Hello, sorry to ask again about this isuue, but I can't get the correct configuration.
I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO I want to filter users login from fixed NAS,but I always get an reject. I don't understand why in the example bellow: ++[request] returns notfound Thank you very much. EXAMPLE My SQL database: mysql> select * from radcheck; +----+------------+--------------------+----+-------------+ | id | username | attribute | op | value | +----+------------+--------------------+----+-------------+ | 1 | ana | Cleartext-Password | := | claveAna | +----+------------+--------------------+----+-------------+ 1 rows in set (0.00 sec) mysql> select * from radreply; +----+----------+---------------+----+--------------------------+ | id | username | attribute | op | value | +----+----------+---------------+----+--------------------------+ | 1 | ana | Reply-Message | += | Hola Anita | +----+----------+---------------+----+--------------------------+ 1 rows in set (0.00 sec) mysql> select * from radusergroup; +----------+-----------+----------+ | username | groupname | priority | +----------+-----------+----------+ | ana | CAU1 | 0 | +----------+-----------+----------+ 1 rows in set (0.00 sec) mysql> select * from radgroupcheck; +----+-----------+----------------+----+--------+ | id | groupname | attribute | op | value | +----+-----------+----------------+----+--------+ | 1 | CAU1 | Huntgroup-Name | == | pccau1 | | 2 | CAU1 | Auth-Type | := | Accept | +----+-----------+----------------+----+--------+ 2 rows in set (0.00 sec) mysql> select * from radgroupreply; +----+-----------+---------------+----+------------------------------+ | id | groupname | attribute | op | value | +----+-----------+---------------+----+------------------------------+ | 1 | CAU1 | Reply-Message | += | Hola miembros del grupo CAU1 | +----+-----------+---------------+----+------------------------------+ 1 rows in set (0.00 sec) mysql> select * from nas; +----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+ | id | nasname | shortname | type | ports | secret | server | community | description | +----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+ | 1 | X.X.X.X | pcCAU1 | other | NULL | cau123 | NULL | NULL | CAU1 computer | +----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+ 1 rows in set (0.00 sec) In my users file: debian:/etc/freeradius# cat users DEFAULT Auth-Type := Reject bob Cleartext-Password := "hello" Reply-Message = "Hola %{User-Name}" My default server: authorize { update request { Huntgroup-Name = "%{sql:select shortname from nas where nasname=\"%{Client-IP-Address}\"}" } preprocess mschap suffix eap { ok = return } files sql expiration pap } Request with radtest + ana + pcCAU1 rad_recv: Access-Request packet from host X.X.X.X port 45281, id=133, length=55 User-Name = "ana" User-Password = "claveAna" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 +- entering group authorize {...} sql_xlat expand: %{User-Name} -> ana sql_set_user escaped user --> 'ana' expand: select shortname from nas where nasname="%{Client-IP-Address}" -> select shortname from nas where nasname="X.X.X.X" expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: select shortname from nas where nasname="X.X.X.X" sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:select shortname from nas where nasname="%{Client-IP-Address}"} -> pcCAU1 ++[request] returns notfound ++[preprocess] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "ana", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 9 ++[files] returns ok [sql] expand: %{User-Name} -> ana [sql] sql_set_user escaped user --> 'ana' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'ana' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'ana' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'ana' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'ana' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = BINARY 'ana' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = BINARY 'ana' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'CAU1' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'CAU1' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok [expiration] Checking Expiration time: '02 Dec 2010' ++[expiration] returns ok [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = Reject Auth-Type = Reject, rejecting user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [sql] expand: %{User-Name} -> ana [sql] sql_set_user escaped user --> 'ana' [sql] expand: INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( '%{User-Name}', '%{Calling-Station-Id}', '%C', '%{Nas-IP-Address}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Reject', NOW()) [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Reject', NOW()) rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Reject', NOW()) rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [attr_filter.access_reject] expand: %{User-Name} -> ana attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 133 to X.X.X.X port 45281 Reply-Message += "Hola Anita" Sorry for my english. -- ____________________ Ana Gallardo Gómez ____________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html