Hello,<br><br>sorry to ask again about this isuue, but I can't get the correct configuration.<br><br>I follow your howto: <a href="http://wiki.freeradius.org/SQL_Huntgroup_HOWTO">http://wiki.freeradius.org/SQL_Huntgroup_HOWTO</a><br>
<br>I want to filter users login from fixed NAS,but I always get an reject.<br><br>I don't understand why in the example bellow:<br><br>++[request] returns notfound<br><br>Thank you very much.<br><br><br>EXAMPLE<br><br>
My SQL database:<br><br>mysql> select * from radcheck;<br>+----+------------+--------------------+----+-------------+<br>| id | username | attribute | op | value |<br>+----+------------+--------------------+----+-------------+<br>
| 1 | ana | Cleartext-Password | := | claveAna | <br>+----+------------+--------------------+----+-------------+<br>1 rows in set (0.00 sec)<br><br>mysql> select * from radreply;<br>+----+----------+---------------+----+--------------------------+<br>
| id | username | attribute | op | value |<br>+----+----------+---------------+----+--------------------------+<br>| 1 | ana | Reply-Message | += | Hola Anita | <br>+----+----------+---------------+----+--------------------------+<br>
1 rows in set (0.00 sec)<br><br>mysql> select * from radusergroup;<br>+----------+-----------+----------+<br>| username | groupname | priority |<br>+----------+-----------+----------+<br>| ana | CAU1 | 0 | <br>
+----------+-----------+----------+<br>1 rows in set (0.00 sec)<br><br>mysql> select * from radgroupcheck;<br>+----+-----------+----------------+----+--------+<br>| id | groupname | attribute | op | value |<br>+----+-----------+----------------+----+--------+<br>
| 1 | CAU1 | Huntgroup-Name | == | pccau1 | <br>| 2 | CAU1 | Auth-Type | := | Accept | <br>+----+-----------+----------------+----+--------+<br>2 rows in set (0.00 sec)<br><br>mysql> select * from radgroupreply;<br>
+----+-----------+---------------+----+------------------------------+<br>| id | groupname | attribute | op | value |<br>+----+-----------+---------------+----+------------------------------+<br>
| 1 | CAU1 | Reply-Message | += | Hola miembros del grupo CAU1 | <br>+----+-----------+---------------+----+------------------------------+<br>1 rows in set (0.00 sec)<br><br>mysql> select * from nas;<br>+----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+<br>
| id | nasname | shortname | type | ports | secret | server | community | description |<br>+----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+<br>| 1 | X.X.X.X | pcCAU1 | other | NULL | cau123 | NULL | NULL | CAU1 computer | <br>
+----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+<br>1 rows in set (0.00 sec)<br><br>In my users file:<br><br>debian:/etc/freeradius# cat users<br><br>DEFAULT Auth-Type := Reject<br>
<br>bob Cleartext-Password := "hello"<br> Reply-Message = "Hola %{User-Name}"<br><br>My default server:<br><br>authorize {<br> update request {<br> Huntgroup-Name = "%{sql:select shortname from nas where nasname=\"%{Client-IP-Address}\"}"<br>
}<br><br> preprocess<br> mschap<br> suffix<br> eap {<br> ok = return<br> }<br><br> files<br> sql<br><br> expiration<br><br> pap<br>}<br><br>Request with radtest + ana + pcCAU1<br><br>
rad_recv: Access-Request packet from host X.X.X.X port 45281, id=133, length=55<br> User-Name = "ana"<br> User-Password = "claveAna"<br> NAS-IP-Address = 127.0.1.1<br> NAS-Port = 0<br>+- entering group authorize {...}<br>
sql_xlat<br> expand: %{User-Name} -> ana<br>sql_set_user escaped user --> 'ana'<br> expand: select shortname from nas where nasname="%{Client-IP-Address}" -> select shortname from nas where nasname="X.X.X.X"<br>
expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql<br>rlm_sql (sql): Reserving sql socket id: 3<br>rlm_sql_mysql: query: select shortname from nas where nasname="X.X.X.X"<br>sql_xlat finished<br>
rlm_sql (sql): Released sql socket id: 3<br> expand: %{sql:select shortname from nas where nasname="%{Client-IP-Address}"} -> pcCAU1<br>++[request] returns notfound<br>++[preprocess] returns ok<br>++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ana", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>[files] users: Matched entry DEFAULT at line 9<br>
++[files] returns ok<br>[sql] expand: %{User-Name} -> ana<br>[sql] sql_set_user escaped user --> 'ana'<br>rlm_sql (sql): Reserving sql socket id: 2<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'ana' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'ana' ORDER BY id<br>[sql] User found in radcheck table<br>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'ana' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'ana' ORDER BY id<br>[sql] expand: SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = BINARY 'ana' ORDER BY priority<br>
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = BINARY 'ana' ORDER BY priority<br>[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'CAU1' ORDER BY id<br>
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'CAU1' ORDER BY id<br>rlm_sql (sql): Released sql socket id: 2<br>++[sql] returns ok<br>
[expiration] Checking Expiration time: '02 Dec 2010'<br>++[expiration] returns ok<br>[pap] Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br>Found Auth-Type = Reject<br>Auth-Type = Reject, rejecting user<br>
Failed to authenticate the user.<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[sql] expand: %{User-Name} -> ana<br>[sql] sql_set_user escaped user --> 'ana'<br>[sql] expand: INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( '%{User-Name}', '%{Calling-Station-Id}', '%C', '%{Nas-IP-Address}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Reject', NOW())<br>
[sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql<br>rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Reject', NOW())<br>
rlm_sql (sql): Reserving sql socket id: 1<br>rlm_sql_mysql: query: INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Reject', NOW())<br>
rlm_sql (sql): Released sql socket id: 1<br>++[sql] returns ok<br>[attr_filter.access_reject] expand: %{User-Name} -> ana<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 133 to X.X.X.X port 45281<br> Reply-Message += "Hola Anita"<br>
<br><br>Sorry for my english.<br>-- <br>____________________<br><br> Ana Gallardo Gómez<br>____________________<br>