About sqlippool

Tseveendorj tseveendorj at gmail.com
Wed Apr 15 07:48:34 CEST 2009 

Hello,

Sorry for ask newbie question.

I would like to implement sqlippool functionality on FreeRADIUS 2.1.3. I 
read /usr/local/share/doc/freeradius/rlm_sqlippool
there has following note

"IP-Pool Attribute (Keep in mind that its a **CHECK** item, not reply)"

I didn't understand. which attribute (IP-Pool or Pool-Name) needed for 
sqlippool?

and I also defined sqlippool in accounting { ...} and post-auth {...} 
directive. But pool didn't work.

You can see more detailed below.

Thanks for any help.

accounting {
        #
        #  Create a 'detail'ed log of the packets.
        #  Note that accounting requests which are proxied
        #  are also logged in the detail file.
        detail
#       daily

        #  Update the wtmp file
        #
        #  If you don't use "radlast", you can delete this line.
        #unix

#
        #  Log traffic to an SQL database.
        #
        #  See "Accounting queries" in sql.conf
        sql
        *sqlippool*
        #
        #  For Simultaneous-Use tracking.
        #
        #  Due to packet losses in the network, the data here
        #  may be incorrect.  There is little we can do about it.
        radutmp
#       sradutmp

        #  Return an address to the IP Pool when we see a stop record.
#       main_pool

        #
        #  Instead of sending the query to the SQL server,
        #  write it into a log file.
        #
#       sql_log

        #  Cisco VoIP specific bulk accounting
#       pgsql-voip

        #  Filter attributes from the accounting response.
        attr_filter.accounting_response

        #
        #  See "Autz-Type Status-Server" for how this works.
        #
#       Acct-Type Status-Server {
#
#       }
}

and

post-auth {
        #  Get an address from the IP Pool.
#       main_pool

        #
        #  If you want to have a log of authentication replies,
        #  un-comment the following line, and the 'detail reply_log'
        #  section, above.
#       reply_log

        #
        #  After authenticating the user, do another SQL query.
        #
        #  See "Authentication Logging Queries" in sql.conf
        sql
*        sqlippool*
        #
        #  Instead of sending the query to the SQL server,
        #  write it into a log file.
        #
#       sql_log

        #
        #  Un-comment the following if you have set
        #  'edir_account_policy_check = yes' in the ldap module 
sub-section of
        #  the 'modules' section.
        #
#       ldap

        exec

        #
        #  Access-Reject packets are sent through the REJECT sub-section 
of the
        #  post-auth section.
        #
        #  Add the ldap module name (or instance) if you have set
        #  'edir_account_policy_check = yes' in the ldap module 
configuration
        #
        Post-Auth-Type REJECT {
                attr_filter.access_reject
        }
}

More information about the Freeradius-Users mailing list