Re: usergroup problems with separate auth and accounting databases

Thu, 26 Aug 2010 14:37:40 -0700 

Alan DeKok wrote:

Trey Scarborough wrote:

All I am trying to do is run the radius auth querys on a database on one
machine and the accounting on another in another database. The problem I
am seeing is that when the additional sql configuration is put in for
the  accounting database it begins to use that configuration for the
group_membership_query


  Uh... no.  Nothing in the SQL accounting configuration uses the group
membership query.  See the source code.


  

Exactly my problem and why I don't understand why it breaks the 
authorization radius reply attributes.

which is not in the accounting database and
fails. If I remove the sql-auth from the accounting configuration it
runs fine using the rad-auth sql configuration. Here is the exerts from
my configuration. I am trying to set some radreply items with sql and
some by the users file by group. This works fine until I try to seperate
the databases.

    


  Let me guess... you have policies for accounting which use "SQL-Group"?

  

No It breaks the Authentication when I add the Accounting  configuration

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


  


Here is another more specific output from a debug

It runs like this without the accounting configuration

[sql-auth] sql_groupcmp
[sql-auth]      expand: %{User-Name} -> t...@testdomain.net
[sql-auth] sql_set_user escaped user --> 't...@testdomain.net'
rlm_sql (sql-auth): Reserving sql socket id: 3

rlm_sql_mysql: query:  SELECT GroupName FROM usergroup WHERE 
UserName='t...@testdomain.net'

[sql-auth] sql_groupcmp finished: User is a member of group active
rlm_sql (sql-auth): Released sql socket id: 3


Runs like this when I add the rad-acct to accounting. It appears to be 
using the sql-acct for the sql_groupcmp for some reason.


[sql-auth] sql_groupcmp
[sql-auth]      expand: %{User-Name} -> t...@testdomain.net
[sql-auth] sql_set_user escaped user --> 't...@testdomain.net'
rlm_sql (sql-acct): Reserving sql socket id: 4
rlm_sql (sql-acct): Released sql socket id: 4
[sql-auth] sql_groupcmp finished: User is NOT a member of group active


Any ideas as to why It would do this?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to