Rlm_sql in freeradius 2

Dashamir Hoxha dhoxha at albaniaonline.net
Sat Jan 19 09:16:17 CET 2008


Hi,

I have installed and tested freeradius-2 for a short while.
I tested the behavior of the groups in the sql module, because
this is what I am interested for right now. In general it works
as described in the docs. However I still find some things
that do not work as expected (or at least as I expect them
to work).

In case that somebody is interested in bug reports, this
is what I have found out:

* Setting the attribute User-Profile in the table radcheck
or radreply doesn't work as described in the docs:

7. Finally, if the user has a User-Profile attribute set
or the Default Profile option is set in the sql.conf, then
steps 4-6 are repeated for the groups that the profile is
a member of.

* Setting the attribute Auth-Type:=Accept or Auth-Type:=Reject
in the table radgroupreply doesn't work. Maybe it is
not supposed to work, but why not?

* Trying to set the password with Cleartext-Password:=xyz
in radgroupcheck or radgroupreply doesn't work. Maybe
it is not supposed to work, but why not?

Regards,
Dashamir

Dashamir Hoxha wrote:
> Hi,
>
> Actually, what I am trying to do is this:
> I have several access points that have hotspot
> and use radius for AAA. I would like to register
> users in radius so that they are able to login
> using some of the access points, and not able to
> login using the others.
>
> The way that I was trying to do it is like this:
> Suppose that there are the access points A1, A2, A3
> and the user 'test' should be able to access the
> internet only from A1 and A3. The data in radius
> that would make this scenario work, could be like this:
>
> radcheck:
> +------+----------+------------------+----+-------+
> | id | UserName | Attribute | op | Value |
> +------+----------+------------------+----+-------+
> | 5272 | test | User-Password | := | test |
> | 5262 | test | Simultaneous-Use | := | 5 |
> +------+----------+------------------+----+-------+
>
> radreply:
> +----+----------+---------------+----+----------+
> | id | UserName | Attribute | op | Value |
> +----+----------+---------------+----+----------+
> | 42 | test | Auth-Type | := | Reject |
> | 43 | test | Fall-Through | := | Yes |
> +----+----------+---------------+----+----------+
>
> usergroup:
> +----------+-----------+----------+
> | UserName | GroupName | priority |
> +----------+-----------+----------+
> | test | A1 | 1 |
> | test | A2 | 1 |
> | test | A3 | 1 |
> +----------+-----------+----------+
>
> radgroupcheck:
> +----+-----------+----------------+----+-------+
> | id | GroupName | Attribute | op | Value |
> +----+-----------+----------------+----+-------+
> | 42 | A1 | NAS-Identifier | == | ID-A1 |
> | 43 | A2 | NAS-Identifier | == | ID-A2 |
> | 44 | A2 | NAS-Identifier | == | ID-A3 |
> +----+-----------+----------------+----+-------+
>
> radgroupreply:
> +----+-----------+---------------+----+--------+
> | id | GroupName | Attribute | op | Value |
> +----+-----------+---------------+----+--------+
> | 52 | A1 | Auth-Type | := | Accept |
> | 53 | A1 | Fall-Through | := | No |
> | 54 | A2 | Auth-Type | := | Reject |
> | 55 | A2 | Fall-Through | := | Yes |
> | 56 | A3 | Auth-Type | := | Accept |
> | 57 | A3 | Fall-Through | := | No |
> +----+-----------+---------------+----+--------+
>
> However, if the radius does not follow the algorithm
> described in http://wiki.freeradius.org/Rlm_sql,
> then this setup should not work.
>
> Do you have any suggestion or idea on how to make the
> scenario above work?
>
> Regards,
> Dashamir
>
>
> Dashamir Hoxha wrote:
>> I have installed freeradius-1.1.7 in fedora8. However I find that the 
>> module
>> rlm_sql does not work as described in this page:
>> http://wiki.freeradius.org/Rlm_sql
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list