Dear All,
I am trying to implement huntgroups via MySQL according to http://wiki.freeradius.org/SQL_Huntgroup_HOWTO On difference is the assignment of huntgroups not according to NAS-IP, but to Called-Station-Id. The goal is to suppress roaming between hotspot routers, between groups of hotspots. For that purpose I have inserted the code ... update request { Huntgroup-Name := "%{sql02:select groupname from radhuntgroup where calledstationid = '%{Called-Station-Id}'}" } ... In lieu of the module 'preprocess' into group 'authorize', as advised in the HOWTO. I have maintained the following entries in SQL tables: `radhuntgroup` `id`, `groupname`, `calledstationid` 1, 'Test-Rejec', '00-1D-7E-E7-96-9F' `usergroup` `UserName`, `GroupName`, `priority` 'yubvef13', 'TestGroup', 1 `radgroupcheck` `id`, `GroupName`, `Attribute`, `op`, `Value` 1, 'TestGroup', 'Huntgroup-Name', ':=', 'Test' One would expect the user to be rejected if the user tries to log in to the router with the Called-Station-Id '00-1D-7E-E7-96-9F', However, the user is authenticated and not rejected. Here the relevant parts of the debug: ... Mon Jan 19 20:57:03 2009 : Info: sql_xlat Mon Jan 19 20:57:03 2009 : Debug: expand: %{User-Name} -> yubvef13 Mon Jan 19 20:57:03 2009 : Info: sql_set_user escaped user --> 'yubvef13' Mon Jan 19 20:57:03 2009 : Debug: expand: select groupname from radhuntgroup where calledstationid = '%{Called-Station-Id}' -> select groupname from radhuntgroup where calledstationid = '00-1D-7E-E7-96-9F' Mon Jan 19 20:57:03 2009 : Debug: expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Reserving sql socket id: 3 Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query: select groupname from radhuntgroup where calledstationid = '00-1D-7E-E7-96-9F' Mon Jan 19 20:57:03 2009 : Info: sql_xlat finished Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Released sql socket id: 3 Mon Jan 19 20:57:03 2009 : Debug: expand: %{sql02:select groupname from radhuntgroup where calledstationid = '%{Called-Station-Id}'} -> Test-Rejec Mon Jan 19 20:57:03 2009 : Info: ++[request] returns notfound Mon Jan 19 20:57:03 2009 : Info: ++[chap] returns noop Mon Jan 19 20:57:03 2009 : Info: ++[mschap] returns noop Mon Jan 19 20:57:03 2009 : Info: [suffix] No '@' in User-Name = "yubvef13", looking up realm NULL Mon Jan 19 20:57:03 2009 : Info: [suffix] No such realm "NULL" Mon Jan 19 20:57:03 2009 : Info: ++[suffix] returns noop Mon Jan 19 20:57:03 2009 : Info: [eap] No EAP-Message, not doing EAP Mon Jan 19 20:57:03 2009 : Info: ++[eap] returns noop Mon Jan 19 20:57:03 2009 : Info: ++- entering redundant-load-balance group sql0203 {...} Mon Jan 19 20:57:03 2009 : Debug: expand: %{User-Name} -> yubvef13 Mon Jan 19 20:57:03 2009 : Info: [sql02] sql_set_user escaped user --> 'yubvef13' Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Reserving sql socket id: 2 Mon Jan 19 20:57:03 2009 : Debug: expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'yubvef13' ORDER BY id Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'yubvef13' ORDER BY id Mon Jan 19 20:57:03 2009 : Info: [sql02] User found in radcheck table Mon Jan 19 20:57:03 2009 : Debug: expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'yubvef13' ORDER BY id Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'yubvef13' ORDER BY id Mon Jan 19 20:57:03 2009 : Debug: expand: SELECT groupname FROM usergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = BINARY 'yubvef13' ORDER BY priority Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query: SELECT groupname FROM usergroup WHERE username = BINARY 'yubvef13' ORDER BY priority Mon Jan 19 20:57:03 2009 : Debug: expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestGroup' ORDER BY id Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'TestGroup' ORDER BY id Mon Jan 19 20:57:03 2009 : Info: [sql02] User found in group TestGroup Mon Jan 19 20:57:03 2009 : Debug: expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestGroup' ORDER BY id Mon Jan 19 20:57:03 2009 : Debug: rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'TestGroup' ORDER BY id Mon Jan 19 20:57:03 2009 : Debug: rlm_sql (sql02): Released sql socket id: 2 Mon Jan 19 20:57:03 2009 : Info: +++[sql02] returns ok ... One thing I don't get is, why is the rlm_sql_mysql module finding the Hungroup-Name 'Test-Rejec' correctly, but module 'request' returns not found? The user is found in radgroupchek for the correct usergroup 'TestGroup'. As the values in radgroupcheck and radgroupreplycheck do not match, the user should be rejected, but the user is accepted. What am I doing wrong?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html