Combine Proxy Answer with Local Information

Dan Fisher | Fluidata DanFisher at fluidata.co.uk
Mon Nov 23 12:36:29 CET 2009 

Hi,

 

 

>> My problem is that the response I send to our LAC has to contain
extra
>> information depending on the domain. Is it possible to query a local
>> mysql database for this extra information (these are cisco av pairs
>> needed to establish the tunnels between the LAC and LNS)
 
>Yes. See man unlang.
 
>> and add it into
>> the Access-Accept message that is returned to the LAC from the
radius?
 
>Use unlang in post-proxy.
 
>Ivan Kalik

 

Thanks for the guidance ivan, its given me a good starting point. I have
managed to get new information into my accept requests by hard coding
update reply sections in the unlang code (example below) :

 

update reply {

       Tunnel-Client-Auth-ID = "fluidata"

}

 

 

However I am having real problems getting the mysql part working. I have
tried using examples other people are using that work and they either
just get treated as a string or the server wont even run in debug mode.
I don't appear to be able to use the sql module itself as I get an error
saying its not supported in the post-proxy configuration section. Can
anyone suggest where I might be going wrong with this? Inside the
post-proxy section I have:

 

Where %{2} is the result of a regular expression to split a full
username so I just have the domain to use later on.

 

        if ( "%{sql: SELECT Attribute from radreply where username
='%{2}' and attribute='Tunnel-Password'}" ) {

                ok

        }

 

I have tried this with and without the 

Output looks like:

 

WARNING: Unknown module "sql" in string expansion "%{sql: SELECT
Attribute from radreply where Username ='burst.net' and
Attribute='Tunnel-Password'}"

        expand: %{sql: SELECT Attribute from radreply where Username
='burst.net' and Attribute='Tunnel-Password'} ->

? Evaluating ("%{sql: SELECT Attribute from radreply where Username
='burst.net' and Attribute='Tunnel-Password'}" ) -> FALSE

++? if ("%{sql: SELECT Attribute from radreply where Username
='burst.net' and Attribute='Tunnel-Password'}" ) -> FALSE

 

/etc/raddb/sites-enabled/default[562]: "SQL" modules aren't allowed in
'post-proxy' sections -- they have no such method.

/etc/raddb/sites-enabled/default[512]: Errors parsing post-proxy
section.

 

If anyone has any thoughts on this or whether I can obtain the same
information another way that would be much appreciated. I will be having
potentially hundreds of different relams going through this freeradius
instance and I need to add this information for each one

 

Dan Fisher

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091123/8ea5f289/attachment.html>

More information about the Freeradius-Users mailing list