Properly using the operators?

Mike mike-freeradius at tiedyenetworks.com
Sun Dec 17 00:26:10 CET 2006 

Dear list,

        I'm having a hard time learning how to use the attribute 
properties correctly in my mysql/radius database and my test enviroment 
is freeradius 1.1.3 / debian etch. What I'm trying to do is to establish 
a 'suspended' user group which receives a Framed-IP-Address attribute of 
10.10.0.2+, and which overrides any previously assigned 
Famed-IP-Address, if present. I know that group processing is happening, 
because I can add attributes to the suspended group and my test user 
gets those attributes. I am adding the Framed-IP-Address attribute in 
the radreply table, but it is not being overwritten from the one set by 
radgroupreply. If I remove this from radreply, then the ip assigned in 
suspended group is applied. If I change the one in radgroupreply to use 
the += operator, then it returns both ip addresses in the reply. But I 
can't seem to get := to overwrite like the docs says it does.

Here is a dump of my sample sql tables:

mysql> select * from radcheck ;
+----+----------+---------------+----+-----------------+
| id | UserName | Attribute     | op | Value           |
+----+----------+---------------+----+-----------------+
|  2 | joe.user | User-Password | == | ididntpaymybill |
+----+----------+---------------+----+-----------------+


mysql> select * from radreply ;
+----+----------+-------------------+----+---------+
| id | UserName | Attribute         | op | Value   |
+----+----------+-------------------+----+---------+
|  2 | joe.user | Framed-IP-Address | =  | 1.2.3.4 |
+----+----------+-------------------+----+---------+


mysql> select * from usergroup ;
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| joe.user | suspended |        1 |
+----------+-----------+----------+

mysql> select * from radgroupcheck ;
+----+-----------+-----------------+----+-------+
| id | GroupName | Attribute       | op | Value |
+----+-----------+-----------------+----+-------+
|  3 | dynamic   | Framed-Protocol | == | PPP   |
|  4 | suspended | Framed-Protocol | == | PPP   |
+----+-----------+-----------------+----+-------+


mysql> select * from radgroupreply ;
+----+-----------+-------------------+----+-----------------+
| id | GroupName | Attribute         | op | Value           |
+----+-----------+-------------------+----+-----------------+
|  6 | suspended | Framed-Netmask    | =  | 255.255.255.255 |
|  5 | suspended | Framed-IP-Address | =  | 10.10.0.2+      |
|  7 | dynamic   | Framed-IP-Address | := | 255.255.255.255 |
+----+-----------+-------------------+----+-----------------+

Here is the results of running radtest on this user:

> radtest joe.user ididntpaymybill localhost 0 testing123
Sending Access-Request of id 140 to 127.0.0.1 port 1812
        User-Name = "joe.user"
        User-Password = "ididntpaymybill"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=140, length=32
        Framed-IP-Address = 1.2.3.4
        Framed-IP-Netmask = 255.255.255.255

        What I am trying to accomplish is simply to allow us to put 
overdue users into the 'suspended' group, which will hand out a 
different set of ip addresses than their normal non-suspended 
configuration. I realise I  could be approaching this all wrong but 
right now I simply set those items (framed-ip-address, framed-route, and 
etc) in the radreply table and I don't want to remove those items from 
the database, just override them.

        Any pointers would be greatly appreciated.

Mike-

More information about the Freeradius-Users mailing list