> I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and > Nomadix-BW-Down. They are included in the dictionary.nomadix that > shipped with my installed version, 2.1.8 running on CentOS. > > I am using a MySQL backend and have tried adding the attributes in > radgroupreply (for user group) and radreply (for user), both without > success. I have tried +=, ==, and := as operators, also without > success. > > raddiusd -X does not complain about any of these, and the user > authenticates but has a full pipe for BW, rather than the designated > 768/256 Down/Up.
I've got this working now when assigning the attributes to a user profile (radreply), but when when passed from a group profile (radgroupreply) the attributes are not being sent. radiusd -X shows that freeradius is not performing the same queries as it does with other users/groups; the query for radgroupreply items is not being done. rad_recv: Access-Request packet from host xx.xx.xx.xx port 41155, id=155, length=51 User-Password = "password" User-Name = "memwg140412" Wed Apr 4 22:18:50 2012 : Info: +- entering group authorize {...} Wed Apr 4 22:18:50 2012 : Info: ++[preprocess] returns ok Wed Apr 4 22:18:50 2012 : Info: ++[chap] returns noop Wed Apr 4 22:18:50 2012 : Info: ++[mschap] returns noop Wed Apr 4 22:18:50 2012 : Info: [suffix] No '@' in User-Name = "memwg140412", looking up realm NULL Wed Apr 4 22:18:50 2012 : Info: [suffix] No such realm "NULL" Wed Apr 4 22:18:50 2012 : Info: ++[suffix] returns noop Wed Apr 4 22:18:50 2012 : Info: [sql] expand: %{User-Name} -> memwg140412 Wed Apr 4 22:18:50 2012 : Info: [sql] sql_set_user escaped user --> 'memwg140412' Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 1 Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'memwg140412' ORDER BY id Wed Apr 4 22:18:50 2012 : Info: [sql] User found in radcheck table Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'memwg140412' ORDER BY id Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}'ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'memwg140412' ORDER BY priority Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'password-group' ORDER BY id Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Released sql socket id: 1 Wed Apr 4 22:18:50 2012 : Info: ++[sql] returns ok Wed Apr 4 22:18:50 2012 : Info: ++[expiration] returns noop Wed Apr 4 22:18:50 2012 : Info: ++[logintime] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[noresetcounter] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[dailycounter] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[monthlycounter] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[daypasscounter] returns noop Wed Apr 4 22:18:50 2012 : Info: ++[pap] returns updated Wed Apr 4 22:18:50 2012 : Info: Found Auth-Type = PAP Wed Apr 4 22:18:50 2012 : Info: +- entering group PAP {...} Wed Apr 4 22:18:50 2012 : Info: [pap] login attempt with password "password" Wed Apr 4 22:18:50 2012 : Info: [pap] Using clear text password "password" Wed Apr 4 22:18:50 2012 : Info: [pap] User authenticated successfully Wed Apr 4 22:18:50 2012 : Info: ++[pap] returns ok Wed Apr 4 22:18:50 2012 : Auth: Login OK: [memwg140412] (from client wolfchase-gateway port 0) Wed Apr 4 22:18:50 2012 : Info: +- entering group post-auth {...} Wed Apr 4 22:18:50 2012 : Info: [sql] expand: %{User-Name} -> memwg140412 Wed Apr 4 22:18:50 2012 : Info: [sql] sql_set_user escaped user --> 'memwg140412' Wed Apr 4 22:18:50 2012 : Info: [sql] expand: %{User-Password} -> password Wed Apr 4 22:18:50 2012 : Info: [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}','%{%{User-Password}:-%{Chap-Password}}','%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('memwg140412', 'password', 'Access-Accept', '2012-04-04 22:18:50') Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('memwg140412','password','Access-Accept', '2012-04-04 22:18:50') Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 0 Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Released sql socket id: 0 Wed Apr 4 22:18:50 2012 : Info: ++[sql] returns ok Wed Apr 4 22:18:50 2012 : Info: ++[exec] returns noop Sending Access-Accept of id 155 to xx.xx.xx.xx port 41155 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html