Checking NAS-Identifier in the radgroupcheck table
super_tomtom
super_tomtom at hotmail.com
Thu Oct 2 13:35:17 CEST 2008
Ok thanks a lot for your answer !
The Reply-Message did not come because of the '==' operator in the
radgroupcheck table.
So, if I set the NAS-Identifier to "LMS2" (the one used by my chillispot
portal), the condition NAS-Identifier == LMS2 matches, so radius puts me to
the "hotel1" group. If it doesn't match (while using radtest command for
example), it continues the login process, but considering that i don't own
any group... So in my problem explained before, the user can log in even if
he's not recognized as coming from the hotel he was expected to come from...
What I would like to find is a way to allow a users to log in, only if they
have been attributed to a group...
About my sql.conf file, it seems to be the one delivered in the release
2.0.5. Here it is :
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "login"
password = "password"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
read_groups = yes
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
nas_table = "nas"
$INCLUDE sql/${database}/dialup.conf
}
By the way I removed the Auth-Type as you advised to me, that was one thing
that stayed from the first tutos I followed, that I did not really
understood ;)
tnt-4 wrote:
>
> Something is wrong here:
>
>>rlm_sql (sql): Reserving sql socket id: 2
>> expand: SELECT id, username, attribute, value, op FROM
>>radcheck WHERE username = '%{SQL-User-Name}' ORDER BY
id
>>-> SELECT id, username, attribute, value, op FROM radcheck
>>WHERE username = 'user1' ORDER BY id
>>rlm_sql (sql): User found in radcheck table
>> expand: SELECT id, username, attribute, value, op FROM
>>radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id
>>-> SELECT id, username, attribute, value, op FROM radreply
>>WHERE username = 'user1' ORDER BY id
>> expand: SELECT groupname FROM radusergroup
>> WHERE
>>username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
>>groupname FROM radusergroup WHERE username = 'user1'
>>ORDER BY priority
>> expand: SELECT id, groupname, attribute, Value, op
>>FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
>>ORDER BY id -> SELECT id, groupname, attribute, Value, op
>>FROM radgroupcheck WHERE groupname = 'hotel1' ORDER BY
>>id
>>rlm_sql (sql): Released sql socket id: 2
>>++[sql] returns ok
>
> This is the debug from my 2.0.5 test server:
>
> rlm_sql (sql): Reserving sql socket id: 3
> expand: SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '%{SQL-User-Name}' ORDER
> BY id -> SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = 'wifi' ORDER BY id
> rlm_sql_mysql: query: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = 'wifi' ORDER BY id
> rlm_sql (sql): User found in radcheck table
> expand: SELECT id, username, attribute, value, op FROM
> radreply WHERE username = '%{SQL-User-Name}' ORDER
> BY id -> SELECT id, username, attribute, value, op FROM
> radreply WHERE username = 'wifi' ORDER BY id
> rlm_sql_mysql: query: SELECT id, username, attribute, value, op
> FROM radreply WHERE username = 'wifi' ORDER BY id
> expand: SELECT groupname FROM usergroup WHERE
> username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
> groupname FROM usergroup WHERE username = 'wifi'
> ORDER BY priority
> rlm_sql_mysql: query: SELECT groupname FROM usergroup
> WHERE username = 'wifi' ORDER BY priority
> expand: SELECT id, groupname, attribute, Value, op
> FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
> ORDER BY id -> SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = 'hs256'
> ORDER BY id
> rlm_sql_mysql: query: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = 'hs256'
> ORDER BY id
> rlm_sql (sql): User found in group hs256
> expand: SELECT id, groupname, attribute, value, op
> FROM radgroupreply WHERE groupname = '%{Sql-Group}'
> ORDER BY id -> SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = 'hs256'
> ORDER BY id
> rlm_sql_mysql: query: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = 'hs256'
> ORDER BY id
> rlm_sql (sql): Released sql socket id: 3
> ++[sql] returns ok
>
> It has calls to rlm_sql_mysql and also reports: rlm_sql (sql): User found
> in group hs256. There is no such stuff in your debug.
>
> Have you copied sql.conf from an older version? And not used sql.conf and
> dialup.conf.
>
>
>>Another thing, I didn't really understood the first part of your answer:
>>
>>
>>> Not only that but Auth-Type Local also wasn't forced. Adding it there is
>>> a mistake in the first place but it still didn't work.
>>>
>>
>>Could you explain me this please?
>
> Don't force Auth-Type. It's mentioned in numerous places in
> documentation, website and this list. Let server sort it out.
>
> That entry would have diverted the server from doing chap. Good thing it
> didn't work.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://www.nabble.com/Checking-NAS-Identifier-in-the-radgroupcheck-table-tp19763949p19777559.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list