Filter-Id SQL xlat function

Ljupco Vangelski ljupco.vangelski at gmail.com
Mon Oct 13 11:32:30 CEST 2008 

Hi
I want FreeRADIUS to return the Filter-Id attribute, on behalf of a 
service of the client which is in another table (not in radreply or 
radgroupreply). The idea is to have a different Filter-Id depending on 
the region the client is connecting to (which means depending on the 
CallingStation-Id parameter). So I have a separate table in which 
CallingStation-Ids and Filter-Ids are mapped.

For example:
mysql> select service from userinfo where username='ljupco' limit 1;
+---------+
| service |
+---------+
| net1    |
+---------+

Now if I put that query in the Filter-Id, the XLAT function doesn't get 
executed:
==In radreply=====================================
UserName......Attribute..........op.........Value
ljupco............Filter-Id.............=.........%{sql:select service 
from userinfo where username='ljupco' limit 1;}
==============================================
# radtest ljupco ljupco localhost 523 testing123
Sending Access-Request of id 201 to 127.0.0.1 port 1812
        User-Name = "ljupco"
        User-Password = "ljupco"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 523
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=201, length=89
        Filter-Id = "%{sql:select service from userinfo where 
username='ljupco' limit 1;}"

Instead of "%{sql:select service from userinfo where username='ljupco' 
limit 1;}" there should be net1.
How can I do this?

Output from radiusd -X (freeradius v1.1.6)
rad_recv: Access-Request packet from host 127.0.0.1:59998, id=201, length=58
        User-Name = "ljupco"
        User-Password = "ljupco"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 523
rad_lowerpair:  User-Name now 'ljupco'
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "ljupco", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 7
radius_xlat:  'ljupco'
rlm_sql (sql): sql_set_user escaped user --> 'ljupco'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM 
radcheck           WHERE Username = 'ljupco'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ljupco' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM 
radreply           WHERE Username = 'ljupco'           ORDER BY id'
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 'ljupco' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 7
  modcall[authorize]: module "pap" returns updated for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type pap
auth: type "PAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group PAP for request 7
rlm_pap: login attempt with password ljupco
rlm_pap: Using clear text password "ljupco".
rlm_pap: User authenticated successfully
  modcall[authenticate]: module "pap" returns ok for request 7
modcall: leaving group PAP (returns ok) for request 7
Login OK: [ljupco/ljupco] (from client localhost port 523)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 7
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'ljupco'
rlm_sql (sql): sql_set_user escaped user --> 'ljupco'
radius_xlat:  'INSERT into radpostauth (id, user, pass, reply, date) 
values ('', 'ljupco', 'ljupco', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, 
user, pass, reply, date) values ('', 'ljupco', 'ljupco', 
'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
  modcall[post-auth]: module "sql" returns ok for request 7
modcall: leaving group post-auth (returns ok) for request 7
Sending Access-Accept of id 201 to 127.0.0.1 port 59998
        Filter-Id = "%{sql:select service from userinfo where 
username='ljupco' limit 1}"
Finished request 7
Going to the next request

Tried as well with freeradius v2.0.5, the result is the same.
Regards,

-- 
Ljupco

More information about the Freeradius-Users mailing list