Re: sql_groupcmp called as an accounting query?

[Jason Lixfeld]

Figured it out and have it all working now.
I'm going to contribute some documentation revisions in the next few  
days on the huntgroup interoperability with mysql as well as how to use  
multiple mysql servers for purposes other than for configurable  
failover.

On Dec 7, 2004, at 12:36 PM, Jason Lixfeld wrote:
I've been messing around with trying to get huntgroup access working  
with SQL.  I've made some headway, but I'm seeing something mighty  
strange.  Specifically, the line below which reads:  rlm_sql  
(sql_acct): - sql_groupcmp

I have my sql.conf configured to check accounting on one sql server  
and to check authentication on another sql server.  Correct me if I'm  
wrong, but huntgroups should be authentication checks, not accounting  
checks, no?

rad_recv: Access-Request packet from host 127.0.0.1:3594, id=153,  
length=74
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "beantest"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 10
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_sql (sql_acct): - sql_groupcmp
No huntgroup access: [EMAIL PROTECTED] (from client localhost  
port 10)
  modcall[authorize]: module "preprocess" returns reject for request 0
modcall: group authorize returns reject for request 0
Invalid user: [EMAIL PROTECTED] (from client localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 153 to 127.0.0.1:3594
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 153 with timestamp 41b5e8e4
Nothing to do.  Sleeping until we see a request.

Any ideas?!
Here's the relevant configs:
# huntgroups
beanwireless    NAS-IP-Address == 255.255.255.255
                Sql-Group == beanwireless
# radiusd.conf
modules {
        preprocess {
                huntgroups = ${confdir}/huntgroups
                hints = ${confdir}/hints
                with_ascend_hack = no
                ascend_channels_per_line = 23
                with_ntdomain_hack = no
                with_specialix_jetstream_hack = no
                with_cisco_vsa_hack = no
        }
        $INCLUDE  ${confdir}/sql.conf
                perm = 0600
}
authorize {
        preprocess
        auth_log
        chap
        mschap
        suffix
        eap
        sql_auth
}
authenticate {
        Auth-Type PAP {
                pap
        }
        Auth-Type CHAP {
                chap
        }
        Auth-Type MS-CHAP {
                mschap
        }
        eap
}
preacct {
        preprocess
        acct_unique
        suffix
        files
}
accounting {
        sql_acct
}
session {
        sql_acct
}
post-auth {
        sql_acct
}
sql sql_acct {
        driver = "rlm_sql_mysql"
        server = "blah"
        login = "blah"
        password = "blan"
        radius_db = "radius"
        acct_table1 = "radacct"
        acct_table2 = "radacct"
        postauth_table = "radpostauth"
        deletestalesessions = no
        sqltrace = yes
        sqltracefile = /var/log/radius/sqltrace.sql
        num_sql_socks = 5
        connect_failure_retry_delay = 60
        sql_user_name = "%{User-Name}"
        accounting_onoff_query = "UPDATE ${acct_table1} SET  
AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') -  
unix_timestamp(AcctStartTime),  
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =  
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND  
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
        accounting_update_query = "UPDATE ${acct_table1} \
         SET FramedIPAddress = '%{Framed-IP-Address}', \
         AcctSessionTime = '%{Acct-Session-Time}', \
         AcctInputOctets = '%{Acct-Input-Octets}', \
         AcctOutputOctets = '%{Acct-Output-Octets}' \
         WHERE AcctSessionId = '%{Acct-Session-Id}' \
         AND UserName = '%{SQL-User-Name}' \
         AND NASIPAddress= '%{NAS-IP-Address}'"
        accounting_update_query_alt = "INSERT into ${acct_table1}  
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,  
NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic,  
ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId,  
CallingStationId, ServiceType, FramedProtocol, FramedIPAddress,  
AcctStartDelay) values('%{Acct-Session-Id}',  
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',  
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',  
DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +  
%{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}',  
'%{Acct-Authentic}', '', '%{Acct-Input-Octets}',  
'%{Acct-Output-Octets}', '%{Called-Station-Id}',  
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',  
'%{Framed-IP-Address}', '0')"
        accounting_start_query = "INSERT into ${acct_table1}  
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,  
NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime,  
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,  
AcctOutputOctets, CalledStationId, CallingStationId,  
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,  
AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}',  
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',  
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0',  
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',  
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',  
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',  
'%{Acct-Delay-Time}', '0')"
        accounting_start_query_alt  = "UPDATE ${acct_table1} SET  
AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}',  
ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId =  
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND  
NASIPAddress = '%{NAS-IP-Address}'"
        accounting_stop_query = "UPDATE ${acct_table2} SET  
AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}',  
AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets =  
'%{Acct-Output-Octets}', AcctTerminateCause =  
'%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}',  
ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId =  
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND  
NASIPAddress = '%{NAS-IP-Address}'"
        accounting_stop_query_alt = "INSERT into ${acct_table2}  
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,  
NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime,  
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,  
AcctOutputOctets, CalledStationId, CallingStationId,  
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,  
AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}',  
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',  
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',  
INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND),  
'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',  
'%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}',  
'%{Called-Station-Id}', '%{Calling-Station-Id}',  
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',  
'%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
        simul_verify_query = "SELECT RadAcctId, AcctSessionId,  
UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,  
FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}'  
AND AcctStopTime = 0"
        postauth_query = "INSERT into ${postauth_table} (id, user,  
pass, reply, date) values ('', '%{User-Name}',  
'%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
}
sql sql_auth {
        driver = "rlm_sql_mysql"
        server = "blah"
        login = "blah"
        password = "blan"
        radius_db = "radius"
        authcheck_table = "radcheck"
        authreply_table = "radreply"
        groupcheck_table = "radgroupcheck"
        groupreply_table = "radgroupreply"
        usergroup_table = "usergroup"
        deletestalesessions = no
        sqltrace = yes
        sqltracefile = /var/log/radius/sqltrace.sql
        num_sql_socks = 5
        connect_failure_retry_delay = 60
        sql_user_name = "%{User-Name}"
        authorize_check_query = "SELECT id,UserName,Attribute,Value,op  
FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY  
id"
        authorize_reply_query = "SELECT id,UserName,Attribute,Value,op  
FROM ${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY  
id"
        authorize_group_check_query = "SELECT  
${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table 
}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op  FROM  
${groupcheck_table},${usergroup_table} WHERE  
${usergroup_table}.Username = '%{SQL-User-Name}' AND  
${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY  
${groupcheck_table}.id"
        authorize_group_reply_query = "SELECT  
${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table 
}.Attribute,${groupreply_table}.Value,${groupreply_table}.op  FROM  
${groupreply_table},${usergroup_table} WHERE  
${usergroup_table}.Username = '%{SQL-User-Name}' AND  
${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY  
${groupreply_table}.id"
        group_membership_query = "SELECT GroupName FROM  
${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
}

-List info/subscribe/unsubscribe? See  
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html