What is up with the SQL Groups
Etienne Pretorius
etiennep at kingsley.co.za
Mon Jan 21 12:47:30 CET 2008
Hello List,
I am on FreeRadius 1.1.6-1 on debian etch.
I have a user that belongs to both DSL and DIAL groups.
mysql> select * from usergroup;
+------------------------------+-----------+----------+
| UserName | GroupName | priority |
+------------------------------+-----------+----------+
| adsl-04 at example.com@dsl | DSL | 1 |
| adsl-04 at example.com@dsl | DIAL | 2 |
+------------------------------+-----------+----------+
2 rows in set (0.16 sec)
mysql> select * from radreply;
+----+------------------------------+--------------+----+-------+
| id | UserName | Attribute | op | Value |
+----+------------------------------+--------------+----+-------+
| 1 | adsl-04 at example.com@dsl | Fall-Through | = | Yes |
+----+------------------------------+--------------+----+-------+
1 row in set (2.26 sec)
mysql> select * from radcheck;
+----+------------------------------+----------------------------+----+------------------------------------+
| id | UserName | Attribute | op |
Value |
+----+------------------------------+----------------------------+----+------------------------------------+
| 1 | adsl-04 at example.com@dsl | Crypt-Password | := |
$1$54Bzhv&gsrta^ysgahTaWiUN7dNbxUp/UZ. |
| 2 | adsl-04 at example.com@dsl | Allow-Access-Blended | := |
1 |
| 3 | adsl-04 at example.com@dsl | Max-Monthly-Octets-Blended | := |
1073741824 |
+----+------------------------------+----------------------------+----+------------------------------------+
3 rows in set (1.07 sec)
mysql> select * from radgroupcheck;
+----+-----------+----------------------------+----+--------+
| id | GroupName | Attribute | op | Value |
+----+-----------+----------------------------+----+--------+
| 1 | DISABLED | Auth-Type | := | Reject |
| 2 | DSL | Service-Access-Type | == | DSL |
| 3 | DSL | Allow-Access-Blended | := | 0 |
| 4 | DSL | Allow-Access-Local | := | 0 |
| 5 | DSL | Max-Monthly-Octets-Blended | := | 0 |
| 6 | DSL | Max-Monthly-Octets-Local | := | 0 |
| 7 | DIAL | Service-Access-Type | == | DIAL |
+----+-----------+----------------------------+----+--------+
7 rows in set (0.08 sec)
Here is the debug log:
rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:37839, id=33,
length=80
User-Name = "adsl-04 at example.com@dsl"
User-Password = "<some-password>"
Service-Access-Type = "DIAL"
<cut>
radius_xlat: 'adsl-04 at example.com@dsl'
rlm_sql (sql): sql_set_user escaped user --> 'adsl-04 at example.com@dsl'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'adsl-04 at example.com@dsl'
ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 37
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username =
'adsl-04 at example.com@dsl' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'adsl-04 at example.com@dsl'
ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username =
'adsl-04 at example.com@dsl' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 37
rlm_sql (sql): No matching entry in the database for request from user
[adsl-04 at example.com@dsl]
modcall[authorize]: module "sql" returns notfound for request 1
Can someone please explain why the entry is not found. When I perform
each quey all the groups are shown but rlm_sql only ever finds the user
when asking for DSL group and then it returns all the attributes from
all the groups...
--
Kind Regards
Etienne Pretorius
More information about the Freeradius-Users
mailing list