sql query in post-auth - segmentation fault

Mohamed Imran (NBI) Mohamed.Imran at nbi.ac.uk
Fri Sep 11 14:24:29 CEST 2015


Hi,

Having configured FR to talk to our MS SQL server which appears to work fine
now (radius -X doesn't complain anymore), I've tried a quick test, a very
basic condition to lookup a mac and update reply with a particular VLAN tag
if its exists..  and added the following in the post-auth section of the
default site.
- - - - - - 
post-auth {
 	- - - - -
	- - - - - 
	#
	sql
	if("%{sql:SELECT COUNT(*) FROM tblwindows WHERE MacAddress
='%{Calling-Station-ID}'}" ==1){
	update reply {
        		Tunnel-Type = VLAN
                	Tunnel-Medium-Type = IEEE-802
                	Tunnel-Private-Group-Id = 100
        	}
        	else {
        	update reply {
        		Tunnel-Type = VLAN
                	Tunnel-Medium-Type = IEEE-802
                	Tunnel-Private-Group-Id = 101
              	 }
        	         }
       	 }


radiusd -X reports a segmentation fault:

  # Instantiating module "sql" from file
/usr/local/etc/raddb/mods-enabled/sql
rlm_sql (sql): Attempting to connect to database "Computing"
rlm_sql (sql): Initialising connection pool
   pool {
        start = 5
        min = 3
        max = 32
        spare = 10
        uses = 0
        lifetime = 0
        cleanup_interval = 30
        idle_timeout = 60
        retry_delay = 30
        spread = no
   }
rlm_sql (sql): Opening additional connection (0), 1 of 32 pending slots used
rlm_sql (sql): Opening additional connection (1), 1 of 31 pending slots used
rlm_sql (sql): Opening additional connection (2), 1 of 30 pending slots used
rlm_sql (sql): Opening additional connection (3), 1 of 29 pending slots used
rlm_sql (sql): Opening additional connection (4), 1 of 28 pending slots used
  # Instantiating module "IPASS" from file
/usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "suffix" from file
/usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "realmpercent" from file
/usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "ntdomain" from file
/usr/local/etc/raddb/mods-enabled/realm
  # Instantiating module "auth_log" from file
/usr/local/etc/raddb/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail
output
  # Instantiating module "reply_log" from file
/usr/local/etc/raddb/mods-enabled/detail.log
  # Instantiating module "pre_proxy_log" from file
/usr/local/etc/raddb/mods-enabled/detail.log
  # Instantiating module "post_proxy_log" from file
/usr/local/etc/raddb/mods-enabled/detail.log
  # Instantiating module "pap" from file
/usr/local/etc/raddb/mods-enabled/pap
  # Instantiating module "expiration" from file
/usr/local/etc/raddb/mods-enabled/expiration
  # Instantiating module "preprocess" from file
/usr/local/etc/raddb/mods-enabled/preprocess
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
  # Instantiating module "cache_eap" from file
/usr/local/etc/raddb/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree)
loaded and linked
 } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
} # server
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
 # Loading authenticate {...}
 # Loading authorize {...}
Ignoring "ldap" (see raddb/mods-available/README.rst)
 # Loading session {...}
 # Loading post-proxy {...}
 # Loading post-auth {...}
} # server inner-tunnel
server default { # from file /usr/local/etc/raddb/sites-enabled/default
 # Loading authenticate {...}
 # Loading authorize {...}
 # Loading preacct {...}
 # Loading accounting {...}
 # Loading post-proxy {...}
 # Loading post-auth {...}
Segmentation fault

This same sql statement worked fine when I was initially playing around with
this and it worked ok against a MySql DB (FR version 2.2.x).

Ive also tried the same query against our MSSql server using isql on the
same server and that works fine.

What am I missing/doing wroing?

Regards,
Mohamed 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5522 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150911/006d04a0/attachment-0001.bin>


More information about the Freeradius-Users mailing list