Multi-tenancy setup
Agh Sistemas
wifi at aghsistemas.com
Thu Nov 6 23:33:34 CET 2014
perhaps using hunt-groups ?
Victor Ors - Agh Sistemas - Infraestructuras de red cableadas y wifi
Av Alay 3, 29630 Benalmadena Costa, Malaga, Spain
Tel.: +34 952 441 147
Averias 24h.:+34 654 94 86 94
http://www.aghsistemas.com
AVISO LEGAL: CLÁUSULA DE CONFIDENCIALIDAD (AGH SISTEMAS)
Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
contener información confidencial o legalmente protegida (LOPD 15/1999 de
13 de Diciembre), siendo para uso exclusivo del destinatario. No hay
renuncia a la confidencialidad o secreto profesional por cualquier
transmisión defectuosa o errónea, y queda expresamente prohibida su
divulgación, copia o distribución a terceros sin la autorización expresa
del remitente. Si ha recibido este mensaje por error o no desea recibir
información comercial, se ruega lo notifique al remitente enviando un
mensaje al correo electrónico, con el asunto (dar de baja o no deseo
recibir información comercial),ventas at aghsistemas.com y proceda
inmediatamente al borrado del mensaje original y de todas sus copias.
Gracias por su colaboración
2014-11-06 23:15 GMT+01:00 Ilavajuthy Palanisamy <ilavajuthy at gmail.com>:
> Hello All,
>
>
>
> As suggested in earlier replies I have modified the sql query and the
> schema. We are trying to use NAS-Identifier to segregate the customers.
>
> However I am running into an issue when trying to authenticate user using
> PEAP MSCHAP.
>
> While sending the tunneled request, its not containing the NAS-Identifier.
> Is it possible to send the NAS-Identifier in the tunneled request?
>
> I am using freeradius version 2.1.12
>
> Please let me know if there is something wrong with my config.
>
>
>
>
> FreeRadius LOG (i have removed many log output lines to reduce the size of
> the mail)
>
>
> --------------------------------------------------------------------------------------------------------------------
>
>
> rad_recv: Access-Request packet from host 192.168.1.62 port 32953, id=154,
> length=226
>
> Acct-Session-Id = "eaea9572-00000065"
>
> NAS-Port = 95
>
> NAS-Port-Type = Wireless-802.11
>
> NAS-Identifier = "CN3BD321SM"
>
> NAS-IP-Address = 192.168.1.62
>
> Framed-MTU = 1496
>
> User-Name = "radtest"
>
> Calling-Station-Id = "F0-25-B7-48-08-2C"
>
> Called-Station-Id = "A0-D3-C1-AB-71-62"
>
> Service-Type = Framed-User
>
> EAP-Message = 0x025a000c0172616474657374
>
> Colubris-AVPair = "ssid=tenant"
>
> Colubris-AVPair = "phytype=IEEE802dot11 "
>
> Colubris-Attr-250 = 0x00000000
>
> Colubris-Attr-249 = 0x00000000
>
> Message-Authenticator = 0xb9bfc73c2e480450d46170ae43dc7721
>
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> ++[digest] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] EAP packet type response id 90 length 12
>
> [eap] No EAP Start, assuming it's an on-going EAP conversation
>
> ++[eap] returns updated
>
> ++[files] returns noop
>
> [sql] expand: %{User-Name} -> radtest
>
> [sql] sql_set_user escaped user --> 'radtest'
>
> rlm_sql (sql): Reserving sql socket id: 3
>
> [sql] expand: SELECT radcheck.id, radcheck.UserName,
> radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck, nasgroup
> WHERE Username = '%{SQL-User-Name}' AND nasgroup.nasid =
> '%{NAS-Identifier}' AND nasgroup.groupname = radcheck.Groupname ORDER
> BY radcheck.id -> SELECT radcheck.id, radcheck.UserName,
> radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck, nasgroup
> WHERE Username = 'radtest' AND nasgroup.nasid = 'CN3BD321SM' AND
> nasgroup.groupname = radcheck.Groupname ORDER BY radcheck.id
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 1 , fields = 5
>
> [sql] User found in radcheck table
>
> [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
> radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
> UserName, Attribute, Value, Op FROM radreply WHERE Username = 'radtest'
> ORDER BY id
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 1 , fields = 5
>
> [sql] expand: SELECT GroupName FROM radusergroup WHERE
> UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
> radusergroup WHERE UserName='radtest' ORDER BY priority
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 0 , fields = 1
>
> rlm_sql (sql): Released sql socket id: 3
>
> ++[sql] returns ok
>
> ++[expiration] returns noop
>
> ++[logintime] returns noop
>
> [pap] WARNING: Auth-Type already set. Not setting to PAP
>
> ++[pap] returns noop
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/default
>
> +- entering group authenticate {...}
>
> [eap] EAP Identity
>
> [eap] processing type md5
>
> rlm_eap_md5: Issuing Challenge
>
> ++[eap] returns handled
>
> Sending Access-Challenge of id 154 to 192.168.1.62 port 32953
>
> EAP-Message =
> 0x015b00160410c29fa2a1e7b48d23a6e801c718e9f7a7
>
> Message-Authenticator = 0x00000000000000000000000000000000
>
> State = 0x005655b7000d519bfcf3bbcabb4eb013
>
> Finished request 0.
>
> Going to the next request
>
> Waking up in 4.9 seconds.
>
> rad_recv: Access-Request packet from host 192.168.1.62 port 32953, id=77,
> length=238
>
> Acct-Session-Id = "eaea9572-00000065"
>
> NAS-Port = 95
>
> NAS-Port-Type = Wireless-802.11
>
> NAS-Identifier = "CN3BD321SM"
>
> NAS-IP-Address = 192.168.1.62
>
> Framed-MTU = 1496
>
> User-Name = "radtest"
>
> Calling-Station-Id = "F0-25-B7-48-08-2C"
>
> Called-Station-Id = "A0-D3-C1-AB-71-62"
>
> Service-Type = Framed-User
>
> EAP-Message = 0x025b00060319
>
> State = 0x005655b7000d519bfcf3bbcabb4eb013
>
> Colubris-AVPair = "ssid=tenant"
>
> Colubris-AVPair = "phytype=IEEE802dot11 "
>
> Colubris-Attr-250 = 0x00000000
>
> Colubris-Attr-249 = 0x00000000
>
> Message-Authenticator = 0x9815cb4c5cca3bcebc15d622c5f9e0f9
>
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> ++[digest] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] EAP packet type response id 91 length 6
>
> [eap] No EAP Start, assuming it's an on-going EAP conversation
>
> ++[eap] returns updated
>
> ++[files] returns noop
>
> [sql] expand: %{User-Name} -> radtest
>
> [sql] sql_set_user escaped user --> 'radtest'
>
> rlm_sql (sql): Reserving sql socket id: 2
>
> [sql] expand: SELECT radcheck.id, radcheck.UserName,
> radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck, nasgroup
> WHERE Username = '%{SQL-User-Name}' AND nasgroup.nasid =
> '%{NAS-Identifier}' AND nasgroup.groupname = radcheck.Groupname ORDER
> BY radcheck.id -> SELECT radcheck.id, radcheck.UserName,
> radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck, nasgroup
> WHERE Username = 'radtest' AND nasgroup.nasid = 'CN3BD321SM' AND
> nasgroup.groupname = radcheck.Groupname ORDER BY radcheck.id
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 1 , fields = 5
>
> [sql] User found in radcheck table
>
> [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM
> radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
> UserName, Attribute, Value, Op FROM radreply WHERE Username = 'radtest'
> ORDER BY id
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 1 , fields = 5
>
> [sql] expand: SELECT GroupName FROM radusergroup WHERE
> UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
> radusergroup WHERE UserName='radtest' ORDER BY priority
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 0 , fields = 1
>
> rlm_sql (sql): Released sql socket id: 2
>
> ++[sql] returns ok
>
> ++[expiration] returns noop
>
> ++[logintime] returns noop
>
> [pap] WARNING: Auth-Type already set. Not setting to PAP
>
> ++[pap] returns noop
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/default
>
> +- entering group authenticate {...}
>
> [eap] Request found, released from the list
>
> [eap] EAP NAK
>
> [eap] EAP-NAK asked for EAP-Type/peap
>
> [eap] processing type tls
>
> [tls] Initiate
>
> [tls] Start returned 1
>
> ++[eap] returns handled
>
> Sending Access-Challenge of id 77 to 192.168.1.62 port 32953
>
> EAP-Message = 0x015c00061920
>
> Message-Authenticator = 0x00000000000000000000000000000000
>
> State = 0x005655b7010a4c9bfcf3bbcabb4eb013
>
> Finished request 1.
>
> Going to the next request
>
> Waking up in 4.9 seconds.
>
> rad_recv: Access-Request packet from host 192.168.1.62 port 32953, id=213,
> length=440
>
> Acct-Session-Id = "eaea9572-00000065"
>
> NAS-Port = 95
>
> NAS-Port-Type = Wireless-802.11
>
> NAS-Identifier = "CN3BD321SM"
>
> NAS-IP-Address = 192.168.1.62
>
> Framed-MTU = 1496
>
> User-Name = "radtest"
>
> Calling-Station-Id = "F0-25-B7-48-08-2C"
>
> Called-Station-Id = "A0-D3-C1-AB-71-62"
>
> Service-Type = Framed-User
>
> EAP-Message =
> 0x025c00d01980000000c616030100c1010000bd0301545bede983c64b84e5579021f2c8c1bba854b49152249d40e262132606fb4d13000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
>
> State = 0x005655b7010a4c9bfcf3bbcabb4eb013
>
> Colubris-AVPair = "ssid=tenant"
>
> Colubris-AVPair = "phytype=IEEE802dot11 "
>
> Colubris-Attr-250 = 0x00000000
>
> Colubris-Attr-249 = 0x00000000
>
> Message-Authenticator = 0x1981daace80a8b50b267b588801fa7c6
>
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> ++[digest] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] EAP packet type response id 92 length 208
>
> [eap] Continuing tunnel setup.
>
> ++[eap] returns ok
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/default
>
> +- entering group authenticate {...}
>
> [eap] Request found, released from the list
>
> [eap] EAP/peap
>
> [eap] processing type peap
>
> [peap] processing EAP-TLS
>
> TLS Length 198
>
> [peap] Length Included
>
> [peap] eaptls_verify returned 11
>
> Finished request 2.
>
> Going to the next request
>
> Waking up in 4.9 seconds.
>
> rad_recv: Access-Request packet from host 192.168.1.62 port 32953, id=247,
> length=238
>
> Acct-Session-Id = "eaea9572-00000065"
>
> NAS-Port = 95
>
> NAS-Port-Type = Wireless-802.11
>
> NAS-Identifier = "CN3BD321SM"
>
> NAS-IP-Address = 192.168.1.62
>
> Framed-MTU = 1496
>
> User-Name = "radtest"
>
> Calling-Station-Id = "F0-25-B7-48-08-2C"
>
> Called-Station-Id = "A0-D3-C1-AB-71-62"
>
> Service-Type = Framed-User
>
> EAP-Message = 0x025d00061900
>
> State = 0x005655b7020b4c9bfcf3bbcabb4eb013
>
> Colubris-AVPair = "ssid=tenant"
>
> Colubris-AVPair = "phytype=IEEE802dot11 "
>
> Colubris-Attr-250 = 0x00000000
>
> Colubris-Attr-249 = 0x00000000
>
> Message-Authenticator = 0x3194e87ace606247da24d510ebdbb259
>
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> ++[digest] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] EAP packet type response id 93 length 6
>
> [eap] Continuing tunnel setup.
>
> ++[eap] returns ok
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/default
>
> +- entering group authenticate {...}
>
> [eap] Request found, released from the list
>
> [eap] EAP/peap
>
> [eap] processing type peap
>
> [peap] processing EAP-TLS
>
> [peap] Received TLS ACK
>
> [peap] ACK handshake fragment handler
>
> [peap] eaptls_verify returned 1
>
> [peap] eaptls_process returned 13
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> ++[digest] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] EAP packet type response id 94 length 144
>
> [eap] Continuing tunnel setup.
>
> ++[eap] returns ok
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/default
>
> +- entering group authenticate {...}
>
> [eap] Request found, released from the list
>
> [eap] EAP/peap
>
> [eap] processing type peap
>
> Going to the next request
>
> Waking up in 4.9 seconds.
>
> rad_recv: Access-Request packet from host 192.168.1.62 port 32953, id=3,
> length=238
>
> Acct-Session-Id = "eaea9572-00000065"
>
> NAS-Port = 95
>
> NAS-Port-Type = Wireless-802.11
>
> NAS-Identifier = "CN3BD321SM"
>
> NAS-IP-Address = 192.168.1.62
>
> Framed-MTU = 1496
>
> User-Name = "radtest"
>
> Calling-Station-Id = "F0-25-B7-48-08-2C"
>
> Called-Station-Id = "A0-D3-C1-AB-71-62"
>
> Service-Type = Framed-User
>
> EAP-Message = 0x025f00061900
>
> State = 0x005655b704094c9bfcf3bbcabb4eb013
>
> Colubris-AVPair = "ssid=tenant"
>
> Colubris-AVPair = "phytype=IEEE802dot11 "
>
> Colubris-Attr-250 = 0x00000000
>
> Colubris-Attr-249 = 0x00000000
>
> Message-Authenticator = 0xf14dd2f6c72a4c3ceb5375a80413b223
>
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> ++[digest] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] EAP packet type response id 95 length 6
>
> [eap] Continuing tunnel setup.
>
> ++[eap] returns ok
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/default
>
> +- entering group authenticate {...}
>
> [eap] Request found, released from the list
>
> [eap] EAP/peap
>
> [eap] processing type peap
>
> [peap] processing EAP-TLS
>
> [peap] Received TLS ACK
>
> [peap] ACK handshake is finished
>
> [peap] eaptls_verify returned 3
>
> [peap] eaptls_process returned 3
>
> [peap] EAPTLS_SUCCESS
>
> [peap] Session established. Decoding tunneled attributes.
>
> [peap] Peap state TUNNEL ESTABLISHED
>
> ++[eap] returns handled
>
> Sending Access-Challenge of id 3 to 192.168.1.62 port 32953
>
> EAP-Message =
> 0x0160002b190017030100206f520d286e0a8531cad4f96f3d16ff71290206fbd472476c97983544bf77ce37
>
> Message-Authenticator = 0x00000000000000000000000000000000
>
> State = 0x005655b705364c9bfcf3bbcabb4eb013
>
> Finished request 5.
>
> Going to the next request
>
> Waking up in 4.9 seconds.
>
> rad_recv: Access-Request packet from host 192.168.1.62 port 32953, id=137,
> length=312
>
> Acct-Session-Id = "eaea9572-00000065"
>
> NAS-Port = 95
>
> NAS-Port-Type = Wireless-802.11
>
> NAS-Identifier = "CN3BD321SM"
>
> NAS-IP-Address = 192.168.1.62
>
> Framed-MTU = 1496
>
> User-Name = "radtest"
>
> Calling-Station-Id = "F0-25-B7-48-08-2C"
>
> Called-Station-Id = "A0-D3-C1-AB-71-62"
>
> Service-Type = Framed-User
>
> EAP-Message =
> 0x0260005019001703010020be7393b22523f27ba53a2a90ae5022b7e6ac7a1733cbb1d10ea97dc3871c60001703010020e0e4b12bd1ad0ad1918c19eb36449ea6e0a94e322f9aeacee86bf5db4613e7e1
>
> State = 0x005655b705364c9bfcf3bbcabb4eb013
>
> Colubris-AVPair = "ssid=tenant"
>
> Colubris-AVPair = "phytype=IEEE802dot11 "
>
> Colubris-Attr-250 = 0x00000000
>
> Colubris-Attr-249 = 0x00000000
>
> Message-Authenticator = 0xd3c41c6be1d9c598f08c4b289f092589
>
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
>
> +- entering group authorize {...}
>
> ++[preprocess] returns ok
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> ++[digest] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> [eap] EAP packet type response id 96 length 80
>
> [eap] Continuing tunnel setup.
>
> ++[eap] returns ok
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/default
>
> +- entering group authenticate {...}
>
> [eap] Request found, released from the list
>
> [eap] EAP/peap
>
> [eap] processing type peap
>
> [peap] processing EAP-TLS
>
> [peap] eaptls_verify returned 7
>
> [peap] Done initial handshake
>
> [peap] eaptls_process returned 7
>
> [peap] EAPTLS_OK
>
> [peap] Session established. Decoding tunneled attributes.
>
> [peap] Peap state WAITING FOR INNER IDENTITY
>
> [peap] Identity - radtest
>
> [peap] Got inner identity 'radtest'
>
> [peap] Setting default EAP type for tunneled EAP session.
>
> [peap] Got tunneled request
>
> EAP-Message = 0x0260000c0172616474657374
>
> server {
>
> [peap] Setting User-Name to radtest
>
> Sending tunneled request
>
> EAP-Message = 0x0260000c0172616474657374
>
> FreeRADIUS-Proxied-To = 127.0.0.1
>
> User-Name = "radtest"
>
> server inner-tunnel {
>
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
>
> +- entering group authorize {...}
>
> ++[chap] returns noop
>
> ++[mschap] returns noop
>
> [suffix] No '@' in User-Name = "radtest", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> ++[control] returns noop
>
> [eap] EAP packet type response id 96 length 12
>
> [eap] No EAP Start, assuming it's an on-going EAP conversation
>
> ++[eap] returns updated
>
> [sql] expand: %{User-Name} -> radtest
>
> [sql] sql_set_user escaped user --> 'radtest'
>
> rlm_sql (sql): Reserving sql socket id: 1
>
> [sql] expand: SELECT radcheck.id, radcheck.UserName,
> radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck, nasgroup
> WHERE Username = '%{SQL-User-Name}' AND nasgroup.nasid =
> '%{NAS-Identifier}' AND nasgroup.groupname = radcheck.Groupname ORDER
> BY radcheck.id -> SELECT radcheck.id, radcheck.UserName,
> radcheck.Attribute, radcheck.Value, radcheck.Op FROM radcheck, nasgroup
> WHERE Username = 'radtest' AND nasgroup.nasid = '' AND
> nasgroup.groupname = radcheck.Groupname ORDER BY radcheck.id
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 0 , fields = 5
>
> [sql] expand: SELECT GroupName FROM radusergroup WHERE
> UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
> radusergroup WHERE UserName='radtest' ORDER BY priority
>
> rlm_sql_postgresql: Status: PGRES_TUPLES_OK
>
> rlm_sql_postgresql: query affected rows = 0 , fields = 1
>
> rlm_sql (sql): Released sql socket id: 1
>
> [sql] User radtest not found
>
> ++[sql] returns notfound
>
> ++[expiration] returns noop
>
> ++[logintime] returns noop
>
> ++[pap] returns noop
>
> Found Auth-Type = EAP
>
> # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
>
> +- entering group authenticate {...}
>
>
>
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Database schema changes -
>
> ----------------------------------------
>
>
>
> A new table has been added called "nasgroup" and the radcheck table has
> been modified to include an extra column called groupname -
>
>
>
> radiusdb=# select * from nasgroup;
>
> id | groupname | nasid
>
> ----+-----------+------------
>
> 1 | test | CN3BD321SM
>
> 3 | temp | XYZABDG
>
>
>
>
>
> radiusdb=# select * from radcheck;
>
> id | username | attribute | op | value | groupname
>
> ----+----------+--------------------+----+---------+-----------
>
> 1 | radtest | Cleartext-Password | := | radtest | test
>
> 2 | radtest | Cleartext-Password | := | radtest | temp
>
>
>
>
>
> Dialup.conf
>
> ---------------
>
>
>
> "authorize_check_query" has been modified but "authorize_reply_query" has
> not been changed.
>
>
>
> authorize_check_query = "SELECT ${authcheck_table}.id,
> ${authcheck_table}.UserName, ${authcheck_table}.Attribute,
> ${authcheck_table}.Value, ${authcheck_table}.Op \
>
> FROM ${authcheck_table}, nasgroup \
>
> WHERE Username = '%{SQL-User-Name}' \
>
> AND nasgroup.nasid = '%{NAS-Identifier}' \
>
> AND nasgroup.groupname = ${authcheck_table}.Groupname \
>
> ORDER BY radcheck.id"
>
>
>
> authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op \
>
> FROM radreply \
>
> WHERE Username = '%{SQL-User-Name}' \
>
> ORDER BY id"
>
>
>
>
> Thanks,
>
> Ila.
>
>
>
> On Mon, Oct 27, 2014 at 4:36 PM, Pshem Kowalczyk <pshem.k at gmail.com>
> wrote:
>
>> Hi,
>>
>> One method that I used in the past is to create a virtual server per
>> 'tenant' and then use the 'main' server to proxy to the correct virtual
>> server based on the attributes in the requests.
>>
>> kind regards
>> Pshem
>>
>>
>> On 28 October 2014 07:09, Ilavajuthy Palanisamy <ilavajuthy at gmail.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> We are hosting an application in the cloud which is managing multiple
>>> customers.
>>> Customers will be authenticated using the FreeRadius server.
>>> We are planning to use the user authentication through the
>>> database(PostgreSQL).
>>> I have configured the radcheck table and able to make the user
>>> authentication successfully.
>>>
>>> In order to support multiple customers, what are all the options/design
>>> available in FreeRadius.
>>>
>>> One option we are thinking is to modify the schema to introduce
>>> customer-id and modify the sql module to support the new schema. If this is
>>> possible, please provide pointers in achieving this.
>>>
>>> If there are other options available, please provide pointers.
>>>
>>> Thanks,
>>> Ila.
>>>
>>>
>>>
>>>
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141106/e44d8543/attachment-0001.html>
More information about the Freeradius-Users
mailing list