Set NoCat user class in Access-Accept
Ana Gallardo
ana.gallardo.77 at gmail.com
Wed May 5 12:17:20 CEST 2010
Hello,
I want to send the NoCat user Class in the Access-Accept.
I don't know if I can send an attribute defined by me.
I have defined an attributed:
# cat /etc/freeradius/dictionary
$INCLUDE /usr/share/freeradius/dictionary
ATTRIBUTE NoCat-User-Class 3000 string
And I put this attribute in the reply list with MySQL:
mysql> select * from radgroupreply;
+----+-----------+------------------+----+------------------------------+
| id | groupname | attribute | op | value |
+----+-----------+------------------+----+------------------------------+
| 6 | MEMBER | NoCat-User-Class | := | Member |
+----+-----------+------------------+----+------------------------------+
mysql> select * from radusergroup;
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| ana | CAU1 | 0 |
| ana | MEMBER | 8 |
+----------+-----------+----------+
But the server don send this attribute to the user. Debug info:
rad_recv: Access-Request packet from host X port 33606, id=250, length=55
User-Name = "ana"
User-Password = "claveAna"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
+- entering group authorize {...}
sql_xlat
expand: %{User-Name} -> ana
sql_set_user escaped user --> 'ana'
expand: select shortname from nas where nasname="%{Client-IP-Address}"
-> select shortname from nas where nasname="X"
expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: select shortname from nas where nasname="X"
sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
expand: %{sql:select shortname from nas where
nasname="%{Client-IP-Address}"} -> pcCAU1
++[request] returns notfound
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "ana", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> ana
[sql] sql_set_user escaped user --> 'ana'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = BINARY 'ana' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = BINARY 'ana' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = BINARY 'ana' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = BINARY 'ana' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = BINARY
'ana' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = BINARY 'ana' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = 'CAU1' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname = 'CAU1'
ORDER BY id
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = 'MEMBER' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'MEMBER' ORDER BY id
[sql] User found in group MEMBER
[sql] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE
groupname = 'MEMBER' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'MEMBER' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[expiration] Checking Expiration time: '02 Dec 2010'
++[expiration] returns ok
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "claveAna"
[pap] Using clear text password "claveAna"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> ana
[sql] sql_set_user escaped user --> 'ana'
[sql] expand: INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES ( '%{User-Name}',
'%{Calling-Station-Id}', '%C',
'%{Nas-IP-Address}', '%{reply:Packet-Type}',
NOW()) -> INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES ( 'ana', '',
'pcCAU1', '127.0.1.1',
'Access-Accept', NOW())
[sql] expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, mac, client, nas, reply,
authdate) VALUES (
'ana', '', 'pcCAU1',
'127.0.1.1', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES ( 'ana', '',
'pcCAU1', '127.0.1.1',
'Access-Accept', NOW())
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
Sending Access-Accept of id 250 to X port 33606
Reply-Message += "Hola Anita"
Session-Timeout = 18189945
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 250 with timestamp +6
Ready to process requests.
I have found the attribute Class but I think that is more complex than I
need.
Some sugestion??
Thank you very much and sorry for my english.
--
____________________
Ana Gallardo Gómez
____________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100505/2d73981e/attachment.html>
More information about the Freeradius-Users
mailing list