Hi, I am freeRADIUS 1.0.5 for authenticating wireless users with PEAP and TTLS. I use a MySQL database for storing the password and the system works well.
Howerver I have encountered a problem. I use the following line in file users for checking the passwords of the users that connect from a NAS-ID starting with NASSQL and having a suffix of "@mydomain.com": DEFAULT Freeradius-Proxied-To == 127.0.0.1, NAS-Identifier =~ "^(^(NASSQL))", Suffix == "@mydomain.com", Autz-Type := SQL The line Freeradius-Proxied-To == 127.0.0.1 is used for checking in the database, only requests that contain the identity internal to the SSL tunnel and not the anonymous identity (I don't know if this is the right way to do it, but it's the only solution I find it to work). With this setting the system runs well. Now I want that only users coming from the domain "@mydomain.com" and having a name of only numbers can access the MySQL, so I change that line to: DEFAULT Freeradius-Proxied-To == 127.0.0.1, NAS-Identifier =~ "^(^(NASSQL))", User-Name =~ "^(^[0-9]+)(@mydomain.com)$", Autz-Type := SQL This seems to work when not using MySQL, but the problem arises when doing the SQL request: seem that when using the regular expression the User-Name got canceled This is the relevant part of the log with Suffix but without regular expression on the User-Name : radius_xlat: '57920' rlm_sql (sql): sql_set_user escaped user --> '57920' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM login_wireless WHERE Username = '57920' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM login_wireless WHERE Username = ' And this is the log with the regular expression on the User-Name: radius_xlat: '' modcall[authorize]: module "sql" returns fail for request 7 modcall: group Autz-Type returns fail for request 7 PEAP: Got tunneled reply RADIUS code 0 PEAP: Unknown RADIUS packet type 0: rejecting tunneled user rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 Now radius_xlat is '' and not '57920' as in the precedent request. What am I doing wrong? Thanks, Fabio Pedretti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html