FreeRADIUS 3.0.12: SQL xlat return back-quoted value in response
Alan DeKok
aland at deployingradius.com
Tue Dec 20 16:03:19 CET 2016
On Dec 20, 2016, at 8:35 AM, Alexey Dotsenko <lex at rwx.su> wrote:
>
> Test environment:
> Centos 7 (x86_64), FreeRADIUS 3.0.12 - rpm build from upstream source 3.0.12 (based on fedoraproject spec file (without code patches)).
>
> MariaDB [radius]> select * from radgroupreply;
> +----+-----------+--------------+----+-------------------------------------------------------------------------------------+
> | id | groupname | attribute | op | value |
> +----+-----------+--------------+----+-------------------------------------------------------------------------------------+
> | 3 | ras | cisco-avpair | += | ip:inacl#1=permit ip any 10.0.253.224 255.255.255.224 |
> | 12 | ras | cisco-avpair | += | ip:inacl#2=permit tcp any 10.0.253.224 255.255.255.224 |
> | 14 | ras | Fall-Through | := | Yes |
> | 29 | ras | Cisco-AVPair | += | `ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-%{%{SQL-Group}:-%{%{User-Name}:-None}}-%l` |
Don't do that. Use %{exec:...} instead of back-ticks for attributes in SQL.
Alan DeKok.
More information about the Freeradius-Users
mailing list