rlm_sql: Failed to create the pair: Unknown attribute "DragonWave-Privilege-Level" requires a hex string, not "DragonWave-Super-User"

Tony DeMatteis tonyd at commspeed.net
Tue Jul 8 01:03:13 CEST 2014


Hi Alan,

Thank you for your reply.  Please see my comments inline as well.

And thank you for your continued patience!


On 07/07/2014 09:10 AM, Alan DeKok wrote:
> Tony DeMatteis wrote:
>> I am setting up/migrating to a new Radius server.  My current server is
>> using flat files (users/clients).  Not a huge deployment, but now have
>> designs to scale larger.  I've run into a problem with one reply
>> attribute I can't seem to identify the problem.  I've searched the
>> documentation (and Googled), and while probably in from of my eyes, I
>> can't seem to find the cause/solution.  The same reply attributes work
>> fine in my current/production server, but fail (and only when trying to
>> include the "DragonWave-Privilege-Level" reply attribute).
>    The dragonwave dictionary isn't on the new server.  Add it to the new
> server, and it will work.
As you pointed out, the dragonwave dictionary is not included as one of 
the dictionaries in a default installation.  So I added the needed 
dictionary to the /usr/share/freeradius directory (new server).
>>   Now one
>> note, in my production server in my user stanza I use the "=" operator
>> for each of the reply attributes.  However, in my new server, when using
>> the "=" as the operator in the reply attribute I was receiving only one
>> attribute upon authentication.  I then thought I understood from the
>> documentation that I needed to use "+=" in my reply attributes.
>    Yes, += is what you want to use.
>
>>   After
>> making that change, all the group attributes were returned.  One
>> difference may be that I am specifying the "group" attributes under each
>> "user" (current/production) vs in a "group" which is referenced (new
>> server)?
>    I don't know what that means.
>
>    The functionality of the "users" file is documented.  See "man users",
> and the comments at the start of the default file.
Forgive my ignorance, I will review the man users file.  What I meant 
was that, as I learn more, I don't believe by adding specific attributes 
to a single user in the user file (old server) that I was effecting a 
groupreply.  On the new server I am specifically defining the reply 
attributes I want returned and adding a profile (group) to the user.  So 
I noted that, not expecting there to be any difference in the operator 
of the reply attr but, not being absolutely sure.
>
>> # /usr/share/freeradius/dictionary.dragonwave
This is the path of the dictionary on the New Server
>    Which is on the old server, and isn't on the new one.
>
>    I've added it to the default release, so it will be there.  At least
> for vendors who ship recent versions of the server instead of 2.1.12.
Thank you very much =)
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140707/99719d74/attachment.html>


More information about the Freeradius-Users mailing list