usergroup problems with separate auth and accounting databases

Trey Scarborough treys at door.net
Thu Aug 26 23:33:32 CEST 2010 

Alan DeKok wrote:
> Trey Scarborough wrote:
>   
>> All I am trying to do is run the radius auth querys on a database on one
>> machine and the accounting on another in another database. The problem I
>> am seeing is that when the additional sql configuration is put in for
>> the  accounting database it begins to use that configuration for the
>> group_membership_query
>>     
>
>   Uh... no.  Nothing in the SQL accounting configuration uses the group
> membership query.  See the source code.
>
>   
Exactly my problem and why I don't understand why it breaks the 
authorization radius reply attributes.
>> which is not in the accounting database and
>> fails. If I remove the sql-auth from the accounting configuration it
>> runs fine using the rad-auth sql configuration. Here is the exerts from
>> my configuration. I am trying to set some radreply items with sql and
>> some by the users file by group. This works fine until I try to seperate
>> the databases.
>>     
>
>   Let me guess... you have policies for accounting which use "SQL-Group"?
>   
No It breaks the Authentication when I add the Accounting  configuration
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   

Here is another more specific output from a debug

It runs like this without the accounting configuration

[sql-auth] sql_groupcmp
[sql-auth]      expand: %{User-Name} -> test at testdomain.net
[sql-auth] sql_set_user escaped user --> 'test at testdomain.net'
rlm_sql (sql-auth): Reserving sql socket id: 3
rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE 
UserName='test at testdomain.net'
[sql-auth] sql_groupcmp finished: User is a member of group active
rlm_sql (sql-auth): Released sql socket id: 3

Runs like this when I add the rad-acct to accounting. It appears to be 
using the sql-acct for the sql_groupcmp for some reason.

[sql-auth] sql_groupcmp
[sql-auth]      expand: %{User-Name} -> test at testdomain.net
[sql-auth] sql_set_user escaped user --> 'test at testdomain.net'
rlm_sql (sql-acct): Reserving sql socket id: 4
rlm_sql (sql-acct): Released sql socket id: 4
[sql-auth] sql_groupcmp finished: User is NOT a member of group active


Any ideas as to why It would do this?

More information about the Freeradius-Users mailing list