freeradius, rlm_sql and tagged attributes

Evgeniy Kozhuhovskiy ugenk at mgts.by
Wed Aug 4 15:50:33 CEST 2010 

I need to reply to NAS with same attributes with different tags.
All works ok when i'm using users file. But when i'm migrating to 
rlm_sql, only first instance of attribute goes in reply:

mysql> SELECT id, groupname, attribute, value, op FROM radgroupreply 
WHERE groupname = 'test' ORDER BY id;
+----+-----------+-----------------------+-----------------+----+
| id | groupname | attribute             | value           | op |
+----+-----------+-----------------------+-----------------+----+
|  6 | test      | Framed-IP-Address     | 255.255.255.254 | =  |
|  7 | test      | Service-Type          | Framed-User     | =  |
|  8 | test      | Acct-Interim-Interval | 1800            | =  |
|  9 | test      | PPPD-Pool-Number      | ippool          | =  |
| 16 | test      | Ip-Address-Pool-Name  | ippool          | =  |
| 19 | test      | Service-Name:1        | GUEST           | =  |
| 20 | test      | Service-Name:2        | INET            | =  |
| 21 | test      | Service-Options:1     | 0               | =  |
| 22 | test      | Service-Options:2     | 1               | =  |
| 28 | test      | Context-Name          | Internet        | =  |
+----+-----------+-----------------------+-----------------+----+
10 rows in set (0.01 sec)

rad_recv: Access-Request packet from host 127.0.0.1 port 11113, id=248, 
length=252
         User-Name = "test at test"
         CHAP-Password = 0x01f304695c088000b6a248776d9ec67084
         CHAP-Challenge = 0xc581f30d3a2736d1a039596397c627fd
         Service-Type = Framed-User
         Framed-Protocol = PPP
         NAS-Identifier = "Redback"
         NAS-Port = 33619968
         NAS-Real-Port = 553652128
         NAS-Port-Type = Virtual
         NAS-Port-Id = "2/1 vlan-id 4000 pppoe 6"
         Medium-Type = 11
         Mac-Address = "00-0c-29-bd-8b-a1"
         Platform-Type = 3
         OS-Version = "6.2.1.2"
         Acct-Session-Id = "0100FFFF680000BE-4C596DEB"
         NAS-IP-Address = 172.26.201.21
         Proxy-State = 0x3632
server guest {
+- entering group authorize
++[preprocess] returns ok
   rlm_chap: Setting 'Auth-Type := CHAP'
++[chap] returns ok
     users: Matched entry DEFAULT at line 163
++[files] returns ok
         expand: %{User-Name} -> test at test
rlm_sql (sql): sql_set_user escaped user --> 'test at test'
rlm_sql (sql): Reserving sql socket id: 65
         expand: SELECT id, username, attribute, value, op 
FROM radcheck           WHERE username = '%{SQL-User-Name}' 
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radcheck           WHERE username = 'test at test'           ORDER BY id
rlm_sql (sql): User found in radcheck table
         expand: SELECT id, username, attribute, value, op 
FROM radreply           WHERE username = '%{SQL-User-Name}' 
ORDER BY id -> SELECT id, username, attribute, value, op           FROM 
radreply           WHERE username = 'test at test'           ORDER BY id
         expand: SELECT groupname           FROM radusergroup 
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM radusergroup           WHERE username = 
'test at test'           ORDER BY priority
         expand: SELECT id, groupname, attribute,           Value, op 
         FROM radgroupcheck           WHERE groupname = '%{Sql-Group}' 
          ORDER BY id -> SELECT id, groupname, attribute, 
Value, op           FROM radgroupcheck           WHERE groupname = 
'test'           ORDER BY id
rlm_sql (sql): User found in group test
         expand: SELECT id, groupname, attribute,           value, op 
         FROM radgroupreply           WHERE groupname = '%{Sql-Group}' 
          ORDER BY id -> SELECT id, groupname, attribute, 
value, op           FROM radgroupreply           WHERE groupname = 
'test'           ORDER BY id
rlm_sql (sql): Released sql socket id: 65
++[sql] returns ok
   rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
+- entering group CHAP
   rlm_chap: login attempt by "test at test" with CHAP password
   rlm_chap: Using clear text password "ilser56" for user test at test 
authentication.
   rlm_chap: chap user test at test authenticated succesfully
++[chap] returns ok
Login OK: [test at test/<CHAP-Password>] (from client localhost port 33619968)
} # server guest
Sending Access-Accept of id 248 to 127.0.0.1 port 11113
         Framed-Protocol = PPP
         Session-Timeout = 172800
         Framed-IP-Address = 255.255.255.254
         Framed-Compression = Van-Jacobson-TCP-IP
         Service-Type = Framed-User
         Acct-Interim-Interval = 1800
         PPPD-Pool-Number = "ippool"
         Ip-Address-Pool-Name = "ippool"
         Service-Name:1 = "GUEST"
         Service-Options:1 = 0
         Context-Name = "Internet"
         Proxy-State = 0x3632
Finished request 374.


-- 
С уважением, Евгений Кожуховский
Руководитель группы сервисных платформ
УИТ ЦИТС МГТС РУП Белтелеком
+375-29-3998175
+375-29-7561625
+375-17-3060026

More information about the Freeradius-Users mailing list