Hello all,
This may be yet another one of those obvious answers that I just cant
seem to locate... But this time at least I read the rlm_sql docs better
than I did the last time I posted a question. :)
Most of our users fall into two different radgroupreply's that I have
setup, but there are a handful that have special configurations... static
ip's, non-default idle timeouts, etc... Right now I cant authenticate them
against the mysql database, beacuse all t he users get one of the two
default groups I have setup for their reply attributes...
Is there a way to override the radgroupreply's for specific users?
To make things clearer, here's some table data...
mysql> select * from radcheck where UserName = 'test5PPP';
+------+----------+-----------+----+----------+---------+
| id | UserName | Attribute | op | Value | Status |
+------+----------+-----------+----+----------+---------+
| 2217 | test5PPP | Password | == | ddffgg99 | enabled |
+------+----------+-----------+----+----------+---------+
mysql> select * from usergroup where UserName = 'test5PPP';
+------+----------+----------------+
| id | UserName | GroupName |
+------+----------+----------------+
| 2217 | test5PPP | dialup_dynamic |
+------+----------+----------------+
mysql> select * from radgroupreply where GroupName = 'dialup_dynamic';
+----+----------------+--------------------+----+---------------------+------+
| id | GroupName | Attribute | op | Value | prio |
+----+----------------+--------------------+----+---------------------+------+
| 1 | dialup_dynamic | Framed-Protocol | += | PPP | 0 |
| 2 | dialup_dynamic | Framed-Address | += | 255.255.255.254 | 0 |
| 3 | dialup_dynamic | Framed-Netmask | += | 255.255.255.255 | 0 |
| 4 | dialup_dynamic | Framed-Routing | += | None | 0 |
| 5 | dialup_dynamic | Framed-Compression | += | Van-Jacobsen-TCP-IP | 0 |
| 6 | dialup_dynamic | Framed-MTU | += | 1500 | 0 |
| 7 | dialup_dynamic | Session-Timeout | += | 43200 | 0 |
| 8 | dialup_dynamic | Idle-Timeout | += | 1800 | 0 |
+----+----------------+--------------------+----+---------------------+------+
And what I was trying to do for a test case was change the Idle-Timeout
attribute of the reply by adding an entry to the radreply table:
mysql> select * from radreply where UserName = 'test5PPP';
+----+----------+--------------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+--------------+----+-------+
| 1 | test5PPP | Idle-Timeout | += | 2000 |
+----+----------+--------------+----+-------+
When I run a test auth using this configuration, though, I get two
Idle-Timeout values... One at 1800 seconds (from the radgroupreply table)
and one with 2000 seconds (from the radreply table)
I have tried both the := operator and the += operator. They give the
same results -- two Idle-Timeout attributes...
Am I doing something obviously wrong, or is this type of setup not
going to work with freeradius?
If all else fails, I can continue to keep the 'special' users with
static ip's, different timeouts, and the like in a cistron type file... But
I'd prefer to keep it all in sql is possible.
Thank you,
Brad Stockdale
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- sequencial order of checks Robert Canary
- Re: sequencial order of checks Simon White
- Re: sequencial order of checks Robert Canary
- Re: sequencial order of checks Chris Parker
- Re: Overriding entries in radgroup... Brad Stockdale
- Re: Overriding entries in rad... Brad Stockdale
- Re: Overriding entries in... Simon White
- Re: Overriding entrie... Brad Stockdale
- Re: Overriding entrie... Simon White
- Re: Overriding entrie... GreenePA Support
- Starting new thread with a re... Peter Nixon
- Re: Starting new thread w... Miquel van Smoorenburg
