move /etc/raddb/users file to mysql

2013-01-28 Thread Stefan König 
Hello List,

I inherited an old freeradius 1.1.8 system which is configured to use a
mysql DB.
So far so good, but now I discovered, that someone also created a
/etc/raddb/users file with some DEFAULT information in it.
The funny thing is, that I have also some DEFAULT information in my DB
in radgroupreply, which is where I think the data from the "users" file
belongs.
As far as I see in our config, the flat files have precedence over SQL.

I am not very deep into freeradius, so I have some questions which I
hope someone can answer:

1) Does the data from the "users" file go into radgroupreply table?
2) I have a DEFAULT groupname in the DB and in the flat file, will I
have to rename the flat file DEFAULT groupname to something else to
avoid problems?
3) "op" needs to be "=~" and ":=" for the first to settings and "==" for
all the following?

For your reference here is the anonymized content of my users file:

DEFAULT User-Name =~"@example\.net$",
Auth-Type := "Accept"
Context-Name == local,
Tunnel-Domain == 1,
Tunnel-Type == L2TP,
Tunnel-Medium-Type == IP,
Tunnel-Client-Endpoint == xxx.xxx.xxx.xxx,
Tunnel-Server-Endpoint == yyy.xxx.xxx.xxx,
Tunnel-Password == password,
Tunnel-Assignment-Id == zzz.xxx.xxx.xxx,
Tunnel-Function == 1,
Tunnel-Local-Name == EXAMPLE.NET


Thanks for any help or hints!


regards
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RES: Stuck with exec script from radgroupreply sql table

2012-07-05 Thread Stefan König 

lscrlstld schrieb:
>> I want to set a dynamic "Session-Timeout" for certain groups. For
>> testing purposes I created a TESTGROUP in the database table
>> radgroupreply with an entry like this:
>>
>> id GroupName Attribute  Value op
>> 263TESTGROUP Session-Timeout `%{exec:/var/skripte/test.sh}`
>> 
>> Try to use a mysql procedure to return this value in the stand query.
>>
>> 

Hm thanks. I try to achieve, that users in certain groups have another
Session-Timeoutthan users from other groups.
I am not THAT much into mysql, but is it possible to form this into a
sane query?
Implement IF clauses depending if a user is in TESTGROUP and then
returning AV pairs?
Aren't such control flow functions  quite slow in mysql?
But executing a script might not be a fast solution too :)


thx
regards




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Stuck with exec script from radgroupreply sql table

2012-07-05 Thread Stefan König 
Hello List,

I am stuck with executing a script from my radgroupreply sql table and
hope someone can point me into the right direction, as I have been
fiddling around with this for days and lost my way.

I want to set a dynamic "Session-Timeout" for certain groups. For
testing purposes I created a TESTGROUP in the database table
radgroupreply with an entry like this:

id GroupName Attribute  Value op
263TESTGROUP Session-Timeout `%{exec:/var/skripte/test.sh}`
==

my test.sh looks like this:

#!/bin/bash
logger "done"
echo 9


When I start radiusd in debug mode everything looks good, the user is
found, the group is found, then the script is executed.
But then there is no "exec output"...
I am sure I am missing a crucial step! Hope someone can help.

Here is the log output:

[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op   FROM
radreply   WHERE username = '%{SQL-User-Name}'   ORDER
BY id -> SELECT id, username, attribute, value, op   FROM
radreply   WHERE username = 'testradius'   ORDER BY id
[sql]   expand: SELECT groupname   FROM usergroup  
WHERE username = '%{SQL-User-Name}'   ORDER BY priority ->
SELECT groupname   FROM usergroup   WHERE username =
'testradius'   ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,   Value,
op   FROM radgroupcheck   WHERE groupname =
'%{Sql-Group}'   ORDER BY id -> SELECT id, groupname,
attribute,   Value, op   FROM radgroupcheck  
WHERE groupname = 'TESTGROUP'   ORDER BY id
[sql] User found in group TESTGROUP
[sql]   expand: SELECT id, groupname, attribute,   value,
op   FROM radgroupreply   WHERE groupname =
'%{Sql-Group}'   ORDER BY id -> SELECT id, groupname,
attribute,   value, op   FROM radgroupreply  
WHERE groupname = 'TESTGROUP'   ORDER BY id
[sql] Executing /var/skripte/test.sh
[sql] result 0
[sql]   expand: %{exec:/var/skripte/test.sh} ->
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
User-Password in the request is correct.
Login OK: [testradius] (from client LOCALHOST_TESTING port 1234)
# Executing section post-auth from file /etc/raddb//sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 21 to 192.168.171.174 port 54825
Framed-IP-Address == 10.0.0.1
Service-Type == Framed-User
Framed-Protocol == PPP
Framed-MTU == 1500
Framed-Routing == None
Session-Timeout == 0
Context-Name == "local"
Finished request 2.


Thanks!
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html