Authorize based on Calling-Station-ID | Auth-type issue
Hi, I want to authorize subscribers based on calling-station-id, but I am not sure how to correctly set the auth-type. For this I have commented the pap and chap sections. Do I need to write unlang in the post-auth section for this? I have seen guys add the post-auth type to the authorize section but don't think this is right. Below is my debug where you will see it passed all checks for the subscriber but fails on auth-type: Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on proxy address * port 36949 Listening on proxy address :: port 60842 Ready to process requests (0) Received Access-Request Id 4 from 127.0.0.1:51165 to 127.0.0.1:1812 length 353 (0) Calling-Station-Id = "27842280395" (0) User-Name = "nouser" (0) NAS-IP-Address = 10.118.200.45 (0) NAS-Identifier = "GGPS02" (0) Called-Station-Id = "privateapn" (0) Service-Type = Framed-User (0) Framed-Protocol = GPRS-PDP-Context (0) NAS-Port-Type = Wireless-Other (0) 3GPP-IMSI = "655018500837935" (0) 3GPP-IMSI-MCC-MNC = "65501" (0) 3GPP-NSAPI = "5" (0) 3GPP-Charging-ID = 1952431649 (0) 3GPP-Charging-Characteristics = "0800" (0) 3GPP-SGSN-Address = 196.46.161.205 (0) 3GPP-GGSN-Address = 196.46.161.229 (0) 3GPP-RAT-Type = EUTRAN (0) 3GPP-IMEISV = "3581780428341713" (0) 3GPP-Location-Info = 0x8256f510501f56f510033fc30a (0) 3GPP-SGSN-MCC-MNC = "65501" (0) 3GPP-GGSN-MCC-MNC = "65501" (0) 3GPP-Selection-Mode = "0" (0) 3GPP-MS-Time-Zone = 0x8000 (0) 3GPP-GPRS-Negotiated-QoS-profile = "08-0406000F4240000F4240" (0) 3GPP-PDP-Type = 0 (0) 3GPP-Negotiated-DSCP = 0 (0) NAS-Port = 1441328 (0) User-Password = "nopassword" (0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [files] = noop (0) sql: EXPAND %{User-Name} (0) sql: --> nouser (0) sql: SQL-User-Name set to 'nouser' rlm_sql (sql): Reserved connection (0) (0) sql: EXPAND SELECT id, CallingStationId, attribute, value, op FROM radcheck WHERE CallingStationId = '%{Calling-Station-Id}' ORDER BY id (0) sql: --> SELECT id, CallingStationId, attribute, value, op FROM radcheck WHERE CallingStationId = '27842280395' ORDER BY id (0) sql: Executing select query: SELECT id, CallingStationId, attribute, value, op FROM radcheck WHERE CallingStationId = '27842280395' ORDER BY id (0) sql: User found in radcheck table (0) sql: Conditional check items matched, merging assignment check items (0) sql: Cleartext-Password := "testclear" (0) sql: EXPAND SELECT id, CallingStationId, attribute, value, op FROM radreply WHERE CallingStationId = '%{Calling-Station-Id}' ORDER BY id (0) sql: --> SELECT id, CallingStationId, attribute, value, op FROM radreply WHERE CallingStationId = '27842280395' ORDER BY id (0) sql: Executing select query: SELECT id, CallingStationId, attribute, value, op FROM radreply WHERE CallingStationId = '27842280395' ORDER BY id (0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{Calling-Station-Id}' ORDER BY priority (0) sql: --> SELECT groupname FROM radusergroup WHERE username = '27842280395' ORDER BY priority (0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = '27842280395' ORDER BY priority (0) sql: User found in the group table (0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id (0) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'privateapn' ORDER BY id (0) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'privateapn' ORDER BY id (0) sql: Group "privateapn": Conditional check items matched (0) sql: Group "privateapn": Merging assignment check items (0) sql: Pool-Name := "main_pool" (0) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id (0) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'privateapn' ORDER BY id (0) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'privateapn' ORDER BY id (0) sql: Group "privateapn": Merging reply items (0) sql: Cisco-AVPair += "ip:dns-servers=41.215.234.106 41.223.34.154" (0) sql: Acct-Interim-Interval := 3600 (0) sql: Session-Timeout := 86400 rlm_sql (sql): Released connection (0) rlm_sql (sql): Need 5 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16-0ubuntu0.16.04.1, protocol version 10 (0) [sql] = ok (0) [expiration] = noop (0) [logintime] = noop (0) } # authorize = ok (0) WARNING: Please update your configuration, and remove 'Auth-Type = Local' (0) WARNING: Use the PAP or CHAP modules instead (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) Post-Auth-Type REJECT { (0) sql: EXPAND .query (0) sql: --> .query (0) sql: Using query template 'query' rlm_sql (sql): Reserved connection (1) (0) sql: EXPAND %{User-Name} (0) sql: --> nouser (0) sql: SQL-User-Name set to 'nouser' (0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate, callingstationid, framedipaddress) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S', '%{Calling-Station-ID}', '%{Framed-IP-Address}') (0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate, callingstationid, framedipaddress) VALUES ( 'nouser', 'nopassword', 'Access-Reject', '2017-01-20 14:14:47', '27842280395', '') (0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate, callingstationid, framedipaddress) VALUES ( 'nouser', 'nopassword', 'Access-Reject', '2017-01-20 14:14:47', '27842280395', '') (0) sql: SQL query returned: success (0) sql: 1 record(s) updated rlm_sql (sql): Released connection (1) (0) [sql] = ok (0) } # Post-Auth-Type REJECT = ok (0) Delaying response for 1.000000 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 4 from 127.0.0.1:1812 to 127.0.0.1:51165 length 83 (0) Cisco-AVPair = "ip:dns-servers=41.215.234.106 41.223.34.154" (0) Acct-Interim-Interval = 3600 (0) Session-Timeout = 86400 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 4 with timestamp +4 Ready to process requests (1) Received Status-Server Id 103 from 10.0.10.25:1814 to 10.0.10.28:1813 length 68 (1) Message-Authenticator = 0x48eb832592f3e4b940669596ed2799b6 (1) NAS-Identifier = "Status Check. Are you alive?" (1) Sent Accounting-Response Id 103 from 10.0.10.28:1813 to 10.0.10.25:1814 length 0 (1) Finished request Waking up in 4.9 seconds. (1) Cleaning up request packet ID 103 with timestamp +20 Ready to process requests (2) Received Status-Server Id 238 from 10.0.10.25:1814 to 10.0.10.28:1813 length 68 (2) Message-Authenticator = 0xed96d2625dbc44dce37c2fa22af10a1f (2) NAS-Identifier = "Status Check. Are you alive?" (2) Sent Accounting-Response Id 238 from 10.0.10.28:1813 to 10.0.10.25:1814 length 0 (2) Finished request Waking up in 4.9 seconds. (2) Cleaning up request packet ID 238 with timestamp +53 Ready to process requests (3) Received Status-Server Id 119 from 10.0.10.25:1814 to 10.0.10.28:1813 length 68 (3) Message-Authenticator = 0x920d1b597c9940cf8adcde1203614f21 (3) NAS-Identifier = "Status Check. Are you alive?" (3) Sent Accounting-Response Id 119 from 10.0.10.28:1813 to 10.0.10.25:1814 length 0 (3) Finished request Waking up in 4.9 seconds. (3) Cleaning up request packet ID 119 with timestamp +84 Ready to process requests (4) Received Accounting-Request Id 42 from 10.0.10.25:1814 to 10.0.10.28:1813 length 401 (4) NAS-IP-Address = 41.71.86.18 (4) NAS-Identifier = "tbepg1" (4) Called-Station-Id = "acme.rsaweb.mobi" (4) Framed-Protocol = GPRS-PDP-Context (4) Service-Type = Framed-User (4) NAS-Port-Type = Virtual (4) NAS-Port = 776299053 (4) Calling-Station-Id = "27827864678" (4) Acct-Status-Type = Interim-Update (4) Framed-IP-Address = 10.254.117.6 (4) Acct-Session-Id = "29D03603F0BF2FEC" (4) User-Name = "void" (4) Acct-Session-Time = 1145 (4) Acct-Input-Gigawords = 0 (4) Acct-Input-Octets = 2548 (4) Acct-Output-Gigawords = 0 (4) Acct-Output-Octets = 1340 (4) Acct-Input-Packets = 12 (4) Acct-Output-Packets = 18 (4) Event-Timestamp = "Jan 20 2017 14:16:47 SAST" (4) Acct-Authentic = RADIUS (4) Acct-Delay-Time = 0 (4) 3GPP-IMSI = "655103032261356" (4) 3GPP-Charging-ID = 4039061484 (4) 3GPP-PDP-Type = 0 (4) 3GPP-Charging-Gateway-Address = 0.0.0.0 (4) 3GPP-SGSN-Address = 41.208.54.246 (4) 3GPP-GGSN-Address = 41.208.54.3 (4) 3GPP-IMSI-MCC-MNC = "65510" (4) 3GPP-GGSN-MCC-MNC = "65510" (4) 3GPP-NSAPI = "6" (4) 3GPP-Selection-Mode = "0" (4) 3GPP-Charging-Characteristics = "0400" (4) 3GPP-SGSN-MCC-MNC = "65510" (4) 3GPP-IMEISV = "3592020767651207" (4) 3GPP-RAT-Type = UTRAN (4) 3GPP-Location-Info = 0x0156f5012b144a0d (4) 3GPP-MS-Time-Zone = 0x8000 (4) Proxy-State = 0x313739 (4) # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default (4) preacct { (4) [preprocess] = ok (4) policy acct_unique { (4) update request { (4) Tmp-String-9 := "ai:" (4) } # update request = noop (4) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) { (4) EXPAND %{hex:&Class} (4) --> (4) EXPAND ^%{hex:&Tmp-String-9} (4) --> ^61693a (4) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE (4) else { (4) update request { (4) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}} (4) --> 6c48feca7d893fffd008865d6abc5548 (4) &Acct-Unique-Session-Id := 6c48feca7d893fffd008865d6abc5548 (4) } # update request = noop (4) } # else = noop (4) } # policy acct_unique = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "void", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) [files] = noop (4) } # preacct = ok (4) # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default (4) accounting { (4) detail: EXPAND /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d (4) detail: --> /usr/local/var/log/radius/radacct/10.0.10.25/detail-20170120 (4) detail: /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.0.10.25/detail-20170120 (4) detail: EXPAND %t (4) detail: --> Fri Jan 20 14:16:47 2017 (4) [detail] = ok (4) [unix] = noop rlm_sql (sql): Closing connection (2): Hit idle_timeout, was idle for 124 seconds rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (3): Hit idle_timeout, was idle for 124 seconds rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (4): Hit idle_timeout, was idle for 124 seconds rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (0): Hit idle_timeout, was idle for 120 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (5): Hit idle_timeout, was idle for 120 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): Closing connection (1): Hit idle_timeout, was idle for 120 seconds rlm_sql (sql): You probably need to lower "min" rlm_sql_mysql: Socket destructor called, closing socket rlm_sql (sql): 0 of 0 connections in use. You may need to increase "spare" rlm_sql (sql): Opening additional connection (6), 1 of 32 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16-0ubuntu0.16.04.1, protocol version 10 rlm_sql (sql): Reserved connection (6) (4) sqlippool: EXPAND %{User-Name} (4) sqlippool: --> void (4) sqlippool: SQL-User-Name set to 'void' (4) sqlippool: EXPAND START TRANSACTION (4) sqlippool: --> START TRANSACTION (4) sqlippool: Executing query: START TRANSACTION (4) sqlippool: EXPAND UPDATE radippool SET expiry_time = NOW() + INTERVAL 86400 SECOND WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{Calling-Station-Id}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' (4) sqlippool: --> UPDATE radippool SET expiry_time = NOW() + INTERVAL 86400 SECOND WHERE nasipaddress = '41.71.86.18' AND pool_key = '27827864678' AND username = 'void' AND callingstationid = '27827864678' AND framedipaddress = '10.254.117.6' (4) sqlippool: Executing query: UPDATE radippool SET expiry_time = NOW() + INTERVAL 86400 SECOND WHERE nasipaddress = '41.71.86.18' AND pool_key = '27827864678' AND username = 'void' AND callingstationid = '27827864678' AND framedipaddress = '10.254.117.6' rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0 (4) sqlippool: EXPAND COMMIT (4) sqlippool: --> COMMIT (4) sqlippool: Executing query: COMMIT rlm_sql (sql): Released connection (6) rlm_sql (sql): Need 2 more connections to reach 10 spares rlm_sql (sql): Opening additional connection (7), 1 of 31 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.16-0ubuntu0.16.04.1, protocol version 10 (4) [sqlippool] = ok (4) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query} (4) sql: --> type.interim-update.query (4) sql: Using query template 'query' rlm_sql (sql): Reserved connection (6) (4) sql: EXPAND %{User-Name} (4) sql: --> void (4) sql: SQL-User-Name set to 'void' (4) sql: EXPAND UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctinterval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}' (4) sql: --> UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1484914607), acctinterval = 1484914607 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.254.117.6', acctsessiontime = 1145, acctinputoctets = '0' << 32 | '2548', acctoutputoctets = '0' << 32 | '1340' WHERE AcctUniqueId = '6c48feca7d893fffd008865d6abc5548' (4) sql: Executing query: UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acctupdatetime), acctupdatetime = FROM_UNIXTIME(1484914607), acctinterval = 1484914607 - UNIX_TIMESTAMP(@acctupdatetime_old), framedipaddress = '10.254.117.6', acctsessiontime = 1145, acctinputoctets = '0' << 32 | '2548', acctoutputoctets = '0' << 32 | '1340' WHERE AcctUniqueId = '6c48feca7d893fffd008865d6abc5548' rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0 (4) sql: SQL query returned: success (4) sql: 1 record(s) updated rlm_sql (sql): Released connection (6) (4) [sql] = ok (4) [exec] = noop Thanks in advance! Regards Kind Regards Koos Myburgh Network Engineer RSAWEB Internet Services
On Jan 20, 2017, at 8:34 AM, Koos Myburgh <koos@rsaweb.co.za> wrote:
I want to authorize subscribers based on calling-station-id, but I am not sure how to correctly set the auth-type. For this I have commented the pap and chap sections.
If you want to authenticate based on Calling-Station-Id, then add this to the "authorize" section: if (Calling-Station-Id == "27842280395") { update control { Auth-Type := Accept/ } } Alan DeKok.
Hi Alan, I have added it to the authorize section and it works as expected. What would be the best way to get the full reply attributes from the sql radreply table other than setting the reply items for each attribute one by one?: if (Calling-Station-Id == "%{sql:SELECT CallingStationId FROM `radcheck` WHERE CallingStationId = %{Calling-Station-ID}}") { update control { Auth-Type := Accept } update reply { Framed-Ip-Address := "%{sql:SELECT staticip FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" Cisco-AVPair := "%{sql:SELECT dnsservers FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" } } Is there a way to call the "authorize_reply_query" from the sql module to get the reply items? Regards Koos From: "Alan DeKok" <aland@deployingradius.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Friday, January 20, 2017 5:44:47 PM Subject: Re: Authorize based on Calling-Station-ID | Auth-type issue On Jan 20, 2017, at 8:34 AM, Koos Myburgh <koos@rsaweb.co.za> wrote:
I want to authorize subscribers based on calling-station-id, but I am not sure how to correctly set the auth-type. For this I have commented the pap and chap sections.
If you want to authenticate based on Calling-Station-Id, then add this to the "authorize" section: if (Calling-Station-Id == "27842280395") { update control { Auth-Type := Accept/ } } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Kind Regards Koos Myburgh Network Engineer RSAWEB Internet Services
On Jan 24, 2017, at 6:42 AM, Koos Myburgh <koos@rsaweb.co.za> wrote:
Hi Alan,
I have added it to the authorize section and it works as expected. What would be the best way to get the full reply attributes from the sql radreply table other than setting the reply items for each attribute one by one?:
You should use the SQL tables as normal.
if (Calling-Station-Id == "%{sql:SELECT CallingStationId FROM `radcheck` WHERE CallingStationId = %{Calling-Station-ID}}") { update control { Auth-Type := Accept } update reply { Framed-Ip-Address := "%{sql:SELECT staticip FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" Cisco-AVPair := "%{sql:SELECT dnsservers FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" } }
That's just the wrong solution. If you're writing custom rules, you should probably use custom SQL tables. If you're using the standard SQL tables, you should use them in the standard way. See the Wiki for documentation on how they work. It is extensively documented.
Is there a way to call the "authorize_reply_query" from the sql module to get the reply items?
That's the wrong question, based on wrong assumptions. You should instead do put this into SQL: radcheck: Calling-Station-Id == ... radcheck: Auth-Type := Accept And then leave radreply as-is. You *don't* need custom "unlang" rules to pull data from SQL. Read the rlm_sql documentation in the wiki. It should help. Alan DeKok.
Hi Alan, It's working much better on your recommended solution. Thank you for pointing me in the right direction. Regards Koos From: "Alan DeKok" <aland@deployingradius.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Tuesday, January 24, 2017 4:36:51 PM Subject: Re: Authorize based on Calling-Station-ID | Auth-type issue On Jan 24, 2017, at 6:42 AM, Koos Myburgh <koos@rsaweb.co.za> wrote:
Hi Alan,
I have added it to the authorize section and it works as expected. What would be the best way to get the full reply attributes from the sql radreply table other than setting the reply items for each attribute one by one?:
You should use the SQL tables as normal.
if (Calling-Station-Id == "%{sql:SELECT CallingStationId FROM `radcheck` WHERE CallingStationId = %{Calling-Station-ID}}") { update control { Auth-Type := Accept } update reply { Framed-Ip-Address := "%{sql:SELECT staticip FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" Cisco-AVPair := "%{sql:SELECT dnsservers FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" } }
That's just the wrong solution. If you're writing custom rules, you should probably use custom SQL tables. If you're using the standard SQL tables, you should use them in the standard way. See the Wiki for documentation on how they work. It is extensively documented.
Is there a way to call the "authorize_reply_query" from the sql module to get the reply items?
That's the wrong question, based on wrong assumptions. You should instead do put this into SQL: radcheck: Calling-Station-Id == ... radcheck: Auth-Type := Accept And then leave radreply as-is. You *don't* need custom "unlang" rules to pull data from SQL. Read the rlm_sql documentation in the wiki. It should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Kind Regards Koos Myburgh Network Engineer RSAWEB Internet Services
participants (2)
-
Alan DeKok -
Koos Myburgh