question about mac auth, vlans and mysql queries.

Nazzareno Taborgna nazzareno.taborgna at lngs.infn.it
Wed Nov 18 13:42:29 CET 2015


Il 18/11/2015 12:12, Микаел Бак ha scritto:
> On 2015-11-18 12:06, Nazzareno Taborgna wrote:
> [snip]
>> but when it is in the file dialup.conf:
>>
>> #   authorize_check_query = "SELECT r.id, r.username, r.attribute,
>> r.value, r.op, rg.groupname, ry.value, ptrnas, nasname   \
>>          FROM  radcheck r  LEFT JOIN radusergroup rg ON
>> r.username=rg.username \
>>                  LEFT JOIN radgroupreply ry on rg.groupname=ry.groupname \
>>                  LEFT JOIN nasvlan  on ry.value=vlan \
>>                  LEFT JOIN nas on nasvlan.ptrnas=nas.id         \
>>                  WHERE  but now using this query the freeradius always send back an access-reject AND
>> ry.attribute='Tunnel-Private-Group-ID' \
>>                                        AND nasname='%{NAS-IP-Address}'
>> ORDER BY radcheck.id "
>> #
>> the freeradius deads:
>> /usr/sbin/freeradius -X
>> ...
>> including configuration file /etc/freeradius/sql/mysql/dialup.conf
>> /etc/freeradius/sql/mysql/dialup.conf[130]: Expecting section start
>> brace '{' after "FROM radcheck"
>> Errors reading or parsing /etc/freeradius/radiusd.conf
>>
> As I see it, you forgot to uncomment the first line of the query.
>
> HTH,
> Mikael
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes, you are right, that comment was preventing the start of freeradius, 
thanks.
  In my query there is another error:
  but now using this query the freeradius always send back an access-reject












More information about the Freeradius-Users mailing list