Posting relevant sections along with an explanation - I was doing some fiddling in between posting and responding here. Here is the current setup, as I was trying to make it work: dictionary.slipstream - VENDOR Slipstream 7000 ATTRIBUTE Profile 1 string Slipstream reply query in mssql.conf - authorize_reply_query = "SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}'" Relevant output when running radiusd -X - Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: Looking up realm "evenlink.com" for User-Name = "aseibert@evenlink.com" rlm_realm: No such realm "evenlink.com" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: 'aseibert@evenlink.com' rlm_sql (sql): sql_set_user escaped user --> 'aseibert@evenlink.com' radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com'' rlm_sql (sql): Reserving sql socket id: 4 query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com' radius_xlat: '' radius_xlat: 'SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com'' query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com' radius_xlat: '' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 46 to 206.174.130.217 port 40278 Profile := "Slip" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 46 with timestamp 4911f770 Nothing to do. Sleeping until we see a request. This doesn't allow the slip user to connect to the slip service. However, if I change everything to the following: dictionary.slipstream: VENDOR Slipstream 7000 ATTRIBUTE Slipstream-Auth 1 string Slipstream mssql query: authorize_reply_query = "SELECT '',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}'" Output: Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: Looking up realm "evenlink.com" for User-Name = "aseibert@evenlink.com" rlm_realm: No such realm "evenlink.com" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: 'aseibert@evenlink.com' rlm_sql (sql): sql_set_user escaped user --> 'aseibert@evenlink.com' radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com'' rlm_sql (sql): Reserving sql socket id: 4 query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com' radius_xlat: '' radius_xlat: 'SELECT '',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com'' query: SELECT '',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE Username = 'aseibert@evenlink.com' radius_xlat: '' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 230 to 206.174.130.217 port 56427 Slipstream-Auth := "true" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 230 with timestamp 4911fa44 Nothing to do. Sleeping until we see a request. As you can see, what I need to do is basically say if the Profiles column in the sql database has a value of Slip, then Slipstream-Auth = "true" needs to be passed back in the reply query. I just can't figure out how to do that... On Wed, 2008-11-05 at 13:56 -0500, Stephen Bowman wrote:
have created a dictionary.slipstream file with the following:
VENDOR Slipstream 7000 ATTRIBUTE SlipStream-Auth True string Slipstream
However, that will not authenticate the slip client. If I "hardcode" the attribute into the auth_reply query, the client is then authenticated. (Query = authorize_reply_query = "SELECT '','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username = '%{SQL-User-Name}'"
Any ideas where to go to get this working correctly?
Post the output of radiusd -X. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html