For my dial-out routes the password is always the same and I manage one per
dial-out site. It seemed somewhat intuitive for me to just use a group
'routes' and omit the 'route-1', 'route-2', etc. from the radcheck table.
When I do that, I still get authenticated (which is right) and I get back
the 'Dialout-Framed-User ' attribute that is in the radgroupreply (also
right). I don't get the attributes though that are in radreply (bad).
Why must I have something in the radcheck table in order to get the values
included from the radreply table?
query: SELECT id,UserName,Attribute,Value,op \
FROM radcheck WHERE Username = 'route-3' ORDER BY id
rlm_sql: User route-3 not found
Why doesn't this still query the radreply table then? Of what use is the
radgroupcheck table if radreply won't be queried even if there's a match?
Thanks,
peter
Here is an example without the row in radcheck:
localhost> radtest route-3 ascend localhost localhost secret
...
rad_recv: Access-Accept packet from host 127.0.0.1:1645, id=25, length=26
Service-Type = Outbound-User
Here is what I get with the row in radcheck (the only difference when
compared to the results just above):
localhost> radtest route-3 ascend localhost localhost secret
...
rad_recv: Access-Accept packet from host 127.0.0.1:1645, id=36, length=75
Framed-Route = "10.10.10.1/29 10.10.10.1 1 y tens-out"
Service-Type = Outbound-User
Note that it picked up the row in radreply this time.
For background, here is my database:
mysql> select * from usergroup where GroupName = 'routes';
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
| 16 | route-1 | routes |
| 17 | route-2 | routes |
| 18 | route-3 | routes |
| 19 | route-4 | routes |
+----+----------+-----------+
3 rows in set (0.01 sec)
mysql> select * from radgroupreply where GroupName = 'routes';
+----+-----------+--------------+---------------+------+------+
| id | GroupName | Attribute | Value | op | prio |
+----+-----------+--------------+---------------+------+------+
| 60 | routes | Service-Type | Outbound-User | = | 0 |
| 59 | routes | Auth-Type | Local | := | 0 |
+----+-----------+--------------+---------------+------+------+
2 rows in set (0.00 sec)
mysql> select * from radgroupcheck where GroupName = 'routes';
+----+-----------+-----------+--------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+-----------+--------+------+
| 2 | routes | Password | ascend | == |
+----+-----------+-----------+--------+------+
1 row in set (0.01 sec)
mysql> select * from radgroupcheck where GroupName = 'routes';
+----+-----------+---------------+--------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+---------------+--------+------+
| 2 | routes | User-Password | ascend | == |
+----+-----------+---------------+--------+------+
1 row in set (0.00 sec)
mysql> select * from radreply where UserName = 'route-3';
+-----+---------+--------------+---------------------------------------+----
| id | UserName| Attribute | Value | op
+-----+---------+--------------+---------------------------------------+----
| 258 | route-3 | Framed-Route | 10.10.10.1/29 10.10.10.1 1 y tens-out | =
+-----+---------+--------------+---------------------------------------+----
1 row in set (0.00 sec)
***** This is only here in the second test. *****
mysql> select * from radcheck where UserName = 'route-3';
+----+----------+---------------+--------+------+
| id | UserName | Attribute | Value | op |
+----+----------+---------------+--------+------+
| 31 | route-3 | User-Password | ascend | == |
+----+----------+---------------+--------+------+
1 row in set (0.00 sec)
Lastly, the trace from radiusd showing the queries:
query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'route-3' ORDER BY id
rlm_sql: User route-3 not found
query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'route-3' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'route-3' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
query: SELECT Value,Attribute FROM radcheck WHERE UserName = 'route-3' AND
( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute =
'Crypt-Password' ) ORDER BY Attribute DESC
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
