FreeRADIUS + MySQL + DHCP Opt82
Fajar A. Nugraha
list at fajar.net
Fri Mar 30 11:47:41 CEST 2012
On Fri, Mar 30, 2012 at 4:29 PM, IVB <ivb at is.ua> wrote:
> I need help.
>
> Software: FreeRADIUS v2.1.11, MySQL v5.1.61.
> Hardware: RB SE100 under SEOS-6.4.1.4-Release
>
> BRAS sends Opt-82 related attributes in following format:
>
What format?
>
> Attributes Agent-* described in radius dictionary as 'octets'. Attributes
> ADSL-Agent-* described in radius dictionary as 'string'.
AFAIK those are not DHCP dictionary. They're part of "normal" radius
dictionary. So you just treat them like any other attribute.
>
> I was try to store needed data in MySQL database from which Radius gets
> 'check' attributes:
>
> to Radius select that attributes to authenticate. But I got 'Login
> incorrect' message in Radius log.
>
> If I remove both Agent-* attributes from DB (that means that I dont validate
> Opt-82 parameters) - I got 'Login OK'.
>
> I think that I use wrong format for Agent-* attributes, but I was try some
> different variants without success.
>
> I was try to use ADSL-Agent-* instead Agent-* in DB, but I receive 'Login
> OK' with _any_ attributes values - match and mismatch.
>
> So I need help. Very need.
You need to know what the NAS (i.e. BRAS) sends. An easy way to get
that is to run FR in debug mode (-X) while the NAS is sending
authentication packet.
Then compare to what you have on radcheck. Note the operators (you
probably need "==").
Then you need to find out what's going on. Again, debug mode would be
the best way.
--
Fajar
More information about the Freeradius-Users
mailing list