Dear list,
I'm having a hard time learning how to use the attribute
properties correctly in my mysql/radius database and my test enviroment
is freeradius 1.1.3 / debian etch. What I'm trying to do is to establish
a 'suspended' user group which receives a Framed-IP-Address attribute of
10.10.0.2+, and which overrides any previously assigned
Famed-IP-Address, if present. I know that group processing is happening,
because I can add attributes to the suspended group and my test user
gets those attributes. I am adding the Framed-IP-Address attribute in
the radreply table, but it is not being overwritten from the one set by
radgroupreply. If I remove this from radreply, then the ip assigned in
suspended group is applied. If I change the one in radgroupreply to use
the += operator, then it returns both ip addresses in the reply. But I
can't seem to get := to overwrite like the docs says it does.
Here is a dump of my sample sql tables:
mysql> select * from radcheck ;
+----+----------+---------------+----+-----------------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+-----------------+
| 2 | joe.user | User-Password | == | ididntpaymybill |
+----+----------+---------------+----+-----------------+
mysql> select * from radreply ;
+----+----------+-------------------+----+---------+
| id | UserName | Attribute | op | Value |
+----+----------+-------------------+----+---------+
| 2 | joe.user | Framed-IP-Address | = | 1.2.3.4 |
+----+----------+-------------------+----+---------+
mysql> select * from usergroup ;
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| joe.user | suspended | 1 |
+----------+-----------+----------+
mysql> select * from radgroupcheck ;
+----+-----------+-----------------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-----------------+----+-------+
| 3 | dynamic | Framed-Protocol | == | PPP |
| 4 | suspended | Framed-Protocol | == | PPP |
+----+-----------+-----------------+----+-------+
mysql> select * from radgroupreply ;
+----+-----------+-------------------+----+-----------------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-------------------+----+-----------------+
| 6 | suspended | Framed-Netmask | = | 255.255.255.255 |
| 5 | suspended | Framed-IP-Address | = | 10.10.0.2+ |
| 7 | dynamic | Framed-IP-Address | := | 255.255.255.255 |
+----+-----------+-------------------+----+-----------------+
Here is the results of running radtest on this user:
radtest joe.user ididntpaymybill localhost 0 testing123
Sending Access-Request of id 140 to 127.0.0.1 port 1812
User-Name = "joe.user"
User-Password = "ididntpaymybill"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=140, length=32
Framed-IP-Address = 1.2.3.4
Framed-IP-Netmask = 255.255.255.255
What I am trying to accomplish is simply to allow us to put
overdue users into the 'suspended' group, which will hand out a
different set of ip addresses than their normal non-suspended
configuration. I realise I could be approaching this all wrong but
right now I simply set those items (framed-ip-address, framed-route, and
etc) in the radreply table and I don't want to remove those items from
the database, just override them.
Any pointers would be greatly appreciated.
Mike-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
