Stripping Realms from SQL Accounting Queries
Tim Gustafson
tjg at soe.ucsc.edu
Mon Nov 23 23:34:21 CET 2009
> Perhaps do what is suggested wherever you care to look (this
> list, documentation, website, ...) - run server in debug mode
> (radiusd -X). Then you will see exactly what is happening.
I did that, and it didn't help. I added a realm definition back in to the config file, and here's the debug output now:
> [suffix] Looking up realm "soe.ucsc.edu" for User-Name = "tjg at soe.ucsc.edu"
> [suffix] Found realm "soe.ucsc.edu"
> [suffix] Adding Stripped-User-Name = "tjg"
> [suffix] Adding Realm = "soe.ucsc.edu"
> [suffix] Authentication realm is LOCAL.
So far so good...
> [ldap] performing user authorization for tjg
> [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=tjg)
> [ldap] expand: dc=soe,dc=ucsc,dc=edu -> dc=soe,dc=ucsc,dc=edu
Depreciated syntax aside, we're still doing good...
> [sql] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> [sql] expand: insert into RadiusLog (SessionID, UserName, WapIpAddress, UserMacAddress, StartTime) value ('%{Acct-Session-Id}', '%{Stripped-User-Name:-%{User-Name}}', '%{NAS-IP-Address}', '%{Calling-Station-Id}', '%S') -> insert into RadiusLog (SessionID, UserName, WapIpAddress, UserMacAddress, StartTime) value ('0004F8C5', 'tjg at soe.ucsc.edu', '192.168.32.8', '0024.2b58.2f46', '2009-11-23 14:13:42')
Doh, no dice! Incidentally, as I mentioned in another reply a few minutes ago, using %{SQL-User-Name} instead of %{User-Name} results in an empty string, and using only %{Stripped-User-Name} also results in an empty string.
If you really would like me to, I suppose I could get you the whole debug output, but it's a few thousand lines for a single authorization.
Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg at soe.ucsc.edu
831-459-5354
More information about the Freeradius-Users
mailing list