Hello, I want to send the NoCat user Class in the Access-Accept.
I don't know if I can send an attribute defined by me. I have defined an attributed: # cat /etc/freeradius/dictionary $INCLUDE /usr/share/freeradius/dictionary ATTRIBUTE NoCat-User-Class 3000 string And I put this attribute in the reply list with MySQL: mysql> select * from radgroupreply; +----+-----------+------------------+----+------------------------------+ | id | groupname | attribute | op | value | +----+-----------+------------------+----+------------------------------+ | 6 | MEMBER | NoCat-User-Class | := | Member | +----+-----------+------------------+----+------------------------------+ mysql> select * from radusergroup; +----------+-----------+----------+ | username | groupname | priority | +----------+-----------+----------+ | ana | CAU1 | 0 | | ana | MEMBER | 8 | +----------+-----------+----------+ But the server don send this attribute to the user. Debug info: rad_recv: Access-Request packet from host X port 33606, id=250, length=55 User-Name = "ana" User-Password = "claveAna" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 +- entering group authorize {...} sql_xlat expand: %{User-Name} -> ana sql_set_user escaped user --> 'ana' expand: select shortname from nas where nasname="%{Client-IP-Address}" -> select shortname from nas where nasname="X" expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: select shortname from nas where nasname="X" sql_xlat finished rlm_sql (sql): Released sql socket id: 3 expand: %{sql:select shortname from nas where nasname="%{Client-IP-Address}"} -> pcCAU1 ++[request] returns notfound ++[preprocess] returns ok ++[mschap] returns noop [suffix] No '@' in User-Name = "ana", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> ana [sql] sql_set_user escaped user --> 'ana' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'ana' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'ana' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'ana' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'ana' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = BINARY 'ana' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = BINARY 'ana' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'CAU1' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'CAU1' ORDER BY id [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'MEMBER' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'MEMBER' ORDER BY id [sql] User found in group MEMBER [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'MEMBER' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'MEMBER' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok [expiration] Checking Expiration time: '02 Dec 2010' ++[expiration] returns ok ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "claveAna" [pap] Using clear text password "claveAna" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} [sql] expand: %{User-Name} -> ana [sql] sql_set_user escaped user --> 'ana' [sql] expand: INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( '%{User-Name}', '%{Calling-Station-Id}', '%C', '%{Nas-IP-Address}', '%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Accept', NOW()) [sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: INSERT INTO radpostauth (username, mac, client, nas, reply, authdate) VALUES ( 'ana', '', 'pcCAU1', '127.0.1.1', 'Access-Accept', NOW()) rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok Sending Access-Accept of id 250 to X port 33606 Reply-Message += "Hola Anita" Session-Timeout = 18189945 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 250 with timestamp +6 Ready to process requests. I have found the attribute Class but I think that is more complex than I need. Some sugestion?? Thank you very much and sorry for my english. -- ____________________ Ana Gallardo Gómez ____________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html