Hi,
Wther i'm missing something in docs or it is impossible to do more than
one groupcheck for the same username by sql.
I have two groups which should be authorized differently - group1:
DEFAULT Huntgroup-Name == MSK, Realm == domain.com, Auth-Type := Accept
Service-Type = Outbound-User,
Tunnel-Type = L2TP,
Tunnel-Server-Endpoint = xxx.yyy.97.71,
Cisco-AVpair += "vpdn:l2tp-tunnel-password=secret"
and group2:
DEFAULT Realm == domain.com, NAS-IP-Address == xxx.yyy.117.1
Framed-Protocol = PPP,
Service-Type = Framed,
Framed-IP-Netmask = 255.255.255.255,
cisco-avpair = "lcp:interface-config=peer default ip address
pool VRFNAM\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp ipcp wins
aaa.bbb.1.253\n"
What i can do:
insert into RADGROUPCHECK values('','group2','Realm','==','domain.com');
insert into RADGROUPCHECK
values('','group2','NAS-IP-Address','==','xxx.yyy.117.1');
insert into RADGROUPREPLY values('','group2','Framed-Protocol','=','PPP');
insert into RADGROUPREPLY values('','group2','Service-Type','=','Framed');
insert into RADGROUPREPLY
values('','group2','Framed-IP-Netmask','=','255.255.255.255');
insert into RADGROUPREPLY
values('','group2','cisco-avpair','=','lcp:interface-config=peer default
ip address pool group1\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp
ipcp wins aaa.bbb.1.253\n');
and
insert into USERGROUP values('','[EMAIL PROTECTED]','','group2','5');
Then i can remove group2 description from users file and it works.
But when i do the same with group1 - both groups 1 and 2 stop working.
The difference is that both radgroupcheck and radgroupreply sql queries
now return two attribute sets for group 1 and 2 simultaneously.
I thought that radiusd should follow check items and select the proper
group according to attributes present in the request, but sqlauth module
returns notfound. So the users file and sql tables are not processed in
the same manner. What am i missing?
--
Sincerely Yours,
Alexander
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
