attribute assignment in post-auth?

Norbert Wegener norbert.wegener at siemens.com
Thu Dec 13 18:24:11 CET 2007 

With 1.1.7 I want to add  attributes to an eap authenticated client.
The rules for applying vlan are somewhat unusual, that I decided to use 
mysql and stored procedures to determine the values that have to be applied.
When I call the corresponding sql module from the authorize section, I 
run into the problem described at:
https://lists.freeradius.org/pipermail/freeradius-users/2007-September/066381.html
to which Alan already answered:

 > Ideally, the attributes in the reply should be sent ONLY on

>Access-Accept.  i.e. the configuration should NOT update the reply until
>it has determined that the user has been authenticated.

>  This involves moving most of the policy from the "authorize" section
>to the "post-auth" section.


That is why I want to call the stored procedure in the post-auth section.

Therefore in sql.conf I set :

postauth_query = "call speap ('%{SQL-User-Name}', '%{NAS-IP-Address}','2')"

radiusd -AX shows , that procedure is called, 
.....
rlm_sql (sp1): Processing sql_postauth
radius_xlat:  'host/28tef003.ww006.mycompany.net'
rlm_sql (sp1): sql_set_user escaped user --> 'host/28tef003.ww006.mycompany.net'
radius_xlat:  'call speap ('host/28tef003.ww006.mycompany.net', '172.31.110.146','2')'
rlm_sql (sp1) in sql_postauth: query is call speap ('host/28tef003.ww006.mycompany.net', '172.31.110.146','2')
rlm_sql (sp1): Reserving sql socket id: 28
rlm_sql_mysql: SQL statement returned unexpected result



..
unfortunately with an unexpected result.

When I call that stored procedure directly from mysql I get the expected result:
mysql> call speap ('host/28tef003.ww006.mycompany.net', '172.31.110.146','2')
+---+-----------------------------------+--------------+-----+----+
| 0 | s_username                        | Fall-Through | Yes | += |
+---+-----------------------------------+--------------+-----+----+
| 0 | HOST/28tef003.ww006.mycompany.net | Fall-Through | Yes | += | 
+---+-----------------------------------+--------------+-----+----+
what I would expect.

So, what is unexpected with that result?

Norbert Wegener

More information about the Freeradius-Users mailing list