checkval and != op

Alan DeKok aland at deployingradius.com
Mon Jun 21 13:50:08 CEST 2010 

Christian Zoffoli wrote:
> mysql> SELECT * FROM radcheck WHERE username='bumlwdgx';
...
> mysql> SELECT * FROM radusergroup WHERE username='bumlwdgx';

  <sigh>  You asked about radgroupcheck.  Why post this?

>  SELECT * FROM radgroupcheck WHERE groupname='wireless';
> +----+-----------+--------------------+----+-------------------+
> | id | groupname | attribute          | op | value             |
> +----+-----------+--------------------+----+-------------------+
> | 18 | wireless  | Calling-Station-Id | != | 00-22-15-16-35-B0 |

  Which is OK, and should work.


> rad_recv: Access-Request packet from host 127.0.0.1 port 34220, id=1,
> length=298
> 	ChilliSpot-Version = "1.2.2"
> 	User-Name = "bumlwdgx"
> 	CHAP-Challenge = 0x777d7fc0c28a480f750e1f5506c3ccd7
> 	CHAP-Password = 0x008617e203333f1fc66b2cacc4cbbe2255
> 	NAS-IP-Address = 192.168.182.1
> 	Service-Type = Login-User
> 	Framed-IP-Address = 192.168.182.2
> 	Calling-Station-Id = "00-22-15-16-35-B0"

  Which shouldn't match the entry in radgroupcheck.

> 	expand: SELECT id, groupname, attribute,           Value, op
> FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
> ORDER BY id -> SELECT id, groupname, attribute,           Value, op
>       FROM radgroupcheck           WHERE groupname = 'wireless'
>   ORDER BY id
> rlm_sql (sql): Released sql socket id: 0

  Which doesn't match, as expected.

> ++[sql] returns ok
> rlm_checkval: Item Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
> rlm_checkval: Could not find attribute named Calling-Station-Id in check
> pairs

  Of *course* this doesn't work.  You didn't add a Calling-Station-Id to
the check pairs.

  I told you that the behavior of rlm_sql was documented.  Go read that
documentation.  *Nothing* in it suggests that using "!=" as a check
operator will result in the Calling-Station-Id attribute being added to
the check pairs.

> in radiusd.conf I have:
> 
> checkval {
> 	item-name = Calling-Station-Id
> 	check-name = Calling-Station-Id
> 	data-type = string
> }

  Why?  What possible use is this?  What do you expect it to do?

 Alan DeKok.

More information about the Freeradius-Users mailing list