Hello List, I want to set up freeradius as a proxy for cisco management and dot1x. The attribute to check is NAS-Port-Type. If it's "Ethernet" it's a dot1x request and has to be proxied by one realm configured in proxy.conf. Else it has to be proxied to another realm also configured in proxy.conf for one-time-password authentication.
Further if a specific NAS requests, the request should be accepted by the proxy itself. I got this already working with the users file looking like DEFAULT NAS-Port-Type==Ethernet,NAS-IP-Address==1.1.1.1,Auth-Type:=Accept DEFAULT NAS-Port-Type==Ethernet,Proxy-To-Realm:=Realm1 DEFAULT NAS-IP-Address==1.1.1.1,Auth-Type:=Accept DEFAULT Proxy-To-Realm:=Realm2 But I doesn't get this working using the sql module. My database structure looks like mysql> select * from radcheck; +----+----------+---------------+----+-------+ | id | UserName | Attribute | op | Value | +----+----------+---------------+----+-------+ | 2 | testuser | Password | == | test | | 4 | DEFAULT | NAS-Port-Type | =* | | +----+----------+---------------+----+-------+ 2 rows in set (0.00 sec) mysql> select * from usergroup; +----+----------+------------+ | id | UserName | GroupName | +----+----------+------------+ | 2 | DEFAULT | ProxyMgt | | 3 | DEFAULT | ProxyDOT1x | +----+----------+------------+ 1 row in set (0.00 sec) mysql> select * from radgroupcheck; +----+------------+----------------+----+----------+ | id | GroupName | Attribute | op | Value | +----+------------+----------------+----+----------+ | 4 | ProxyMgt | NAS-Port-Type | == | Virtual | | 5 | ProxyMgt | Proxy-To-Realm | := | Mgt | | 6 | ProxyDOT1x | NAS-Port-Type | == | Ethernet | | 7 | ProxyDOT1x | Proxy-To-Realm | := | PortSec | +----+------------+----------------+----+----------+ 4 rows in set (0.00 sec) mysql> select * from radgroupreply; Empty set (0.00 sec) With this sql configuration, the server proxy management requests but not dot1x requests. In debug it says "No matching entry in the database for request from user". Despite the acceptance of specific NAS requests. The reason I want to realize this configuration with the sql module is, that changes are possible without HUP the process. I've read the documentation which is available for the sql module but the examples described there are not that complex to help with my problem. Can anyone help me to realize the above mentioned configuration of the users file with the sql module? Thanks in advance Cheers Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
