Good day, everyone. I'm trying to setup FreeRadius 1.1.3 to assing IP-addresses based on what NAS the authorization request came from, no matter what username or password was supplied. Some of my configuration: <huntgroups> ... Alpha NAS-IP-Address == 192.168.10.1 Beta NAS-IP-Address == 192.168.20.1 ... <users> ... DEFAULT Auth-Type := Accept, Huntgroup-Name == "Alpha", Pool-Name := "PoolA" DEFAULT Auth-Type := Accept, Huntgroup-Name == "Beta", Pool-Name := "PoolB" ... I specify the IP-pools in <radiusd.conf>, and it works fine, except for one thing: I get no Access-Accept reply whenever the username is left blank (any non-empty username is accepted by the server). So, my question: is there a way to make FreeRadius use the DEFAULT entries when the username is not supplied at all? Thanks.
Marat Rysbekov wrote:
I specify the IP-pools in <radiusd.conf>, and it works fine, except for one thing: I get no Access-Accept reply whenever the username is left blank (any non-empty username is accepted by the server).
And "radiusd -X" says...?
So, my question: is there a way to make FreeRadius use the DEFAULT entries when the username is not supplied at all?
See what it's doing now *first*, before trying to change it's configuration to do something else. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
2006/11/20, Alan DeKok <aland@deployingradius.com>:
And "radiusd -X" says...?
"radiusd -X" says the following (missed this one at first): rml_sql (sql): Processing sql_postauth radius_xlat: modcall[post-auth]: modulte "sql" returns fail for request 0 I do have "sql" enabled in the post-auth section of <radiusd.conf> (and not in the authorization section). I use the default postauth_query in the <sql.conf>. So I guess the problem is that radpostauth table of the radius database does not accept NULL values. Blank usernames are accepted when I disable "sql" in the post-auth section. So, another question: should it be safe to change the provided radius database schema and make the radpostauth tables accept NULL values for the user field? By the way, I use MySQL 5.0.26. Marat Rysbekov.
Marat Rysbekov wrote:
I do have "sql" enabled in the post-auth section of <radiusd.conf> (and not in the authorization section). I use the default postauth_query in the <sql.conf>. So I guess the problem is that radpostauth table of the radius database does not accept NULL values. Blank usernames are accepted when I disable "sql" in the post-auth section.
So... update the SQL query to replace the blank username with some default.
So, another question: should it be safe to change the provided radius database schema and make the radpostauth tables accept NULL values for the user field?
It's your system. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Marat Rysbekov