rlm_sql: Failed to create the pair: Unknown attribute "DragonWave-Privilege-Level" requires a hex string, not "DragonWave-Super-User"

Alan DeKok aland at deployingradius.com
Mon Jul 7 18:10:41 CEST 2014

Tony DeMatteis wrote:
> I am setting up/migrating to a new Radius server.  My current server is
> using flat files (users/clients).  Not a huge deployment, but now have
> designs to scale larger.  I've run into a problem with one reply
> attribute I can't seem to identify the problem.  I've searched the
> documentation (and Googled), and while probably in from of my eyes, I
> can't seem to find the cause/solution.  The same reply attributes work
> fine in my current/production server, but fail (and only when trying to
> include the "DragonWave-Privilege-Level" reply attribute).

  The dragonwave dictionary isn't on the new server.  Add it to the new
server, and it will work.

>  Now one
> note, in my production server in my user stanza I use the "=" operator
> for each of the reply attributes.  However, in my new server, when using
> the "=" as the operator in the reply attribute I was receiving only one
> attribute upon authentication.  I then thought I understood from the
> documentation that I needed to use "+=" in my reply attributes.

  Yes, += is what you want to use.

>  After
> making that change, all the group attributes were returned.  One
> difference may be that I am specifying the "group" attributes under each
> "user" (current/production) vs in a "group" which is referenced (new
> server)?

  I don't know what that means.

  The functionality of the "users" file is documented.  See "man users",
and the comments at the start of the default file.

> # /usr/share/freeradius/dictionary.dragonwave

  Which is on the old server, and isn't on the new one.

  I've added it to the default release, so it will be there.  At least
for vendors who ship recent versions of the server instead of 2.1.12.

  Alan DeKok.

More information about the Freeradius-Users mailing list