<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-NZ link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Dear All,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I am trying to implement huntgroups via MySQL according to <a
href="http://wiki.freeradius.org/SQL_Huntgroup_HOWTO">http://wiki.freeradius.org/SQL_Huntgroup_HOWTO</a>
On difference is the assignment of huntgroups not according to NAS-IP, but to
Called-Station-Id. The goal is to suppress roaming between hotspot routers, between
groups of hotspots.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>For that purpose I have inserted the code <o:p></o:p></p>
<p class=MsoNormal>...<o:p></o:p></p>
<p class=MsoNormal> update request {<o:p></o:p></p>
<p class=MsoNormal>
Huntgroup-Name := "%{sql02:select groupname from radhuntgroup where
calledstationid = '%{Called-Station-Id}'}"<o:p></o:p></p>
<p class=MsoNormal> }<o:p></o:p></p>
<p class=MsoNormal>...<o:p></o:p></p>
<p class=MsoNormal>In lieu of the module ‘preprocess’ into group ‘authorize’,
as advised in the HOWTO.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I have maintained the following entries in SQL tables:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>`radhuntgroup` <o:p></o:p></p>
<p class=MsoNormal>`id`, `groupname`, `calledstationid`<o:p></o:p></p>
<p class=MsoNormal>1, 'Test-Rejec', '00-1D-7E-E7-96-9F'<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>`usergroup` <o:p></o:p></p>
<p class=MsoNormal>`UserName`, `GroupName`, `priority`<o:p></o:p></p>
<p class=MsoNormal>'yubvef13', 'TestGroup', 1 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>`radgroupcheck` <o:p></o:p></p>
<p class=MsoNormal>`id`, `GroupName`, `Attribute`, `op`, `Value`<o:p></o:p></p>
<p class=MsoNormal>1, 'TestGroup', 'Huntgroup-Name', ':=', 'Test'<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>One would expect the user to be rejected if the user tries
to log in to the router with the Called-Station-Id '00-1D-7E-E7-96-9F’,
However, the user is authenticated and not rejected.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Here the relevant parts of the debug:<o:p></o:p></p>
<p class=MsoNormal>...<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: sql_xlat<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: %{User-Name} -> yubvef13<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: sql_set_user escaped user
--> 'yubvef13'<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: select groupname from
radhuntgroup where calledstationid = '%{Called-Station-Id}' -> select
groupname from radhuntgroup where calledstationid = '00-1D-7E-E7-96-9F'<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand:
/var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Reserving
sql socket id: 3<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql:
query: select groupname from radhuntgroup where calledstationid =
'00-1D-7E-E7-96-9F'<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: sql_xlat finished<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Released
sql socket id: 3<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: %{sql02:select groupname
from radhuntgroup where calledstationid = '%{Called-Station-Id}'} ->
Test-Rejec<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: ++[request] returns
notfound<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: ++[chap] returns noop<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: ++[mschap] returns noop<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: [suffix] No '@' in User-Name
= "yubvef13", looking up realm NULL<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: [suffix] No such realm
"NULL"<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: ++[suffix] returns noop<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: [eap] No EAP-Message, not
doing EAP<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: ++[eap] returns noop<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: ++- entering
redundant-load-balance group sql0203 {...}<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: %{User-Name} -> yubvef13<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: [sql02] sql_set_user
escaped user --> 'yubvef13'<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Reserving
sql socket id: 2<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: SELECT id, username,
attribute, value,
op FROM
radcheck WHERE
username = BINARY '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username = BINARY
'yubvef13' ORDER BY
id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql:
query: SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username = BINARY
'yubvef13' ORDER BY
id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: [sql02] User found in
radcheck table<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: SELECT id, username,
attribute, value, op
FROM radreply WHERE
username = BINARY
'%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value,
op FROM
radreply WHERE
username = BINARY 'yubvef13'
ORDER BY id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql:
query: SELECT id, username, attribute, value,
op FROM
radreply WHERE
username = BINARY 'yubvef13'
ORDER BY id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: SELECT
groupname FROM
usergroup WHERE
username = BINARY
'%{SQL-User-Name}'
ORDER BY priority -> SELECT
groupname FROM
usergroup WHERE
username = BINARY
'yubvef13' ORDER BY
priority<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query:
SELECT groupname
FROM usergroup
WHERE username = BINARY
'yubvef13' ORDER BY
priority<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 :
Debug: expand: SELECT id, groupname,
attribute, Value,
op FROM radgroupcheck
WHERE groupname =
'%{Sql-Group}'
ORDER BY id -> SELECT id, groupname,
attribute, Value,
op FROM
radgroupcheck WHERE
groupname =
'TestGroup' ORDER
BY id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query:
SELECT id, groupname,
attribute, Value,
op FROM
radgroupcheck WHERE
groupname =
'TestGroup' ORDER
BY id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: [sql02] User found in group
TestGroup<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: expand:
SELECT id, groupname,
attribute, value,
op FROM
radgroupreply WHERE
groupname =
'%{Sql-Group}'
ORDER BY id -> SELECT id, groupname,
attribute, value,
op FROM
radgroupreply WHERE
groupname =
'TestGroup' ORDER
BY id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql:
query: SELECT id, groupname,
attribute, value,
op FROM
radgroupreply WHERE
groupname =
'TestGroup' ORDER
BY id<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Released
sql socket id: 2<o:p></o:p></p>
<p class=MsoNormal>Mon Jan 19 20:57:03 2009 : Info: +++[sql02] returns ok<o:p></o:p></p>
<p class=MsoNormal>...<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>One thing I don’t get is, why is the rlm_sql_mysql
module finding the Hungroup-Name ‘Test-Rejec’ correctly, but module
‘request’ returns not found? The user is found in radgroupchek for
the correct usergroup ‘TestGroup’. As the values in radgroupcheck
and radgroupreplycheck do not match, the user should be rejected, but the user
is accepted.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>What am I doing wrong?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>