<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Hi there,</span></div><div><br><span></span></div><div><span>here is the SQL and debug logs from radius.</span></div><div><br><span></span></div><div><br><span></span></div><div><span>mysql> select * from radusergroup;<br>+---------------------------+-----------+----------+<br>| username | groupname | priority |<br>+---------------------------+-----------+----------+<br>| user1@mydomain.com | defgroup | 1 |<br>user1@mydomain.com | dynamic | 1 |<br>+---------------------------+-----------+----------+<br><br>mysql> select * from
radcheck;<br>+-------+---------------------------+----------------+----+------------------------------------+<br>| id | username | attribute | op | value |<br>+-------+---------------------------+----------------+----+------------------------------------+<br>| 72766 | user1@mydomain.com | Crypt-Password | := | $1$7l.zLR5h$8ahKvbTht98HuOHOXWI7v0 |<br>+-------+---------------------------+----------------+----+------------------------------------+<br><br>mysql> select * from radreply;<br>Empty set (0.00 sec)<br><br>mysql> select * from radgroupcheck;<br>Empty set (0.00 sec)<br><br>mysql> select * from
radgroupreply;<br>+----+-----------+-------------------+----+-----------------+<br>| id | groupname | attribute | op | value |<br>+----+-----------+-------------------+----+-----------------+<br>| 1 | defgroup | Framed-MTU | = | 1500 |<br>| 2 | defgroup | Service-Type | = | Framed-User |<br>| 3 | defgroup | Port-Limit | = | 1 |<br>| 7 | dynamic | Framed-IP-Netmask | = | 255.255.255.255 |<br>| 6 | dynamic | Framed-IP-Address | = | 255.255.255.254
|<br>+----+-----------+-------------------+----+-----------------+</span></div><div><br><span></span></div><div><br><span></span></div><div><span>rad_recv: Access-Request packet from host 127.0.0.1 port 60675, id=90, length=76<br> User-Name = "user1@mydomain.com"<br> User-Password = "xxx"<br> NAS-IP-Address = 10.10.11.95<br> NAS-Port = 0<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] Looking up realm "mydomain.com" for User-Name = "user1@mydomain.com"<br>[suffix] No such realm "mydomain.com"<br>++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns notfound<br>++[files] returns noop<br>[sql] expand: %{User-Name} -> user1@mydomain.com<br>[sql] sql_set_user escaped user --> 'user1@mydomain.com'<br>rlm_sql (sql): Reserving sql
socket id: 3<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user1@mydomain.com' ORDER BY id<br>rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user1@mydomain.com' ORDER BY id<br>[sql] User found in
radcheck table<br>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user1@mydomain.com' ORDER BY id<br>rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user1@mydomain.com' ORDER BY id<br>[sql]
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'user1@mydomain.com' ORDER BY priority<br>rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'user1@mydomain.com' ORDER BY priority<br>[sql] expand: SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'defgroup' ORDER BY id<br>rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname =
'defgroup' ORDER BY id<br>[sql] User found in group defgroup<br>[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'defgroup' ORDER BY id<br>rlm_sql_mysql: query: SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE groupname = 'defgroup' ORDER BY id<br>rlm_sql (sql): Released sql socket id: 3<br>++[sql] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns updated<br>Found Auth-Type = PAP<br>+- entering group PAP {...}<br>[pap] login attempt with password "xxx"<br>[pap] Using CRYPT encryption.<br>[pap] User authenticated successfully<br>++[pap] returns ok<br>+- entering group post-auth {...}<br>++[exec] returns noop<br>Sending Access-Accept of id 90 to 127.0.0.1 port 60675<br> Framed-MTU = 1500<br> Service-Type = Framed-User<br> Port-Limit = 1<br>Finished request 0.<br>Going to the next
request<br>Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 90 with timestamp +12<br>Ready to process requests.<br><br></span></div><div><br></div><div>And also what does this line for item 5 in rlm_sql mean? What match is it referring to?<br></div><div><br></div><div>If there is a match, the reply items for this group are pulled from the radgroupreply table and applied.</div><div><br></div><div><br></div><div><br></div><div>thanks,</div><div>det<br></div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><font size="2" face="Arial"><hr size="1"><b><span style="font-weight: bold;">From:</span></b> Fajar A. Nugraha <list@fajar.net><br><b><span style="font-weight: bold;">To:</span></b> FreeRadius users mailing list <freeradius-users@lists.freeradius.org><br><b><span style="font-weight: bold;">Sent:</span></b> Tuesday, August 23,
2011 1:35 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: RADIUS does not send reply for all groups the user is a member of<br></font><br>On Tue, Aug 23, 2011 at 12:23 PM, Det Det <<a ymailto="mailto:det.explorer@yahoo.com" href="mailto:det.explorer@yahoo.com">det.explorer@yahoo.com</a>> wrote:<br>> Hi,<br>> user1 is a member of group1 and group2. both group1 and group2 has replies<br>> in radgroupreply table.<br>> when freeradius query for radusergroup, it will only get the first group the<br>> user is a member of and will proceed to get the reply attributes for that<br>> group as below.<br>> query1: SELECT groupname FROM radusergroup WHERE<br>> username = '<a ymailto="mailto:user1@domain.com"
href="mailto:user1@domain.com">user1@domain.com</a>' ORDER BY priority<br>> query2: SELECT id, groupname, attribute, value, op FROM<br>> radgroupreply WHERE groupname = 'group1' ORDER BY id<br>> from the debug, it does not do this query<br>> query3: SELECT id, groupname, attribute, value, op FROM<br>> radgroupreply WHERE groupname = 'group2' ORDER BY id<br>> any idea why?<br>> i am very sure that query
1 returns more that one value (that is 2 groups,<br>> group1 and group2)<br><br>If you want more help, you need to provide more output from debug log,<br>and (possibly) what's in the radusergroup/radgroupcheck/radgroupreply.<br><br>In the mean time, see doc/rlm_sql. A snippet from that file:<br><br> 5. For each group this user is a member of, the corresponding check items<br> are pulled from radgroupcheck table and compared with the request. If<br> there is a match, the reply items for this group are pulled from the<br> radgroupreply table and applied.<br> 6. Processing continues to the next group IF:<br> a. There was not a match for the last group's check items OR<br> b. Fall-Through was set in the last group's reply items<br> (The above is exactly the same as in the users file)<br><br>-- <br>Fajar<br><br>-<br>List info/subscribe/unsubscribe? See <a
href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br><br></div></div></div></body></html>