El mar, 15-11-2005 a las 13:23 -0500, Dusty Doris escribió: > > what do you think if we try to use a Perl module inside of the autorize > > section?!?!. I want the Perl module to decide between my two sql servers > > depending of the incoming realm, I think this can be a possible way to > > take. If you have any idea please let me know. Thanks!! > > That should work too. However, you can do this with Autz-Type, I am > currently doing it right now, but using ldap instead of sql. > > Comment out your Autz-Type entries in your users file and try this. > Actually, comment out all your entries if you're not on a production > system. > > DEFAULT Realm == "wireless", Autz-Type := SQL1 > > DEFAULT Realm == "dhcp", Autz-Type := SQL2 > > Notice that the check item Realm == is first, then Autz-Type. > > Make sure your sql1.conf and sql2.conf files look like this at the top. > > sql1.conf > sql sql1 { > ... > } > > sql2.conf > sql sql2 { > ... > } >
radiusd -X ----------------------------- Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32833, id=25, length=63 User-Name = "[EMAIL PROTECTED]" Password = "fbrito" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_realm: Looking up realm "dhcp" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "dhcp" rlm_realm: Adding Stripped-User-Name = "fbrito" rlm_realm: Proxying request from user fbrito to realm dhcp rlm_realm: Adding Realm = "dhcp" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry DEFAULT at line 9 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: '/home/fbrito/Radius/acct//auth-detail-20051115' rlm_detail: /home/fbrito/Radius/acct/%{Client-IP-Address}/auth-detail-%Y %m%d expands to /home/fbrito/Radius/acct//auth-detail-20051115 modcall[authorize]: module "auth_log" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/fbrito] (from client localhost port 1812) Delaying request 0 for 1 seconds Finished request 0 ---------------------------------------- > Then give it a shot. If that does not work, try change it to add > Auth-Type to the end. > > DEFAULT Realm == "dhcp", Autz-Type := SQL2, Auth-Type := Local > > If neither of those work for you, please post your debug again. Also, > make sure to reply to all, so your replies go back to the list, not just > me. > > -Dusty > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html radiusd -X ----------------------------- Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32833, id=46, length=63 User-Name = "[EMAIL PROTECTED]" Password = "fbrito" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_realm: Looking up realm "dhcp" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "dhcp" rlm_realm: Adding Stripped-User-Name = "fbrito" rlm_realm: Proxying request from user fbrito to realm dhcp rlm_realm: Adding Realm = "dhcp" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry DEFAULT at line 7 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: '/home/fbrito/Radius/acct//auth-detail-20051115' rlm_detail: /home/fbrito/Radius/acct/%{Client-IP-Address}/auth-detail-%Y %m%d expands to /home/fbrito/Radius/acct//auth-detail-20051115 modcall[authorize]: module "auth_log" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns ok for request 0 modcall: group authenticate returns ok for request 0 Login OK: [EMAIL PROTECTED]/fbrito] (from client localhost port 1812) Sending Access-Accept of id 46 to 127.0.0.1:32833 Finished request 0 ---------------------------------------- In this case the user is accepted but he never recive the info which he is looking for. Thanks any way and bye!! NanO - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html