Multiple groups via hints file and rlm_sql
This is a discussion on Multiple groups via hints file and rlm_sql within the FreeRADIUS Users forums, part of the Networking and Network Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C53057.F6CC3729 Content-Type: text/plain; charset="iso-8859-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-24-2005
|
|||
|
|||
Multiple groups via hints file and rlm_sql
This is a multi-part message in MIME format.
------_=_NextPart_001_01C53057.F6CC3729 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, I'm currently using freeradius 1.0.2 with a mysql database for = authorization. Because I have multiple client applications I use the = hints file to define groups based on Client-IP-Address: DEFAULT Client-IP-Address =3D=3D a.b.c.d Group =3D webmail DEFAULT Client-IP-Address =3D=3D e.f.g.h Group =3D vpnadmin, Group +=3D vpnuser The client e.f.g.h differentiates between users and admins. Whether the = user is an normal user or an admin is defined by the returned attributes = from radiusd which are handled by groups in the mysql database. I have = the problem that only the first group (vpnadmin) is queried by the sql = statements which I use. I tried to use Group =3D "'vpnadmin','vpnuser'" = and change my WHERE clause to use IN instead of =3D, but then I had a = problem with escaped characters. My SQL statements are the following: authorize_check_query =3D "SELECT = ${authcheck_table}.id,${authcheck_table}.UserName, ${authcheck_table}.Attr= ibute,${authcheck_table}.Value,${authcheck_table}. op FROM = ${authcheck_table},${usergroup_table} WHERE ${authcheck_table}.Username = =3D ${usergroup_table}.UserName AND ${authcheck_table}.Username =3D = '%{SQL-User-Name}' AND ${usergroup_table}.LifeTime > NOW() AND = ${usergroup_table}.AuthFailsLeft AND ${usergroup_table}.GroupName =3D = '%{Group}' > 0 ORDER BY ${authcheck_table}.id" authorize_group_check_query =3D "SELECT = ${groupcheck_table}.id,${groupcheck_table}.GroupNa me,${groupcheck_table}.= Attribute,${groupcheck_table}.Value,${groupcheck_t able}.op FROM = ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = =3D '%{SQL-User-Name}' AND ${usergroup_table}.GroupName =3D = ${groupcheck_table}.GroupName AND ${usergroup_table}.LifeTime > NOW() = AND ${usergroup_table}.AuthFailsLeft > 0 AND = ${usergroup_table}.GroupName =3D '%{Group}' ORDER BY = ${groupcheck_table}.id" =20 authorize_reply_query and authorize_group_reply_query look alike. I have extended the mysql database scheme a little bit (especially = usergroup), here are my table descriptions: mysql> desc radcheck; +-----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------+------------------+------+-----+---------+----------------+ | id | int(11) unsigned | | PRI | NULL | auto_increment | | UserName | varchar(64) | | MUL | | | | Attribute | varchar(32) | | | | | | op | char(2) | | | =3D=3D | = | | Value | varchar(253) | | | | | +-----------+------------------+------+-----+---------+----------------+ 5 rows in set (0.00 sec) mysql> desc radgroupcheck; +-----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------+------------------+------+-----+---------+----------------+ | id | int(11) unsigned | | PRI | NULL | auto_increment | | GroupName | varchar(64) | | MUL | | | | Attribute | varchar(32) | | | | | | op | char(2) | | | =3D=3D | = | | Value | varchar(253) | | | | | +-----------+------------------+------+-----+---------+----------------+ 5 rows in set (0.00 sec) mysql> desc usergroup; +---------------+------------------+------+-----+---------------------+--= --------------+ | Field | Type | Null | Key | Default | = Extra | +---------------+------------------+------+-----+---------------------+--= --------------+ | id | int(11) unsigned | | PRI | NULL | = auto_increment | | UserName | varchar(64) | | MUL | | = | | GroupName | varchar(64) | | | | = | | LifeTime | datetime | | | 0000-00-00 00:00:00 | = | | AuthFailsLeft | int(11) | | | 1 | = | +---------------+------------------+------+-----+---------------------+--= --------------+ 5 rows in set (0.00 sec) Any pointers for me? Thanks for your help! Daniel ------_=_NextPart_001_01C53057.F6CC3729 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 6.5.7226.0"> <TITLE>Multiple groups via hints file and rlm_sql</TITLE> </HEAD> <BODY> <!-- Converted from text/rtf format --> <P><FONT SIZE=3D2 FACE=3D"Courier New">Hi,</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">I'm currently using freeradius = 1.0.2 with a mysql database for authorization. Because I have multiple = client applications I use the hints file to define groups based on = Client-IP-Address:</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Courier = New">DEFAULT &n bsp; = Client-IP-Address =3D=3D a.b.c.d</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New"> &nb sp; &n= bsp; Group =3D webmail</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier = New">DEFAULT &n bsp; = Client-IP-Address =3D=3D e.f.g.h</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New"> &nb sp; &n= bsp; Group =3D vpnadmin,</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New"> &nb sp; &n= bsp; Group +=3D vpnuser</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">The client e.f.g.h differentiates = between users and admins. Whether the user is an normal user or an admin = is defined by the returned attributes from radiusd which are handled by = groups in the mysql database. I have the problem that only the first = group (vpnadmin) is queried by the sql statements which I use. I tried = to use Group =3D "'vpnadmin','vpnuser'" and change my WHERE = clause to use IN instead of =3D, but then I had a problem with escaped = characters.</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Courier New">My SQL statements are the = following:</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">authorize_check_query =3D = "SELECT = ${authcheck_table}.id,${authcheck_table}.UserName, ${authcheck_table}.Attr= ibute,${authcheck_table}.Value,${authcheck_table}. op FROM = ${authcheck_table},${usergroup_table} WHERE ${authcheck_table}.Username = =3D ${usergroup_table}.UserName AND ${authcheck_table}.Username =3D = '%{SQL-User-Name}' AND ${usergroup_table}.LifeTime > NOW() AND = ${usergroup_table}.AuthFailsLeft AND ${usergroup_table}.GroupName =3D = '%{Group}' > 0 ORDER BY ${authcheck_table}.id"</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Courier New">authorize_group_check_query =3D = "SELECT = ${groupcheck_table}.id,${groupcheck_table}.GroupNa me,${groupcheck_table}.= Attribute,${groupcheck_table}.Value,${groupcheck_t able}.op FROM = ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = =3D '%{SQL-User-Name}' AND ${usergroup_table}.GroupName =3D = ${groupcheck_table}.GroupName AND ${usergroup_table}.LifeTime > NOW() = AND ${usergroup_table}.AuthFailsLeft > 0 AND = ${usergroup_table}.GroupName =3D '%{Group}' ORDER BY = ${groupcheck_table}.id"</FONT></P> <P><FONT SIZE=3D2 FACE=3D"Courier New"></FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">authorize_reply_query and = authorize_group_reply_query look alike.</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">I have extended the mysql = database scheme a little bit (especially usergroup), here are my table = descriptions:</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">mysql> desc radcheck;</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+-----------+------------------+------+-----+---------+-------------= ---+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| Field = | = Type &nbs p; &nb= sp; | Null | Key | Default | = Extra &nb sp; |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+-----------+------------------+------+-----+---------+-------------= ---+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = id | int(11) unsigned = | | PRI | NULL | = auto_increment |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| UserName | = varchar(64) = | | MUL = |   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| Attribute | = varchar(32) = | | = |   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = op | = char(2) & nbsp; = | | | = =3D=3D = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| Value = | varchar(253) | = | = |   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+-----------+------------------+------+-----+---------+-------------= ---+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">5 rows in set (0.00 sec)</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">mysql> desc = radgroupcheck;</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+-----------+------------------+------+-----+---------+-------------= ---+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| Field = | = Type &nbs p; &nb= sp; | Null | Key | Default | = Extra &nb sp; |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+-----------+------------------+------+-----+---------+-------------= ---+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = id | int(11) unsigned = | | PRI | NULL | = auto_increment |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| GroupName | = varchar(64) = | | MUL = |   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| Attribute | = varchar(32) = | | = |   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = op | = char(2) & nbsp; = | | | = =3D=3D = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| Value = | varchar(253) | = | = |   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+-----------+------------------+------+-----+---------+-------------= ---+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">5 rows in set (0.00 sec)</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">mysql> desc usergroup;</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+---------------+------------------+------+-----+-------------------= --+----------------+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = Field &nb sp; | = Type &nbs p; &nb= sp; | Null | Key | = Default & nbsp; = | Extra &nb sp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+---------------+------------------+------+-----+-------------------= --+----------------+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = id | = int(11) unsigned | | PRI | = NULL &nbs p; &nb= sp; | auto_increment |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = UserName | = varchar(64) = | | MUL = | & nbsp; =   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = GroupName | = varchar(64) = | | = | & nbsp; =   ; = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| = LifeTime | = datetime = | | | 0000-00-00 = 00:00:00 = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">| AuthFailsLeft | = int(11) & nbsp; = | | | = 1 & nbsp; = = | & nbsp; = |</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier = New">+---------------+------------------+------+-----+-------------------= --+----------------+</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">5 rows in set (0.00 sec)</FONT> </P> <BR> <P><FONT SIZE=3D2 FACE=3D"Courier New">Any pointers for me?</FONT> <BR><FONT SIZE=3D2 FACE=3D"Courier New">Thanks for your help!</FONT> </P> <P><FONT SIZE=3D2 FACE=3D"Courier New">Daniel</FONT> </P> <BR> </BODY> </HTML> ------_=_NextPart_001_01C53057.F6CC3729-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
