Hi,
Perhaps you should read the SQL module configuration, or the debug output to see where the queries are now located. The file which contains the queries also has complete documentation on how they work. You can edit those queries. If you're going to ignore my suggestions and all of the documentation, then why are you asking questions here?
I have read the documentation for the rlm_sql module, read the comments in the etc/raddb/mods-config/sql/main/mysql/queries.conf file. I know where to edit these sql queries I don't understand why when calling the same sql module from the authorize section, authorization queries is executed, but when calling from dhcp DHCP-Request authorization queries is not executed. (0) # Executing section authorize from file /usr/local/radius3/etc/raddb/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) sql: EXPAND %{User-Name} (0) sql: --> sergk (0) sql: SQL-User-Name set to 'sergk' rlm_sql (sql): Reserved connection (0) (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sergk' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sergk' ORDER BY id and Trying sub-section dhcp DHCP-Request {...} (0) dhcp DHCP-Request { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (0) (0) sql: EXPAND %{User-Name} (0) sql: --> (0) sql: SQL-User-Name set to '' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S.%M' ) (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '', '', '0', '2021-12-25 10:40:13.292201' ) (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate ) VALUES ( '', '', '0', '2021-12-25 10:40:13.292201' ) (0) sql: SQL query returned: success There is no attempt to execute authorize_check_query
On Dec 25, 2021, at 2:54 PM, Sergey Kodentsev <sergk@ic.vrn.ru> wrote:
I have read the documentation for the rlm_sql module, read the comments in the etc/raddb/mods-config/sql/main/mysql/queries.conf file.
OK...
I know where to edit these sql queries I don't understand why when calling the same sql module from the authorize section, authorization queries is executed, but when calling from dhcp DHCP-Request authorization queries is not executed.
Read the debug output and the queries...
(0) # Executing section authorize from file /usr/local/radius3/etc/raddb/sites-enabled/default (0) authorize {
... (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sergk' ORDER BY id (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sergk' ORDER BY id
Which is the "authorize" query/
and
Trying sub-section dhcp DHCP-Request {...} (0) dhcp DHCP-Request { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (0) (0) sql: EXPAND %{User-Name} (0) sql: --> (0) sql: SQL-User-Name set to '' (0) sql: EXPAND INSERT INTO radpostauth
Which is the "post-auth" query. If you look at the rest of the debug output, the DHCP packets are run though the "post-auth" methods, not the "authorize" methods.
There is no attempt to execute authorize_check_query
You can run the "authorize" method of SQL by doing: dhcp DHCP-Request { ... sql.authorize ... } Alan DeKok.
participants (2)
-
Alan DeKok -
Sergey Kodentsev