Someone posted that many readers of this list don't have HTML mail readers, so I cleaned up the spacing on the tables and am reposting this in text so all can read it.
Scott Reed Owner NewWays Wireless Networking Network Design, Installation and Administration www.nwwnet.net ---------- Original Message ----------- From: "Scott Reed" <[EMAIL PROTECTED]> To: FreeRadius users mailing list <[email protected]> Sent: Thu, 6 Apr 2006 07:54:08 -0500 Subject: Re: User in Multiple Groups > I did not usurp a thread, I reposted my own. > > I changed radcheck to have := instead of ==. No change. > > First query returns: > +----+--------------+--------------+-------------+----+ > | id | GroupName | Attribute | Value | op | > +----+--------------+--------------+-------------+----+ > | 28 | MS1-AP1 | Service-Type | Framed-User | == | > | 31 | Router-Admin | Service-Type | Login-User | == | > +----+--------------+--------------+-------------+----+ > Second query returns > +----+--------------+-------------------+-------+----+ > | id | GroupName | Attribute | Value | op | > +----+--------------+-------------------+-------+----+ > | 34 | Router-Admin | Mikrotik-Group | full | = | > | 39 | Router-Admin | Fall-Through | Yes | = | > | 37 | MS1-AP1 | Fall-Through | Yes | = | > | 33 | MS1-AP1 | Port-Limit | 128k | = | > +----+--------------+-------------------+-------+----+ > > I have a document from the FreeRadius WIKI (rlm_sql) that says, "Processing continues to the next group IF: > There was not a match for the last group's check items OR > Fall-Through was set in the last group's reply items. > If the user logs into a router, the request is for Login-User and they should get the Router-Admin replies. If they log in to an AP, the request is Framed-User and they should get the AP replies. > > Scott Reed > Owner > NewWays > Wireless Networking > Network Design, Installation and Administration > www.nwwnet.net > > ---------- Original Message ----------- > From: Phil Mayers <[EMAIL PROTECTED]> > To: FreeRadius users mailing list <[email protected]> > Sent: Thu, 06 Apr 2006 13:22:39 +0100 > Subject: Re: User in Multiple Groups > > > Scott Reed wrote: > > > I have searched the archive and came close to figuring this out, but I have not > > > > Don't start your query as part of another thread please. > > > > > > > > Configuration tables: > > > 1 USERGROUP > > > 2 80 sreed MS1-AP1 > > > 3 76 treed MS1-AP1 > > > 4 78 sreed Router-Admin > > > 5 79 treed Router-Admin > > > 6 81 dreed Router-Admin > > > 7 > > > 8 RADCHECK > > > 9 331 dreed User-Password == password > > > 10 269 treed User-Password == password > > > 11 267 sreed User-Password == password > > > > This should be ":=" for User-Password. If the match is failing, that may > > be the issue. > > > > > 12 > > > 13 RADGROUPCHECK > > > 14 31 Router-Admin Service-Type == Login-User > > > 15 28 MS1-AP1 Service-Type == Framed-User > > > 16 > > > 17 RADREPLY > > > 18 33 sreed Fall-Through = yes > > > 19 43 treed Fall-Through = yes > > > 20 > > > 21 RADGROUPREPLY > > > 22 33 MS1-AP1 Port-Limit = 128k 15 > > > 23 34 Router-Admin Mikrotik-Group = full 10 > > > 24 39 Router-Admin Fall-Through = Yes 10 > > > 25 37 MS1-AP1 Fall-Through = Yes 15 > > > > I don't think Fall-Through does anything in rlm_sql. What are you > > expecting it to do? > > > > > rad_recv: Access-Request packet from host 192.168.100.13:1201, id=166, length=83 > > > Service-Type = Login-User > > > User-Name = "treed" > > > User-Password = "password" > > > Calling-Station-Id = "192.168.100.240" > > > NAS-Identifier = "HotSpot" > > > NAS-IP-Address = 192.168.100.13 > > > Processing the authorize section of radiusd.conf > > > modcall: entering group authorize for request 1 > > > modcall[authorize]: module "preprocess" returns ok for request 1 > > > modcall[authorize]: module "chap" returns noop for request 1 > > > modcall[authorize]: module "mschap" returns noop for request 1 > > > rlm_realm: No '@' in User-Name = "treed", looking up realm NULL > > > rlm_realm: No such realm "NULL" > > > modcall[authorize]: module "suffix" returns noop for request 1 > > > radius_xlat: 'treed' > > > rlm_sql (sql): sql_set_user escaped user --> 'treed' > > > rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > > > Username = 'treed' ORDER BY id > > > rlm_sql_mysql: query: SELECT > > > radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op > > > FROM radgroupcheck,usergroup WHERE usergroup.Username = 'treed' AND > > > usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id > > > > What is the result of this query if you execute it directly against the > > database? > > > > > rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > > > Username = 'treed' ORDER BY id > > > > > rlm_sql_mysql: query: SELECT > > > radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op > > > FROM radgroupreply,usergroup WHERE usergroup.Username = 'treed' AND > > > usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.prio > > > > Again, what does this query give against the database? > > > > > rlm_sql (sql): No matching entry in the database for request from user [treed] > > > > This error code is returned if the check items don't match the request. > > > > Possibly take a look in: > > > > src/modules/rlm_sql/rlm_sql.c > > > > ...around line 860 (depending on the version you're running) and > > uncomment these lines: > > > > /* > > * Uncomment these lines for debugging > > * Recompile, and run 'radiusd -X' > > */ > > > > /* > > DEBUG2("rlm_sql: check items"); > > vp_listdebug(check_tmp); > > DEBUG2("rlm_sql: reply items"); > > vp_listdebug(reply_tmp); > > */ > > > > ...then recompile and run again. > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > ------- End of Original Message ------- > ------- End of Original Message ------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
