(RADIATOR) AuthSQL and VLANs

Hugh Irvine hugh at open.com.au
Mon May 10 19:19:45 CDT 2004 

Hello Antonio -

Your configuration file is not correct, it should look like this (only  
one AddToReply):


<AuthBy SQL>
         Identifier authby_MYSQL
         NoDefault
         NoDefaultIfFound
         DBSource dbi:mysql:DBASE:HOST
         DBUsername radiususername
         DBAuth password
         AuthSelect SELECT Password, user, VLANWireless  from users \
                 where user='%n' AND AccWireless='1'
         AuthColumnDef 0, Encrypted-Password, check
         AuthColumnDef 1, User-Name, reply
         AuthColumnDef 2, Tunnel-Private-Group-ID, reply
         AddToReply Tunnel-Type = "1:VLAN", \
                 Tunnel-Medium-Type = "1:Ether_802"
         DefaultSimultaneousUse 1
</AuthBy>


regards

Hugh


On 11 May 2004, at 03:15, António Fernandes wrote:

> Hi,
>
> I'm trying to setup a radius with VLANs info in MYSQL.
> When I use the auth from a file
>
> user    Password = password
>         Tunnel-Type = "1:VLAN"
>         Tunnel-Medium-Type = "1:Ether_802"
>         Tunnel-Private-Group-ID = "1:2"
>
> i have access to VLAN 2 but when I comment the authby_FILE, it always  
> sends
> me to the default VLAN (defined in the AP default SSID).
>
> SELECT Password, user, VLANWireless  from users where user='%n' AND
> AccWireless='1'
> Returns
>
> <CryptedPass>	user		1:2
>
>
> Thanks,
>
> António Fernandes
>
> --------------------------------------------------------- radius.cfg
>
> <AuthBy SQL>
>         Identifier authby_MYSQL
>         NoDefault
>         NoDefaultIfFound
>         DBSource dbi:mysql:DBASE:HOST
>         DBUsername radiususername
>         DBAuth password
>         AuthSelect SELECT Password, user, VLANWireless  from users  
> where
> user='%n' AND AccWireless='1'
>         AuthColumnDef 0, Encrypted-Password, check
>         AuthColumnDef 1, User-Name, reply
>         AuthColumnDef 2, Tunnel-Private-Group-ID, reply
>         AddToReply Tunnel-Type = "1:VLAN"
>         AddToReply Tunnel-Medium-Type = "1:Ether_802"
>         DefaultSimultaneousUse 1
> </AuthBy>
> <Handler TunnelledByTTLS=1>
>         RewriteUsername s/^([^@]+).*/$1/
>         UsernameCharset a-zA-Z0-9\._\@-
>         AuthByPolicy ContinueUntilAccept
>         AuthBy authby_MYSQL
> #        AuthBy authby_FILE
>         AuthLog log_LocalUsers
> </Handler>
>
>
>
> --------------------------------------------------------- LOG
> *** Sending to 192.168.1.231 port 21645 ....
>
> Packet length = 176
> 02 74 00 b0 b5 9d 10 b5 64 96 e6 21 72 b5 59 c5
> e9 74 d6 45 01 06 61 6d 70 66 51 04 01 32 41 06
> 01 00 00 06 1a 3a 00 00 01 37 10 34 d7 da cd bd
> bf 68 13 6f 69 ba c5 3f dc 81 11 24 69 86 5e f5
> 34 e9 70 62 e1 2c d4 7f a2 d2 b7 50 69 19 69 24
> 48 3c f9 b4 bb e1 51 17 e4 dd 12 81 3a 46 1a 3a
> 00 00 01 37 11 34 98 64 3b d8 eb 97 d4 a6 9c b1
> fd a9 a0 a9 d0 bb 82 d3 46 43 04 9b 7b 78 8e 25
> 28 52 92 55 ad fd 6e 8c 6a 3a 65 18 6c 3a 27 0a
> d5 d4 df b3 77 36 28 13 4f 06 03 07 00 04 50 12
> 7d 10 29 0f cc 5f 39 f6 cf 3d cb 40 48 2a 04 8e
> Code:       Access-Accept
> Identifier: 116
> Authentic:  <211><226><206><153>f<141><222><16>Mi&<187><174><214>G<31>
> Attributes:
>         User-Name = "ampf"
>         Tunnel-Private-Group-ID = 1:2
>         Tunnel-Medium-Type = 1:Ether_802
>         MS-MPPE-Send-Key =
> "<215><218><205><189><191>h<19>oi<186><197>? 
> <220><129><17>$i<134>^<245>4<233
>> pb<225>,<212><127><162><210><183>Pi<25>i$H<<249><180><187><225>Q<23><2 
>> 28><2
> 21><18><129>:F"
>         MS-MPPE-Recv-Key =
> "<152>d; 
> <216><235><151><212><166><156><177><253><169><160><169><208><187><13
> 0><211>FC<4><155>{x<142>%(R<146>U<173><253>n<140>j: 
> e<24>l:'<10><213><212><22
> 3><179>w6(<19>"
>         EAP-Message = <3><7><0><4>
>         Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list