Hi,
I have installed and tested freeradius-2 for a short while.
I tested the behavior of the groups in the sql module, because
this is what I am interested for right now. In general it works
as described in the docs. However I still find some things
that do not work as expected (or at least as I expect them
to work).
In case that somebody is interested in bug reports, this
is what I have found out:
* Setting the attribute User-Profile in the table radcheck
or radreply doesn't work as described in the docs:
7. Finally, if the user has a User-Profile attribute set
or the Default Profile option is set in the sql.conf, then
steps 4-6 are repeated for the groups that the profile is
a member of.
* Setting the attribute Auth-Type:=Accept or Auth-Type:=Reject
in the table radgroupreply doesn't work. Maybe it is
not supposed to work, but why not?
* Trying to set the password with Cleartext-Password:=xyz
in radgroupcheck or radgroupreply doesn't work. Maybe
it is not supposed to work, but why not?
Regards,
Dashamir
Dashamir Hoxha wrote:
Hi,
Actually, what I am trying to do is this:
I have several access points that have hotspot
and use radius for AAA. I would like to register
users in radius so that they are able to login
using some of the access points, and not able to
login using the others.
The way that I was trying to do it is like this:
Suppose that there are the access points A1, A2, A3
and the user 'test' should be able to access the
internet only from A1 and A3. The data in radius
that would make this scenario work, could be like this:
radcheck:
+------+----------+------------------+----+-------+
| id | UserName | Attribute | op | Value |
+------+----------+------------------+----+-------+
| 5272 | test | User-Password | := | test |
| 5262 | test | Simultaneous-Use | := | 5 |
+------+----------+------------------+----+-------+
radreply:
+----+----------+---------------+----+----------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+----------+
| 42 | test | Auth-Type | := | Reject |
| 43 | test | Fall-Through | := | Yes |
+----+----------+---------------+----+----------+
usergroup:
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| test | A1 | 1 |
| test | A2 | 1 |
| test | A3 | 1 |
+----------+-----------+----------+
radgroupcheck:
+----+-----------+----------------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+----------------+----+-------+
| 42 | A1 | NAS-Identifier | == | ID-A1 |
| 43 | A2 | NAS-Identifier | == | ID-A2 |
| 44 | A2 | NAS-Identifier | == | ID-A3 |
+----+-----------+----------------+----+-------+
radgroupreply:
+----+-----------+---------------+----+--------+
| id | GroupName | Attribute | op | Value |
+----+-----------+---------------+----+--------+
| 52 | A1 | Auth-Type | := | Accept |
| 53 | A1 | Fall-Through | := | No |
| 54 | A2 | Auth-Type | := | Reject |
| 55 | A2 | Fall-Through | := | Yes |
| 56 | A3 | Auth-Type | := | Accept |
| 57 | A3 | Fall-Through | := | No |
+----+-----------+---------------+----+--------+
However, if the radius does not follow the algorithm
described in http://wiki.freeradius.org/Rlm_sql,
then this setup should not work.
Do you have any suggestion or idea on how to make the
scenario above work?
Regards,
Dashamir
Dashamir Hoxha wrote:
I have installed freeradius-1.1.7 in fedora8. However I find that the
module
rlm_sql does not work as described in this page:
http://wiki.freeradius.org/Rlm_sql
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
