Quoting Nicolas Baradakis <nbk@sitadelle.com>:
This is common to use OpenLDAP for auth and MySQL for acct.
In that howto on the 2nd para of OVERVIEW: "The radius servers will be accepting Radius auth packets and Radius acct packets. The accounting packets will be stored locally on each radius server and then forwarded to the Accounting radius server, using radrelay. The Accounting radius server will store all the radius information in some sort of database such as MySQL, Postgres, or Oracle." Question: My setup is rather simple. Just one server at the moment that houses the LDAP, RADIUS and mySQL server. Would it be possible to make mySQL accept the acct packets by default and thus making no use of radrelay altogether? -- Roger --------------------------------------------------- Sign Up for free Email at http://ureg.home.net.my/ ---------------------------------------------------
Roger Thomas <sniper@home.net.my> wrote:
Question: My setup is rather simple. Just one server at the moment that houses the LDAP, RADIUS and mySQL server. Would it be possible to make mySQL accept the acct packets by default and thus making no use of radrelay altogether?
Yes. radrelay is used only if you have two or more RADIUS servers. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Here are parts of my config as well as parts from debug, and I must be doing something wrong or missed something. I am trying to set the NAS-Identifier, since it is not sent in the access-request packet, and use this later in the post-auth section. As you can see, later in the post-auth section, the attribute is NULL. <debug output> rad_recv: Access-Request packet from host 192.168.0.251:1024, id=61, length=60 User-Name = "60:07:93" NAS-IP-Address = 192.168.0.251 NAS-Port = 1 User-Password = "buywavc" <snip> users: Matched entry DEFAULT at line 18 users: Matched entry DEFAULT at line 21 <users file (lines 18-21) > DEFAULT NAS-IP-Address == "192.168.0.251", NAS-Identifier := "LAB_CCU" Fall-Through = Yes DEFAULT User-Name =~ "^6[0-9a-f]:[0-9a-f]\{2}:[0-9a-f]\{2}$", Post-Auth-Type := "waverider" <debug output (NAS-Identifier did not get set...)> sql: postauth_query = "update wireless_data set tower = '%{NAS-Identifier}' where serial = 'E' + substring('%{User-Name}',2,1) + substring('%{User-Name}',4,2) + substring('%{User-Name}',7,2)" <snip> Login OK: [60:07:93] (from client LAB_CCU port 1) Found Post-Auth-Type waverider Processing the post-auth section of radiusd.conf modcall: entering group waverider for request 0 rlm_sql (waverider): Processing sql_postauth radius_xlat: '60:07:93' rlm_sql (waverider): sql_set_user escaped user --> '60:07:93' radius_xlat: 'update wireless_data set tower = '' where serial = 'E' + substring('60:07:93',2,1) + substring('60:07:93',4,2) + substring('60:07:93',7,2)' rlm_sql (waverider) in sql_postauth: query is update wireless_data set tower = '' where serial = 'E' + substring('60:07:93',2,1) + substring('60:07:93',4,2) + substring('60:07:93',7,2) rlm_sql (waverider): Reserving sql socket id: 9 rlm_sql (waverider): Released sql socket id: 9 modcall[post-auth]: module "waverider" returns ok for request 0 modcall: leaving group waverider (returns ok) for request 0 Sending Access-Accept of id 61 to 63.252.229.251 port 1024 Waverider-Grade-Of-Service = silver Waverider-Priority-Enabled = disabled Thanks, Duane Cox
Duane Cox wrote:
<users file (lines 18-21) > DEFAULT NAS-IP-Address == "192.168.0.251", NAS-Identifier := "LAB_CCU" Fall-Through = Yes
DEFAULT User-Name =~ "^6[0-9a-f]:[0-9a-f]\{2}:[0-9a-f]\{2}$", Post-Auth-Type := "waverider"
Attribute := Value Always matches as a check item, and replaces in the configuration items any attribute of the same name. If no attribute of that name appears in the request, then this attribute is added. Thus, the NAS-Identifier variable you're setting is in the check items. Maybe try: update wireless_data set tower = '%{check:NAS-Identifier}' ...and so forth. See doc/variables.txt Note that setting NAS-Identifier in the check items does not make too much sense (unless you are using e.g. rlm_checkval). The NAS is expected to send it. A huntgroup would make more sense, or you could add NAS-Identifier to the request with e.g. rlm_passwd mapping NAS-IP-Address to NAS-Identifier.
I am trying to make use of a variable that should be stored as: %{config:client[%{Packet-Src-IP-Address}].shortname} Alan discusses it here... http://lists.cistron.nl/pipermail/freeradius-devel/2005-March/008105.html states it is in CVS back in MARCH 2005 and I am running v1.1.2 and my client is listed in clients.conf by IP address (the same IP address as the source packet) postauth_query = "update wireless_data set tower = '%{config:client[%{Packet-Src-IP-Address}].shortname}' where serial = ..... <radiusd -X> rlm_sql (waverider): Processing sql_postauth radius_xlat: '60:07:93' rlm_sql (waverider): sql_set_user escaped user --> '60:07:93' radius_xlat: Running registered xlat function of module config for string 'client[%{Packet-Src-IP-Address}].shortname' config: No such section client[%{Packet-Src-IP-Address}] in format string client[%{Packet-Src-IP-Address}].shortname radius_xlat: 'update wireless_data set tower = '' where serial = 'E' + substring('60:07:93',2,1) + substring('60:07:93',4,2) + substring('60:07:93',7,2)'
"Duane Cox" <duanec@mail.illicom.net> wrote:
Alan discusses it here... http://lists.cistron.nl/pipermail/freeradius-devel/2005-March/008105.html
states it is in CVS back in MARCH 2005 and I am running v1.1.2
It's not in 1.1.2, sorry. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (5)
-
Alan DeKok -
Duane Cox -
Duane Cox -
Phil Mayers -
Roger Thomas