usergroup problems with separate auth and accounting databases
Trey Scarborough
treys at door.net
Thu Aug 26 23:33:32 CEST 2010
Alan DeKok wrote:
> Trey Scarborough wrote:
>
>> All I am trying to do is run the radius auth querys on a database on one
>> machine and the accounting on another in another database. The problem I
>> am seeing is that when the additional sql configuration is put in for
>> the accounting database it begins to use that configuration for the
>> group_membership_query
>>
>
> Uh... no. Nothing in the SQL accounting configuration uses the group
> membership query. See the source code.
>
>
Exactly my problem and why I don't understand why it breaks the
authorization radius reply attributes.
>> which is not in the accounting database and
>> fails. If I remove the sql-auth from the accounting configuration it
>> runs fine using the rad-auth sql configuration. Here is the exerts from
>> my configuration. I am trying to set some radreply items with sql and
>> some by the users file by group. This works fine until I try to seperate
>> the databases.
>>
>
> Let me guess... you have policies for accounting which use "SQL-Group"?
>
No It breaks the Authentication when I add the Accounting configuration
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
Here is another more specific output from a debug
It runs like this without the accounting configuration
[sql-auth] sql_groupcmp
[sql-auth] expand: %{User-Name} -> test at testdomain.net
[sql-auth] sql_set_user escaped user --> 'test at testdomain.net'
rlm_sql (sql-auth): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT GroupName FROM usergroup WHERE
UserName='test at testdomain.net'
[sql-auth] sql_groupcmp finished: User is a member of group active
rlm_sql (sql-auth): Released sql socket id: 3
Runs like this when I add the rad-acct to accounting. It appears to be
using the sql-acct for the sql_groupcmp for some reason.
[sql-auth] sql_groupcmp
[sql-auth] expand: %{User-Name} -> test at testdomain.net
[sql-auth] sql_set_user escaped user --> 'test at testdomain.net'
rlm_sql (sql-acct): Reserving sql socket id: 4
rlm_sql (sql-acct): Released sql socket id: 4
[sql-auth] sql_groupcmp finished: User is NOT a member of group active
Any ideas as to why It would do this?
More information about the Freeradius-Users
mailing list