how to refer to default virual server via dynamic clients sql lookup

Łukasz Kostka ukasz83 at gmail.com
Wed Aug 10 15:09:23 CEST 2011 

W dniu 10.08.2011 14:42, Alan DeKok pisze:
> Łukasz Kostka wrote:
>> i have 2 virtual servers active:
>> default
>> dynamic-clients
>    No, you don't.  The debug log clearly shows this.
>
ls -l /etc/freeradius/sites-enabled/
razem 0
lrwxrwxrwx 1 root freerad 26 05-17 12:08 default -> 
../sites-available/default
lrwxrwxrwx 1 root freerad 34 08-10 11:00 dynamic-clients -> 
../sites-available/dynamic-clients

>> i wan to lookup every nas via sql dynamic-clients.
>>
>> my dynamic-clients configuration file
>>
>> client dynamic {
>>      ipaddr = 0.0.0.0
>>      netmask = 0
>>      lifetime = 3600
>> }
>    This is wrong.  See raddb/sites-available/dynamic-clients.
>
>    This is documented.  Use the example that ships with the server.  It
> works.
>
no. it doesn't

i have copied the file raddb/sites-available/dynamic-client.


rad_recv: Access-Request packet from host 10.194.3.239 port 44962, 
id=38, length=85
     Service-Type = Login-User
     User-Name = "ukasz"
     User-Password = "x\031\251\363\263}{\326($\010ь\372%\375"
     Calling-Station-Id = "10.194.3.230"
     NAS-Identifier = "admini-pokoj"
     NAS-IP-Address = 10.194.3.239
server something {
No such virtual server "something"
} # server something
Using Post-Auth-Type Reject
No such virtual server "something"

2 things doesn't fit. secret and FreeRADIUS-Client-Virtual-Server = 
"something"

>> doesn't matter if i have NULL or just empty string or default in column
>> server in table nas freeradius in -X mode says:
>>
>> rad_recv: Access-Request packet from host 10.194.3.239 port 35419,
>> id=31, length=85
>>      Service-Type = Login-User
>>      User-Name = "ukasz"
>>      User-Password = "dupa"
>>      Calling-Station-Id = "10.194.3.230"
>>      NAS-Identifier = "admini-pokoj"
>>      NAS-IP-Address = 10.194.3.239
>> server  {
>> No such virtual server ""
>> } # server
>> Using Post-Auth-Type Reject
>> No such virtual server ""
>>
>> if i comment the line  with #
>> FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT server FROM nas WHERE
>> nasname = '%{Packet-Src-IP-Address}'}"
>>
>> freeradius lookups the default server but it is not whot i want.
>    What does that mean?  If you have a NULL field in the "server" column,
> it means "use the default server".  But here you say using the default
> server isn't what you want.
>
>    Which one is true?
it means that if i comment out
FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT server FROM nas WHERE 
nasname = '%{Packet-Src-IP-Address}'}"
i will not be able to send different clients to different virtual 
servers (even if i have set server collumn in sql)  becouse it will 
always select default one.
>> i have found a dirty hack how to solve this problem:
>>
>> i have basicly created a file default-default file in
>> /etc/sites-enabled/ and it countains:
>>
>> server default-default {
>> $INCLUDE ${confdir}/sites-available/default
>> }
>    DON'T DO THAT.  It's wrong.  It's broken.  It's not needed.
i know. that is why i have called it dirty hack.
>> and when i type default-default in sql collumn server, my authentication
>> requests goes to default server.
>>
>> maybe i am doing something worong. i could not find any info how to
>> refer to default virtual server in sql.
>    Yes, you're doing something wrong.  This is documented.  Lots.  The
> examples work.  Use them.
>
>    Even after 10+ years of doing this, I'm still amazed at the amount of
> effort people put into breaking the server.
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

this is how my config file looks:


client dynamic {
     ipaddr = 10.0.0.0
     netmask = 8
     dynamic_clients = dynamic_client_server
     lifetime = 3600
}

server dynamic_client_server {

     authorize {

         if ("%{sql: SELECT nasname FROM nas WHERE nasname = 
'%{Packet-Src-IP-Address}'}") {
             update control {

                 FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"

                 FreeRADIUS-Client-Shortname = "%{sql: SELECT shortname 
FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"

                 FreeRADIUS-Client-Secret = "%{sql: SELECT secret FROM 
nas WHERE nasname = '%{Packet-Src-IP-Address}'}"

                 FreeRADIUS-Client-NAS-Type = "%{sql: SELECT type FROM 
nas WHERE nasname = '%{Packet-Src-IP-Address}'}"

                 FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT 
server FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
             }

         }

         ok
     }
}

More information about the Freeradius-Users mailing list