Alan,
Thanks for the advice. I uninstalled the old version of FreeRADIUS on my
test server and grabbed the newest CVS snapshot this morning. radiusd -v
outputs:
radiusd: FreeRADIUS Version 0.5, for host i686-pc-linux-gnu, built on Jan 25
2002 at 09:46:13
The dates on both the radiusd executable and rlm_sql_mysql lib in /usr/lib
are from this morning, so I know they were updated. I then updated the MySQL
schema from the new db_mysql.sql file.
My current MySQL radgroupcheck table schema looks like:
+----+-----------+-------------------------+---------------------------------------+------+
| id | GroupName | Attribute | Value
| op |
+----+-----------+-------------------------+---------------------------------------+------+
| 1 | default | Auth-Type | Crypt-Local
| = |
| 2 | default | Service-Type | Framed-User
| = |
| 3 | default | Framed-Protocol | PPP
| = |
| 4 | default | X-Ascend-Assign-IP-Pool | 0
| = |
| 5 | default | X-Ascend-Data-Filter | ip input forward tcp est
| += |
| 6 | default | X-Ascend-Data-Filter | ip in forward dstip
216.237.152.16/28 | += |
| 7 | default | X-Ascend-Data-Filter | ip in drop tcp dstport = 25
| += |
| 8 | default | X-Ascend-Data-Filter | ip in forward
| += |
| 9 | default | X-Ascend-Idle-Limit | 1800
| = |
+----+-----------+-------------------------+---------------------------------------+------+
When I run a radtest, under radiusd -x it is printing the following as the
SELECT statements:
SELECT id,uid,'Crypt-Password',c_passwd,'=' FROM user WHERE uid = 'test'
ORDER BY id LIMIT 10
SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,user WHERE user.uid = 'test' AND 'default' =
radgroupcheck.GroupName ORDER BY radgroupcheck.id LIMIT 10
SELECT id,uid,'Crypt-Password',c_passwd,'=' FROM user WHERE uid = 'test'
ORDER BY id LIMIT 10
SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,user WHERE user.uid = 'test' AND 'default' =
radgroupreply.GroupName ORDER BY radgroupreply.id LIMIT 10
I have replaced a couple of SELECT parts with '' constants, since all of the
users will have the same vaule for the appropriate column.
However, I am still unable to get it to return more than one
X-Ascend-Data-Filter statement. A sample radtest:
rad_recv: Access-Accept packet from host 10.1.1.5:1645, id=2, length=78
Service-Type = Framed-User
Framed-Protocol = PPP
X-Ascend-Assign-IP-Pool = 0
X-Ascend-Data-Filter = "ip input forward tcp"
X-Ascend-Idle-Limit = 1800
If I remove the first X-Ascend-Data-Filter statement in my radgroupcheck
table, then the second one outputs, but still only that one.
My current incantation of RADIUS is using Cistron 1.5.x and a
/etc/raddb/users file. A sample user looks like:
test Auth-Type = Local, Password = "1234"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Ascend-Assign-IP-Pool = 0,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip 216.237.152.16/28",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in forward",
Ascend-Idle-Limit = 1800
And returns with radtest:
Service-Type = Framed-User
Framed-Protocol = PPP
X-Ascend-Assign-IP-Pool = 0
X-Ascend-Data-Filter = "ip input forward tcp"
X-Ascend-Data-Filter = "ip input forward 0 dstip 216.237.152.16/28"
X-Ascend-Data-Filter = "ip input drop tcp dstport = 25"
X-Ascend-Data-Filter = "ip input forward 0"
X-Ascend-Idle-Limit = 1800
As you can see, I'm not using "+=" with my current version and it's still
returning all four attributes. Although, I have put "+=" in my radgroupreply
table, because from what I can tell it's the proper syntax anyways.
But, it's still only showing "=" in the radtest, not "+=" I have checked the
syntax of the SELECT statement and it looks ok to me.
Sorry for the length of this e-mail, and I'm sure I'm missing something here.
Thanks again for the help and thanks for FreeRADIUS, it's about to make my
life a whole lot easier. :)
Jeremy
On Thursday 24 January 2002 01:24 pm, you wrote:
> Jeremy Brown <[EMAIL PROTECTED]> wrote:
> > Everything in the radgroupreply table comes back ok, except if I have to
> > different rows with the same Attribute name, in which case it is only
> > displaying the first instance of the attribute name.
>
> Grab the latest CVS snapshot, and update the SQL schema.
>
> The schema now supports operators, like the 'users' file. So you
> can add an entry to the row with "+=", to tell it to add multiple
> attributes of the same type.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
