How group works in Radius

Somanath Mishra somanath.mishra at planetsbrain.com
Thu Sep 6 13:18:01 CEST 2018 

Hi,

    Can you tell me from which table and table location from which  you
are getting data( like %{Acct-Session-Id}','%{Acct-Unique-Session-Id})
to insert values into radacct?



		 start {
                        #
                        #  Insert a new record into the sessions table
                        #
                        query = "\
                                INSERT INTO ${....acct_table1} \
                                        (${...column_list}) \
                                VALUES \
                                        ('%{Acct-Session-Id}', \
                                        '%{Acct-Unique-Session-Id}', \
                                        '%{SQL-User-Name}', \
                                        '%{Group-Name}', \
                                        '%{Realm}', \
                                        '%{NAS-IP-Address}', \
                                        '%{%{NAS-Port-ID}:-%{NAS-
                                                 Port}}', \
                                        '%{NAS-Port-Type}', \
                                        FROM_UNIXTIME(%{integer:Event-
                                                Timestamp}), \
                                        FROM_UNIXTIME(%{integer:Event-
                                                Timestamp}), \
                                        NULL, \
                                        '0', \
                                        '%{Acct-Authentic}', \
                                        '%{Connect-Info}', \
                                        '', \
                                        '0', \
                                        '0', \
                                        '%{Called-Station-Id}', \
                                        '%{Calling-Station-Id}', \






On Wed, September 5, 2018 8:14 pm, Winfield, Alister wrote:
> One thing you might look at is (ab)using the CLASS attribute... if the
> device you are using is following the standard it’s a handy attribute
> that should be copied from the accept response into the accounting
> packets. Might help you avoid extra lookups.
>
> **Sadly having seen too many broken RADIUS implementations on vendors
> devices no promises that it’s a useful idea.**
>
> Alister
>
>
>
>
> On 05/09/2018, 13:16, "Freeradius-Users on behalf of Somanath Mishra"
> <freeradius-users-bounces+alister.winfield=sky.uk at lists.freeradius.org on
> behalf of somanath.mishra at planetsbrain.com> wrote:
>
> so i have gone through queries.conf file. So not able to understand how
> to fetch group data after authentication , and not able to find
> authcheck_table, authreply_table and usergroup_table. Can you please
> suggest how will i proceed?
>
>
>
> On Fri, August 31, 2018 6:15 pm, Alan DeKok wrote:
>
>>
>
>>> On Aug 31, 2018, at 7:39 AM, Somanath Mishra
>>> <somanath.mishra at planetsbrain.com> wrote:
>>> We are using Freeradius3. So basic authentication,authorization,
>>> accounting is working. We created group in radgroupcheck. On Register
>>> user we are storing username with group in radusergroup. So still we
>>> are not getting groupname in radacct table. So in debug we found
>>> radius only not sending groupname when it is giving input to radacct.
>>
>> No, you found that the accounting packets don't contain the group name.
>>
>>
>>
>>> We need group for users . Can anyone explain me on how it works for
>>> group?
>>
>> Accounting packets are entirely independent from authentication
>> packets. If you want to get the user's group when the server receives
>> the accounting packet, you must do the group lookup again.
>>
>> The server doesn't magically know the user's group when it receives the
>>  authentication packet.  It has to look up the group in SQL.  So... the
>>  same thing goes for accounting packets.
>>
>> Alan DeKok.
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> --------------------------------------------------------------------
> This email is from an external source. Please do not open attachments or
> click links from an unknown or suspicious origin. Phishing attempts can
> be reported by sending them to phishing at sky.uk as attachments. Thank you
> --------------------------------------------------------------------
>
>
>
>
> Information in this email including any attachments may be privileged,
> confidential and is intended exclusively for the addressee. The views
> expressed may not be official policy, but the personal views of the
> originator. If you have received it in error, please notify the sender by
> return e-mail and delete it from your system. You should not reproduce,
> distribute, store, retransmit, use or disclose its contents to anyone.
> Please note we reserve the right to monitor all e-mail communication
> through our internal and external networks. SKY and the SKY marks are
> trademarks of Sky plc and Sky International AG and are used under
> licence.
>
> Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited
> (Registration No. 2067075) and Sky Subscribers Services Limited
> (Registration No. 2340150) are direct or indirect subsidiaries of Sky plc
> (Registration No. 2247735). All of the companies mentioned in this
> paragraph are incorporated in England and Wales and share the same
> registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list