Anne,<br><br>The only diference from your table radgroup and my is the value priority. All entries in my radgroup table has "1" as priority.<br><br>I really don't know if make sense... Try it and check if will run
<br><br>Regards,<br><br>Fabiano<br><br><div><span class="gmail_quote">On 11/14/06, <b class="gmail_sendername">Anne-Mie Vandermeeren</b> <<a href="mailto:AnneMie.Vandermeeren@ugent.be">AnneMie.Vandermeeren@ugent.be</a>
> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>I have set up Freeradius working fine with a users-file. I did some tests
<br>to change to Mysql and all was ok, until I want to add some conditions for<br>users in more than one group.<br><br>This looks like a simple setup for Mysql, but it's not working as I<br>thought it would:<br><br>mysql> select * from usergroup;
<br>+----------+-----------+----------+<br>| UserName | GroupName | priority |<br>+----------+-----------+----------+<br>| user1 | Group1 | 1 |<br>| user1 | Group2 | 2 |<br>+----------+-----------+----------+
<br>2 rows in set (0.00 sec)<br><br>mysql> select * from radcheck;<br>+----+----------+---------------+----+------------+<br>| id | UserName | Attribute | op | Value |<br>+----+----------+---------------+----+------------+
<br>| 1 | user1 | User-Password | == | paswoordje |<br>+----+----------+---------------+----+------------+<br>1 row in set (0.00 sec)<br><br>mysql> select * from radreply;<br>Empty set (0.00 sec)<br><br>mysql> select * from radgroupcheck;
<br>+----+-----------+----------------+----+--------------+<br>| id | GroupName | Attribute | op | Value |<br>+----+-----------+----------------+----+--------------+<br>| 1 | Group1 | NAS-IP-Address | == |
<a href="http://172.16.224.1">172.16.224.1</a> |<br>| 2 | Group2 | NAS-IP-Address | == | <a href="http://172.16.224.2">172.16.224.2</a> |<br>+----+-----------+----------------+----+--------------+<br>2 rows in set (0.01
sec)<br><br>mysql> select * from radgroupreply;<br>+----+-----------+-----------+----+----------+<br>| id | GroupName | Attribute | op | Value |<br>+----+-----------+-----------+----+----------+<br>| 1 | Group1 | Class | := | groepje1 |
<br>| 2 | Group2 | Class | := | groepje2 |<br>+----+-----------+-----------+----+----------+<br>2 rows in set (0.00 sec)<br><br><br><br>I use ntradping to check the setup.<br><br>When I use NAS-IP-Address = <a href="http://172.16.224.1">
172.16.224.1</a> I get the correct class<br>(groepje1), but when I use the NAS-IP-Address = <a href="http://172.16.224.2">172.16.224.2</a> I get a<br>reject and not as I was expecting the class-attribute groepje2.<br><br>
I can't figure out why this is the case.<br><br>The debug output is not helping me, either. Anyone a suggestion on solving<br>this?<br><br>---- DEBUG output for NAS-IP-Address = 172.16.224.1--------------<br><br>rad_recv: Access-Request packet from host
<a href="http://157.193.39.138:3674">157.193.39.138:3674</a>, id=65,<br>length=51<br> User-Name = "user1"<br> User-Password = "paswoordje"<br> NAS-IP-Address = <a href="http://172.16.224.1">
172.16.224.1</a><br>Tue Nov 14 16:37:17 2006 : Debug: Processing the authorize section of<br>radiusd.conf<br>Tue Nov 14 16:37:17 2006 : Debug: modcall: entering group authorize for<br>request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling
<br>preprocess (rlm_preprocess) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from<br>preprocess (rlm_preprocess) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module
<br>"preprocess" returns ok for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling chap<br>(rlm_chap) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from
<br>chap (rlm_chap) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "chap"<br>returns noop for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling mschap
<br>(rlm_mschap) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from<br>mschap (rlm_mschap) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "mschap"
<br>returns noop for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling suffix<br>(rlm_realm) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_realm: No '@' in User-Name =<br>"user1", looking up realm NULL
<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_realm: No such realm "NULL"<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from<br>suffix (rlm_realm) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "suffix"
<br>returns noop for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling eap<br>(rlm_eap) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_eap: No EAP-Message, not doing EAP<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from
<br>eap (rlm_eap) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "eap"<br>returns noop for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling files<br>
(rlm_files) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from<br>files (rlm_files) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "files"
<br>returns notfound for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: calling sql<br>(rlm_sql) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: radius_xlat: 'user1'<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_sql (sql): sql_set_user escaped user
<br>--> 'user1'<br>Tue Nov 14 16:37:17 2006 : Debug: radius_xlat: 'SELECT id, UserName,<br>Attribute, Value, op FROM radcheck WHERE Username =<br>'user1' ORDER BY id'<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_sql (sql): Reserving sql socket id:
<br>2<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_sql_mysql: query: SELECT id,<br>UserName, Attribute, Value, op FROM radcheck WHERE<br>Username = 'user1' ORDER BY id<br>Tue Nov 14 16:37:17 2006 : Debug: radius_xlat: 'SELECT
<br><a href="http://radgroupcheck.id">radgroupcheck.id</a>,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op<br>FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName
= radgroupcheck.GroupName ORDER BY <a href="http://radgroupcheck.id">radgroupcheck.id</a>'<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_sql_mysql: query: SELECT<br><a href="http://radgroupcheck.id">radgroupcheck.id</a>,radgroupcheck.GroupName
,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op<br>FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName = radgroupcheck.GroupName ORDER BY <a href="http://radgroupcheck.id">
radgroupcheck.id</a><br>Tue Nov 14 16:37:17 2006 : Debug: radius_xlat: 'SELECT id, UserName,<br>Attribute, Value, op FROM radreply WHERE Username =<br>'user1' ORDER BY id'<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_sql_mysql: query: SELECT id,
<br>UserName, Attribute, Value, op FROM radreply WHERE<br>Username = 'user1' ORDER BY id<br>Tue Nov 14 16:37:17 2006 : Debug: radius_xlat: 'SELECT<br><a href="http://radgroupreply.id">radgroupreply.id
</a>,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op<br>FROM radgroupreply,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName = radgroupreply.GroupName ORDER BY <a href="http://radgroupreply.id">
radgroupreply.id</a>'<br>Tue Nov 14 16:37:17 2006 : Debug: rlm_sql_mysql: query: SELECT<br><a href="http://radgroupreply.id">radgroupreply.id</a>,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
<br>FROM radgroupreply,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName = radgroupreply.GroupName ORDER BY <a href="http://radgroupreply.id">radgroupreply.id</a><br>Tue Nov 14 16:37:17 2006 : Debug: rlm_sql (sql): Released sql socket id: 2
<br>Tue Nov 14 16:37:17 2006 : Debug: modsingle[authorize]: returned from<br>sql (rlm_sql) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: modcall[authorize]: module "sql"<br>returns ok for request 37<br>
Tue Nov 14 16:37:17 2006 : Debug: modcall: leaving group authorize<br>(returns ok) for request 37<br>Tue Nov 14 16:37:17 2006 : Debug: auth: type Local<br>Tue Nov 14 16:37:17 2006 : Debug: auth: user supplied User-Password
<br>matches local User-Password<br>Tue Nov 14 16:37:17 2006 : Auth: Login OK: [user1] (from client ntradping<br>port 0)<br>Sending Access-Accept of id 65 to <a href="http://157.193.39.138">157.193.39.138</a> port 3674<br>
Class := 0x67726f65706a6531<br><br>---- DEBUG output for NAS-IP-Address = 172.16.224.2--------------<br><br>rad_recv: Access-Request packet from host <a href="http://157.193.39.138:3675">157.193.39.138:3675</a>, id=66,
<br>length=51<br> User-Name = "user1"<br> User-Password = "paswoordje"<br> NAS-IP-Address = <a href="http://172.16.224.2">172.16.224.2</a><br>Tue Nov 14 16:45:11 2006 : Debug: Processing the authorize section of
<br>radiusd.conf<br>Tue Nov 14 16:45:11 2006 : Debug: modcall: entering group authorize for<br>request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: calling<br>preprocess (rlm_preprocess) for request 38<br>
Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: returned from<br>preprocess (rlm_preprocess) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modcall[authorize]: module<br>"preprocess" returns ok for request 38
<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: calling chap<br>(rlm_chap) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: returned from<br>chap (rlm_chap) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modcall[authorize]: module "chap"
<br>returns noop for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: calling<br>mschap (rlm_mschap) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: returned from<br>mschap (rlm_mschap) for request 38
<br>Tue Nov 14 16:45:11 2006 : Debug: modcall[authorize]: module "mschap"<br>returns noop for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: calling suffix<br>(rlm_realm) for request 38
<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_realm: No '@' in User-Name =<br>"user1", looking up realm NULL<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_realm: No such realm "NULL"<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: returned from
<br>suffix (rlm_realm) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modcall[authorize]: module "suffix"<br>returns noop for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: calling eap
<br>(rlm_eap) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_eap: No EAP-Message, not doing EAP<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: returned from<br>eap (rlm_eap) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modcall[authorize]: module "eap"
<br>returns noop for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: calling files<br>(rlm_files) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: returned from<br>files (rlm_files) for request 38
<br>Tue Nov 14 16:45:11 2006 : Debug: modcall[authorize]: module "files"<br>returns notfound for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: calling sql<br>(rlm_sql) for request 38<br>
Tue Nov 14 16:45:11 2006 : Debug: radius_xlat: 'user1'<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_sql (sql): sql_set_user escaped user<br>--> 'user1'<br>Tue Nov 14 16:45:11 2006 : Debug: radius_xlat: 'SELECT id, UserName,
<br>Attribute, Value, op FROM radcheck WHERE Username =<br>'user1' ORDER BY id'<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_sql (sql): Reserving sql socket id:<br>1<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_sql_mysql: query: SELECT id,
<br>UserName, Attribute, Value, op FROM radcheck WHERE<br>Username = 'user1' ORDER BY id<br>Tue Nov 14 16:45:11 2006 : Debug: radius_xlat: 'SELECT<br><a href="http://radgroupcheck.id">radgroupcheck.id
</a>,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op<br>FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName = radgroupcheck.GroupName ORDER BY <a href="http://radgroupcheck.id">
radgroupcheck.id</a>'<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_sql_mysql: query: SELECT<br><a href="http://radgroupcheck.id">radgroupcheck.id</a>,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
<br>FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName = radgroupcheck.GroupName ORDER BY <a href="http://radgroupcheck.id">radgroupcheck.id</a><br>Tue Nov 14 16:45:11 2006 : Debug: radius_xlat: 'SELECT id, UserName,
<br>Attribute, Value, op FROM radreply WHERE Username =<br>'user1' ORDER BY id'<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_sql_mysql: query: SELECT id,<br>UserName, Attribute, Value, op FROM radreply WHERE
<br>Username = 'user1' ORDER BY id<br>Tue Nov 14 16:45:11 2006 : Debug: radius_xlat: 'SELECT<br><a href="http://radgroupreply.id">radgroupreply.id</a>,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value
,radgroupreply.op<br>FROM radgroupreply,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName = radgroupreply.GroupName ORDER BY <a href="http://radgroupreply.id">radgroupreply.id</a>'<br>Tue Nov 14 16:45:11 2006 : Debug: rlm_sql_mysql: query: SELECT
<br><a href="http://radgroupreply.id">radgroupreply.id</a>,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op<br>FROM radgroupreply,usergroup WHERE usergroup.Username = 'user1' AND<br>usergroup.GroupName
= radgroupreply.GroupName ORDER BY <a href="http://radgroupreply.id">radgroupreply.id</a><br>Tue Nov 14 16:45:11 2006 : Debug: rlm_sql (sql): Released sql socket id: 1<br>Tue Nov 14 16:45:11 2006 : Info: rlm_sql (sql): No matching entry in the
<br>database for request from user [user1]<br>Tue Nov 14 16:45:11 2006 : Debug: modsingle[authorize]: returned from<br>sql (rlm_sql) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modcall[authorize]: module "sql"
<br>returns notfound for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: modcall: leaving group authorize<br>(returns ok) for request 38<br>Tue Nov 14 16:45:11 2006 : Debug: auth: No authenticate method (Auth-Type)<br>configuration found for the request: Rejecting the user
<br>Tue Nov 14 16:45:11 2006 : Debug: auth: Failed to validate the user.<br>Tue Nov 14 16:45:11 2006 : Auth: Login incorrect: [user1] (from client<br>ntradping port 0)<br>Tue Nov 14 16:45:11 2006 : Debug: Delaying request 38 for 1 seconds
<br>Tue Nov 14 16:45:11 2006 : Debug: Finished request 38<br>Tue Nov 14 16:45:11 2006 : Debug: Going to the next request<br>Tue Nov 14 16:45:11 2006 : Debug: --- Walking the entire request list ---<br>Tue Nov 14 16:45:11 2006 : Debug: Waking up in 1 seconds...
<br>Tue Nov 14 16:45:12 2006 : Debug: --- Walking the entire request list ---<br>Tue Nov 14 16:45:12 2006 : Debug: Waking up in 1 seconds...<br>Tue Nov 14 16:45:13 2006 : Debug: --- Walking the entire request list ---<br>
Sending Access-Reject of id 66 to <a href="http://157.193.39.138">157.193.39.138</a> port 3675<br><br>Anne-Mie<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html
</a><br></blockquote></div><br>