On Dec 20, 2016, at 8:35 AM, Alexey Dotsenko <lex@rwx.su> wrote:
Test environment: Centos 7 (x86_64), FreeRADIUS 3.0.12 - rpm build from upstream source 3.0.12 (based on fedoraproject spec file (without code patches)).
MariaDB [radius]> select * from radgroupreply; +----+-----------+--------------+----+-------------------------------------------------------------------------------------+ | id | groupname | attribute | op | value | +----+-----------+--------------+----+-------------------------------------------------------------------------------------+ | 3 | ras | cisco-avpair | += | ip:inacl#1=permit ip any 10.0.253.224 255.255.255.224 | | 12 | ras | cisco-avpair | += | ip:inacl#2=permit tcp any 10.0.253.224 255.255.255.224 | | 14 | ras | Fall-Through | := | Yes | | 29 | ras | Cisco-AVPair | += | `ACS:CiscoSecure-Defined-ACL=#ACSACL#-IP-%{%{SQL-Group}:-%{%{User-Name}:-None}}-%l` |
Don't do that. Use %{exec:...} instead of back-ticks for attributes in SQL. Alan DeKok.