Set NoCat user class in Access-Accept

Ana Gallardo ana.gallardo.77 at gmail.com
Wed May 5 12:17:20 CEST 2010


Hello,

I want to send the NoCat user Class in the Access-Accept.

I don't know if I can send an attribute defined by me.

I have defined an attributed:

# cat /etc/freeradius/dictionary
$INCLUDE    /usr/share/freeradius/dictionary
ATTRIBUTE    NoCat-User-Class    3000    string

And I put this attribute in the reply list with MySQL:

mysql> select * from radgroupreply;
+----+-----------+------------------+----+------------------------------+
| id | groupname | attribute        | op | value                        |
+----+-----------+------------------+----+------------------------------+
|  6 | MEMBER    | NoCat-User-Class | := | Member                       |
+----+-----------+------------------+----+------------------------------+

mysql> select * from radusergroup;
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| ana      | CAU1      |        0 |
| ana      | MEMBER    |        8 |
+----------+-----------+----------+

But the server don send this attribute to the user. Debug info:

rad_recv: Access-Request packet from host X port 33606, id=250, length=55
    User-Name = "ana"
    User-Password = "claveAna"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0
+- entering group authorize {...}
sql_xlat
    expand: %{User-Name} -> ana
sql_set_user escaped user --> 'ana'
    expand: select shortname from nas where nasname="%{Client-IP-Address}"
-> select shortname from nas where nasname="X"
    expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query:  select shortname from nas where nasname="X"
sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
    expand: %{sql:select shortname from nas where
nasname="%{Client-IP-Address}"} -> pcCAU1
++[request] returns notfound
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "ana", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]     expand: %{User-Name} -> ana
[sql] sql_set_user escaped user --> 'ana'
rlm_sql (sql): Reserving sql socket id: 2
[sql]     expand: SELECT id, username, attribute, value, op          FROM
radcheck          WHERE username = BINARY '%{SQL-User-Name}'          ORDER
BY id -> SELECT id, username, attribute, value, op          FROM
radcheck          WHERE username = BINARY 'ana'          ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radcheck          WHERE username = BINARY 'ana'          ORDER BY id
[sql] User found in radcheck table
[sql]     expand: SELECT id, username, attribute, value, op          FROM
radreply          WHERE username = BINARY '%{SQL-User-Name}'          ORDER
BY id -> SELECT id, username, attribute, value, op          FROM
radreply          WHERE username = BINARY 'ana'          ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
FROM radreply          WHERE username = BINARY 'ana'          ORDER BY id
[sql]     expand: SELECT groupname          FROM radusergroup          WHERE
username = BINARY '%{SQL-User-Name}'          ORDER BY priority -> SELECT
groupname          FROM radusergroup          WHERE username = BINARY
'ana'          ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname          FROM radusergroup
WHERE username = BINARY 'ana'          ORDER BY priority
[sql]     expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck           WHERE
groupname = 'CAU1'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname = 'CAU1'
ORDER BY id
[sql]     expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck           WHERE
groupname = 'MEMBER'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'MEMBER'           ORDER BY id
[sql] User found in group MEMBER
[sql]     expand: SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           value, op           FROM radgroupreply           WHERE
groupname = 'MEMBER'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname =
'MEMBER'           ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[expiration] Checking Expiration time: '02 Dec 2010'
++[expiration] returns ok
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "claveAna"
[pap] Using clear text password "claveAna"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sql]     expand: %{User-Name} -> ana
[sql] sql_set_user escaped user --> 'ana'
[sql]     expand: INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES (                           '%{User-Name}',
'%{Calling-Station-Id}',               '%C',
'%{Nas-IP-Address}',                           '%{reply:Packet-Type}',
          NOW()) -> INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES (                           'ana',                           '',
          'pcCAU1',               '127.0.1.1',
'Access-Accept',   NOW())
[sql]     expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth                           (username, mac, client, nas, reply,
authdate)                           VALUES (
'ana',                           '',   'pcCAU1',
'127.0.1.1',                           'Access-Accept',               NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query:  INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES (                           'ana',                           '',
          'pcCAU1',               '127.0.1.1',
'Access-Accept',               NOW())
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
Sending Access-Accept of id 250 to X port 33606
    Reply-Message += "Hola Anita"
    Session-Timeout = 18189945
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 250 with timestamp +6
Ready to process requests.


I have found the attribute Class but I think that is more complex than I
need.

Some sugestion??

Thank you very much and sorry for my english.


-- 
____________________

 Ana Gallardo Gómez
____________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100505/2d73981e/attachment.html>


More information about the Freeradius-Users mailing list