radiusd -X SQL suggests "not found" however user attributes are in the radcheck table?
Fajar A. Nugraha
list at fajar.net
Wed Aug 1 05:52:19 CEST 2012
On Wed, Aug 1, 2012 at 5:03 AM, Kaya Saman <kayasaman at gmail.com> wrote:
> From what I can see it's quite non-complex config though one needs to
> understand the process of how RADIUS works and additionally the 'radius' way
> of doing things rather then say, a corporate network vendor way.
This helps: http://wiki.freeradius.org/Concepts
> For now I have all the pieces to my jigsaw puzzle, minus defining a VLAN
> (tunnel ID) of last resort so if FR doesn't recognize the L2 address of a
> machine it should give it a specific tunnel-ID (VLAN).
There should be many ways to do that. If you assume that "normal"
users would always have ONE Tunnel-Private-Group-Id reply attribute
(in radreply), then you should be able to use unlang:
http://freeradius.org/radiusd/man/unlang.html
You would then need to do something like this:
- have "sql" module active in authorize block (you should already have
that), which would populate reply attributes from rad(group)reply
table
- under that, have an unlang block that says "if there's no
Tunnel-Private-Group-Id attribute in the reply, then add one".
Something like (untested)
update reply {
Tunnel-Private-Group-Id = 10
}
Replace the "10" there with whatever your Tunnel-Private-Group-Id for
unknown users is, and the "=" operator will "Add the attribute to the
list, if and only if an attribute of the same name is not already
present in that list" (see unlang man page).
--
Fajar
More information about the Freeradius-Users
mailing list