radiusd -X SQL suggests "not found" however user attributes are in the radcheck table?

Fajar A. Nugraha list at fajar.net
Wed Aug 1 05:52:19 CEST 2012

On Wed, Aug 1, 2012 at 5:03 AM, Kaya Saman <kayasaman at gmail.com> wrote:
> From what I can see it's quite non-complex config though one needs to
> understand the process of how RADIUS works and additionally the 'radius' way
> of doing things rather then say, a corporate network vendor way.

This helps: http://wiki.freeradius.org/Concepts

> For now I have all the pieces to my jigsaw puzzle, minus defining a VLAN
> (tunnel ID) of last resort so if FR doesn't recognize the L2 address of a
> machine it should give it a specific tunnel-ID (VLAN).

There should be many ways to do that. If you assume that "normal"
users would always have ONE Tunnel-Private-Group-Id reply attribute
(in radreply), then you should be able to use unlang:

You would then need to do something like this:
- have "sql" module active in authorize block (you should already have
that), which would populate reply attributes from rad(group)reply
- under that, have an unlang block that says "if there's no
Tunnel-Private-Group-Id attribute in the reply, then add one".
Something like (untested)

update reply {
    Tunnel-Private-Group-Id = 10

Replace the "10" there with whatever your Tunnel-Private-Group-Id for
unknown users is, and the "=" operator will "Add the attribute to the
list, if and only if an attribute of the same name is not already
present in that list" (see unlang man page).


More information about the Freeradius-Users mailing list