in http://wiki.freeradius.org/Rlm_sql,
then this setup should not work.

Do you have any suggestion or idea on how to make the
scenario above work?

Regards,
Dashamir


Dashamir Hoxha wrote:
> I have installed freeradius-1.1.7 in fedora8. However I find that the
> module
> rlm_sql does not work as described in this page:
>  http://wiki.freeradius.org/Rlm_sql

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html