configuring groups in sql tables
Sorry, may be my question was not spelled well. Actually i need to move multiple default entries from users file into sql table. Is it possible to create multiple DEFAULT instances in sql tables istead of placing them in users file like this: DEFAULT Huntgroup-Name == MSK, Realm == domain1.com, Auth-Type := Accept Service-Type = Outbound-User, Tunnel-Type = L2TP, Tunnel-Server-Endpoint = 1.1.1.1, Cisco-AVpair += vpdn:l2tp-tunnel-password=secret1 DEFAULT Huntgroup-Name == MSK, Realm == domain2.com, Auth-Type := Accept Service-Type = Outbound-User, Tunnel-Type = L2TP, Tunnel-Server-Endpoint = 2.2.2.2, Cisco-AVpair += vpdn:l2tp-tunnel-password=secret2 and so on ? Alexander Serkin wrote: Hi, Wther i'm missing something in docs or it is impossible to do more than one groupcheck for the same username by sql. I have two groups which should be authorized differently - group1: DEFAULT Huntgroup-Name == MSK, Realm == domain.com, Auth-Type := Accept Service-Type = Outbound-User, Tunnel-Type = L2TP, Tunnel-Server-Endpoint = xxx.yyy.97.71, Cisco-AVpair += vpdn:l2tp-tunnel-password=secret and group2: DEFAULT Realm == domain.com, NAS-IP-Address == xxx.yyy.117.1 Framed-Protocol = PPP, Service-Type = Framed, Framed-IP-Netmask = 255.255.255.255, cisco-avpair = lcp:interface-config=peer default ip address pool VRFNAM\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp ipcp wins aaa.bbb.1.253\n What i can do: insert into RADGROUPCHECK values('','group2','Realm','==','domain.com'); insert into RADGROUPCHECK values('','group2','NAS-IP-Address','==','xxx.yyy.117.1'); insert into RADGROUPREPLY values('','group2','Framed-Protocol','=','PPP'); insert into RADGROUPREPLY values('','group2','Service-Type','=','Framed'); insert into RADGROUPREPLY values('','group2','Framed-IP-Netmask','=','255.255.255.255'); insert into RADGROUPREPLY values('','group2','cisco-avpair','=','lcp:interface-config=peer default ip address pool group1\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp ipcp wins aaa.bbb.1.253\n'); and insert into USERGROUP values('','[EMAIL PROTECTED]','','group2','5'); Then i can remove group2 description from users file and it works. But when i do the same with group1 - both groups 1 and 2 stop working. The difference is that both radgroupcheck and radgroupreply sql queries now return two attribute sets for group 1 and 2 simultaneously. I thought that radiusd should follow check items and select the proper group according to attributes present in the request, but sqlauth module returns notfound. So the users file and sql tables are not processed in the same manner. What am i missing? -- Sincerely Yours, Alexander Serkin, Moscow Cellular Communications, ph. +7(495)7952089 fa. +7(495)7952084 skype: aserkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuring groups in sql tables
Am Donnerstag, 14. Dezember 2006 09:39 schrieb Alexander Serkin: Sorry, may be my question was not spelled well. Actually i need to move multiple default entries from users file into sql table. Is it possible to create multiple DEFAULT instances in sql tables istead of placing them in users file like this: Perhaps you like to use the SQL-Group test like TestNAS1NAS-IP-Address == xxx.xxx.xxx.xxx SQL-Group == dialup, SQL-Group == adsl in the proxy config. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 pgpwaVJaUeLQY.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuring groups in sql tables
Michael Schwartzkopff пишет: Perhaps you like to use the SQL-Group test like TestNAS1NAS-IP-Address == xxx.xxx.xxx.xxx SQL-Group == dialup, SQL-Group == adsl in the proxy config. Sorry, Michael. Did not understand this quite well. My multiple DEFAULT entries does not depend on NAS. They are mostly defined by Realm - on every specific realm we should accept the request and give different tunnel attributes. So do we need to determine the group by RealmHuntgroup-Name and insert the reply attributes into radgroupreply? That does not fit in my mind, sorry. I need an example :-) -- als - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuring groups in sql tables
Am Donnerstag, 14. Dezember 2006 10:23 schrieb Alexander Serkin: Michael Schwartzkopff пишет: Perhaps you like to use the SQL-Group test like TestNAS1NAS-IP-Address == xxx.xxx.xxx.xxx SQL-Group == dialup, SQL-Group == adsl in the proxy config. Sorry, Michael. Did not understand this quite well. My multiple DEFAULT entries does not depend on NAS. They are mostly defined by Realm - on every specific realm we should accept the request and give different tunnel attributes. So do we need to determine the group by RealmHuntgroup-Name and insert the reply attributes into radgroupreply? That does not fit in my mind, sorry. I need an example :-) No. But you could try to use the SQL-Group Attribute in the check item. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 pgprnBdnwi7qQ.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuring groups in sql tables
Hi, Wther i'm missing something in docs or it is impossible to do more than one groupcheck for the same username by sql. I have two groups which should be authorized differently - group1: DEFAULT Huntgroup-Name == MSK, Realm == domain.com, Auth-Type := Accept Service-Type = Outbound-User, Tunnel-Type = L2TP, Tunnel-Server-Endpoint = xxx.yyy.97.71, Cisco-AVpair += vpdn:l2tp-tunnel-password=secret and group2: DEFAULT Realm == domain.com, NAS-IP-Address == xxx.yyy.117.1 Framed-Protocol = PPP, Service-Type = Framed, Framed-IP-Netmask = 255.255.255.255, cisco-avpair = lcp:interface-config=peer default ip address pool VRFNAM\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp ipcp wins aaa.bbb.1.253\n What i can do: insert into RADGROUPCHECK values('','group2','Realm','==','domain.com'); insert into RADGROUPCHECK values('','group2','NAS-IP-Address','==','xxx.yyy.117.1'); insert into RADGROUPREPLY values('','group2','Framed-Protocol','=','PPP'); insert into RADGROUPREPLY values('','group2','Service-Type','=','Framed'); insert into RADGROUPREPLY values('','group2','Framed-IP-Netmask','=','255.255.255.255'); insert into RADGROUPREPLY values('','group2','cisco-avpair','=','lcp:interface-config=peer default ip address pool group1\nppp ipcp dns aaa.bbb.1.253 aaa.bbb.1.253\nppp ipcp wins aaa.bbb.1.253\n'); and insert into USERGROUP values('','[EMAIL PROTECTED]','','group2','5'); Then i can remove group2 description from users file and it works. But when i do the same with group1 - both groups 1 and 2 stop working. The difference is that both radgroupcheck and radgroupreply sql queries now return two attribute sets for group 1 and 2 simultaneously. I thought that radiusd should follow check items and select the proper group according to attributes present in the request, but sqlauth module returns notfound. So the users file and sql tables are not processed in the same manner. What am i missing? -- Sincerely Yours, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html