Stripping Realms from SQL Accounting Queries
Alexander Clouter
alex at digriz.org.uk
Mon Nov 23 22:08:40 CET 2009
Tim Gustafson <tjg at soe.ucsc.edu> wrote:
>
> I'm using FreeRADIUS with LDAP for authentication and mySQL for
> logging. The LDAP queries seem to be stripping the realm name
> properly, whereas the mySQL queries are not. I'm running FreeRADIUS
> 2.1.6 on FreeBSD:
>
> FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2, built on
> Nov 10 2009 at 08:34:04
>
> Here's what I've got in my modules/ldap:
>
> ----- modules/ldap -----
> ldap {
> server = "foo"
> basedn = "dc=foo"
> identity = "uid=foo"
> password = "foo"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> [snipped]
> groupmembership_filter = "(memberUid=%{Stripped-User-Name:-%{User-Name}})"
>
...erm, '%{%{Stripped-User-Name}:-%{User-Name}}', I think what you have
there is some really old depreated or bad syntax'ed version. Same in
your SQL queries too strangely. You will want to make sure you use
'SQL-User-Name' instead too, and not directly 'User-Name' (think SQL
injection).
Cheers
--
Alexander Clouter
.sigmonster says: The fact that it works is immaterial.
-- L. Ogborn
More information about the Freeradius-Users
mailing list