Virtual Server not setting attributes on reply

Timothy nzkbuk at gmail.com
Tue Dec 22 10:52:24 CET 2009


> well, looking from the log, your virtual_server doesnt appear to set any attribute
> in its post-auth stage. calling the right thing or SQL table? 

post-auth, yes, see the virtual server config below. Remember TEST1 and 
TEST2 are the same virtual server, just proxying to them via different 
methods. That's why I was getting confused, They behave differently if 
you proxy to them in different ways.

> my initial thought was your attr_filter wasnt allowing that attribute
> through from the virtual_server (much like it would strip it out
> if the domain/realm wasnt allowed - check pre-proxy and post-proxy parts)

No attr filters.
Ok I think we're getting somewhere with the pre- and post- proxy parts.

When I tried having the sql methods in there I got the following (Note 2 
starts in debug 1 for pre, 1 for post)

  Module: Checking pre-proxy {...} for more modules to load
/etc/freeradius/sites-enabled/test[59]: "SQL" modules aren't allowed in 
'pre-proxy' sections -- they have no such method.
/etc/freeradius/sites-enabled/test[58]: Errors parsing pre-proxy section.



  Module: Checking post-proxy {...} for more modules to load
/etc/freeradius/sites-enabled/test[62]: "SQL" modules aren't allowed in 
'post-proxy' sections -- they have no such method.
/etc/freeradius/sites-enabled/test[61]: Errors parsing post-proxy section.



server test {
         listen {
         #       ipaddr = *
                ipaddr = 127.0.0.1
                port = 11812
                type = auth
         }
         listen {
         #       ipaddr = *
                ipaddr = 127.0.0.1
                port = 11813
                type = acct
         }
         authorize {
         #       preprocess
                 sql
                 expiration
                 logintime
                 pap
         }

         authenticate {
                 Auth-Type PAP {
                         pap
                 }
                 Auth-Type MD5 {
                         pap
                 }
                 Auth-Type CHAP {
                         chap
                 }
                 Auth-Type MS-CHAP {
                         mschap
                 }
                 unix
                 eap
         }
         preacct {
                 preprocess
                 acct_unique
                 files
         }
         accounting {
                 detail
                 unix
                 radutmp
         }
         session {
                 radutmp
                 #  See "Simultaneous Use Checking Queries" in sql.conf
         #       sql
         }
         post-auth {
                 sql
         }
         pre-proxy {
         #       sql
         }
         post-proxy {
         #       sql
         #       attr_rewrite
                 eap
         }
}




More information about the Freeradius-Users mailing list