Make sense of SQL Huntgroup HOWTO?

Joel Bergmark joel.bergmark at t3.se
Fri Dec 18 16:06:57 CET 2015 

Hello

After a week of trying to figure the HOWTO guide out (http://wiki.freeradius.org/guide/SQL%20Huntgroup%20HOWTO) and online searching I still cant make sense of the SQL and Huntgroup matching. Also tried the freeradius channel on IRC but to no luck.

Basically my problem is the same as many others, and the people asked the same question didn't manage to get it working in the end.

Im running Freeradius 2.1 with Daloradius frontend and the SQL_XLAT seemingly works and to the checks, and get correct IP and matching but in the end its not disallowing

In the sites-enabled/default I use as described in the HOWTO:

        update request {
        Huntgroup-Name := "%{sql:SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}'}" {
        }
        if (Huntgroup-Name == ''){
        reject
        }

I believe that the issue it the later of the above statement that supposed to match and reject that's the problem but as many others I can't figure out how to get this working.


DEBUG INFO:

Ready to process requests.
rad_recv: Access-Request packet from host 46.23X.XX.170 port 1645, id=105, length=66
        User-Name = "bl"
        User-Password = "asdfasdf"
        NAS-Port = 1
        NAS-Port-Id = "tty1"
        NAS-Port-Type = Virtual
        NAS-IP-Address = 46.23X.XX.170
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
sql_xlat
        expand: %{User-Name} -> bl
sql_set_user escaped user --> 'bl'
        expand: SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}' -> SELECT groupname FROM radhuntgroup WHERE nasipaddress='46.23X.XX.170'
rlm_sql (sql): Reserving sql socket id: 3
sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
        expand: %{sql:SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}'} -> 3rdline
++[request] returns ok
++? if (Huntgroup-Name == '')
? Evaluating (Huntgroup-Name == '') -> FALSE
++? if (Huntgroup-Name == '') -> FALSE
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "bl", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql]   expand: %{User-Name} -> bl
[sql] sql_set_user escaped user --> 'bl'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'bl'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'bl'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'bl'           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '2ndline'           ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "asdfasdf"
[pap] Using clear text password "asdfasdf"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> bl
[sql] sql_set_user escaped user --> 'bl'
[sql]   expand: %{User-Password} -> asdfasdf
[sql]   expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'bl',                           'asdfasdf',                           'Access-Accept', '2015-12-18 15:42:18')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'bl',                           'asdfasdf',                           'Access-Accept', '2015-12-18 15:42:18')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 105 to 46.23X.XX.170 port 1645
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 105 with timestamp +23
Ready to process requests.

Thanks for any help!

More information about the Freeradius-Users mailing list