attribute assignment in post-auth?

Norbert Wegener norbert.wegener at
Thu Dec 13 18:24:11 CET 2007

With 1.1.7 I want to add  attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to use 
mysql and stored procedures to determine the values that have to be applied.
When I call the corresponding sql module from the authorize section, I 
run into the problem described at:
to which Alan already answered:

 > Ideally, the attributes in the reply should be sent ONLY on

>Access-Accept.  i.e. the configuration should NOT update the reply until
>it has determined that the user has been authenticated.

>  This involves moving most of the policy from the "authorize" section
>to the "post-auth" section.

That is why I want to call the stored procedure in the post-auth section.

Therefore in sql.conf I set :

postauth_query = "call speap ('%{SQL-User-Name}', '%{NAS-IP-Address}','2')"

radiusd -AX shows , that procedure is called, 
rlm_sql (sp1): Processing sql_postauth
radius_xlat:  'host/'
rlm_sql (sp1): sql_set_user escaped user --> 'host/'
radius_xlat:  'call speap ('host/', '','2')'
rlm_sql (sp1) in sql_postauth: query is call speap ('host/', '','2')
rlm_sql (sp1): Reserving sql socket id: 28
rlm_sql_mysql: SQL statement returned unexpected result

unfortunately with an unexpected result.

When I call that stored procedure directly from mysql I get the expected result:
mysql> call speap ('host/', '','2')
| 0 | s_username                        | Fall-Through | Yes | += |
| 0 | HOST/ | Fall-Through | Yes | += | 
what I would expect.

So, what is unexpected with that result?

Norbert Wegener

More information about the Freeradius-Users mailing list