FreeRadius2 + MySQL: NAS x Usergroup
Carlos Eduardo Tavares Terra
eduardo.terra at gmail.com
Tue Sep 9 03:26:01 CEST 2008
Sorry, but maybe I didn't understand how virtual servers really work.
I have one big users base. The users can be in one or more groups.
User:John - Group:dialup
User:John - Group:broadband
User:Jack - Group:dialup
User:Jack - Group: hotspot
John and Jack are in my radcheck and radusergroup tables.
Username: John Username: Jack
Attribute: Password Attribute: Password
Op: := Op: :=
Value: crypt('test') Value: crypt('test2')
My nas clients are in database too.
nasname: 192.168.2.2 nasname: 192.168.2.3
shortname: dialup-nas shortname: broadband-nas
type: cisco type: cisco
secret: secret-password secret: secret-password
server: dialup server: broadband
My problem is here:
expand: %{User-Name} -> John
rlm_sql (sql): sql_set_user escaped user --> 'John'
rlm_sql (sql): Reserving sql socket id: 2
expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'John' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'John' ORDER BY id
expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'John' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'dialup' ORDER BY id
rlm_sql (sql): User found in group dialup
expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'dialup' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
John is connecting through broadband-nas, but freeradius is getting
dialup groupname and all its checks and replys.
Dialup and broadband has the same priority in radusergroup table.
I wish to 'force' something like 'dialup-nas'->'dialup group',
'broadband-nas'->'broadband group'.
Maybe I'm going through the wrong way.
I have separated into different virtual servers because each type of
service have different modules implemented by me. In freeradius1 I was
using the groupreply 'Exec-Program-Wait' and different radius servers
for each service. In each server I have modified the sql querys to get
only replys and checks for respectives groups (services).
How is the 'right' way to implement this scenario with freeradius 2?
Thank you for the help.
2008/9/6 <tnt at kalik.net>:
> No. You define virtual home servers in proxy.conf.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 6/9/2008, "Carlos Eduardo Tavares Terra" <eduardo.terra at gmail.com>
> piše:
>
>>Can I associate in groupcheck a groupname with a virtual server?
>>
>>I have separated each type of services into different virtual servers,
>>because each one of then has different modules.
>>
>>Thanks
>>
>>On Fri, Sep 5, 2008 at 2:49 PM, Ivan Kalik <tnt at kalik.net> wrote:
>>> Radgroupcheck table.
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>> -----Original Message-----
>>> From: freeradius-users-bounces+tnt=kalik.net at lists.freeradius.org
>>> [mailto:freeradius-users-bounces+tnt=kalik.net at lists.freeradius.org] On
>>> Behalf Of Carlos Eduardo Tavares Terra
>>> Sent: 05 September 2008 02:42
>>> To: freeradius-users at lists.freeradius.org
>>> Subject: FreeRadius2 + MySQL: NAS x Usergroup
>>>
>>>
>>> Dear freeradius users,
>>>
>>> I have a special scenario. Today I have many freeradius servers, each
>>> one responsible for differente services.
>>>
>>> Now I want to group this freeradius servers into one master server, but I
>>> have users in many differente usergroups (one for each service).
>>> How can I associate an usergroup to a nas?
>>> Example:
>>> NAS (192.168.2.1) -> Usergroup (Dialup)
>>> NAS (192.168.2.2) -> Usergroup (Broadband)
>>> NAS (192.168.2.3) -> Usergroup (Hotspot)
>>>
>>> I saw how to do this using huntgroups, but I want to use a mysql database
>>> with all clients.
>>>
>>> There are another ways to implement this different services into one
>>> radius server, maybe the right way? If not, how can I associate the
>>> usergroups and nas using mysql?
>>>
>>> Thank you
>>> --
>>> Carlos Eduardo Tavares Terra
>>> GNU/Linux #413291 [http://counter.li.org]
>>> Slackware Linux
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>> No virus found in this incoming message.
>>> Checked by AVG - http://www.avg.com
>>> Version: 8.0.169 / Virus Database: 270.6.16/1652 - Release Date: 2008-09-04
>>> 18:54
>>>
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>
>>
>>
>>--
>>Carlos Eduardo Tavares Terra
>>Analista de Sistemas
>>Petróleo Brasileiro S/A
>>GNU/Linux #413291 [http://counter.li.org]
>>Slackware Linux
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Carlos Eduardo Tavares Terra
Analista de Sistemas
Petróleo Brasileiro S/A
GNU/Linux #413291 [http://counter.li.org]
Slackware Linux
More information about the Freeradius-Users
mailing list