1
我嘗試將自定義屬性設置爲回覆項目(我想將自定義信息添加到「訪問接受」數據包)時遇到了死衚衕。 在試圖做到這一點,我碰到這個條目:freeradius(MySQL config)將自定義屬性添加到回覆項目
# If you want to add entries to the dictionary file,
# which are NOT going to be placed in a RADIUS packet,
# add them to the 'dictionary.local' file.
#
# The numbers you pick should be between 3000 and 4000.
# These attributes will NOT go into a RADIUS packet.
#
# If you want that, you will need to use VSAs. This means
# requesting allocation of a Private Enterprise Code from
# http://iana.org. We STRONGLY suggest doing that only if
# you are a vendor of RADIUS equipment.
#
# See RFC 6158 for more details.
# http://ietf.org/rfc/rfc6158.txt
所以我理解的通常的做法應該如何。
但是我的基礎架構是分階段設置的,而且問題中的radius服務器已經放置在「裏面」了,所以我不明白爲什麼我不能在兩端設置或覆蓋未使用的屬性這是第二次內部認證步驟。
谷歌周圍我發現了幾個關於如何設置這種類型的東西與1.x版本Freeradius基於用戶文件的方法,而不是任何新版本的線程。
我建議仍然可以使用freeradius-server-3.0.10嗎? 如果是這樣,我該如何去實施這個?
當前狀態: 我已經添加了我的屬性「教員」的字典和相應的DB,導致RADIUS服務器(映射從數據庫到目錄中,即設置一個字符串設定整數榮& MECH)。查找並評估在「radreply」(這裏::= MECH)和「radgroupreply」(這裏+ = EI)中設置的屬性。
...
rlm_sql (sql1): Reserved connection (5)
(1) sql1: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' AND active > '0' AND active < '3' ORDER BY id(1) sql1: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '*username*' AND active > '0' AND active < '3' ORDER BY id
(1) sql1: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '*username*' AND active > '0' AND active < '3'ORDER BY id
(1) sql1: User found in radcheck table
(1) sql1: Conditional check items matched, merging assignment check items
(1) sql1: Cleartext-Password := "*password*"
(1) sql1: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql1: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = '*username*' ORDER BY id
(1) sql1: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '*username*' ORDER BY id
(1) sql1: User found in radreply table, merging reply items
(1) sql1: faculty := MECH
(1) sql1: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(1) sql1: --> SELECT groupname FROM radusergroup WHERE username = '*username*' ORDER BY priority
(1) sql1: Executing select query: SELECT groupname FROM radusergroup WHERE username = '*username*' ORDER BY priority
(1) sql1: User found in the group table
(1) sql1: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id
(1) sql1: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'vid100' ORDER BY id
(1) sql1: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'vid100' ORDER BY id
(1) sql1: Group "vid100": Conditional check items matched
(1) sql1: Group "vid100": Merging assignment check items
(1) sql1: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id
(1) sql1: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'vid100' ORDER BY id
(1) sql1: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'vid100' ORDER BY id
(1) sql1: Group "vid100": Merging reply items
(1) sql1: Tunnel-Type = VLAN
(1) sql1: Tunnel-Medium-Type = IEEE-802
(1) sql1: Tunnel-Private-Group-Id = "100"
(1) sql1: faculty += EI
rlm_sql (sql1): Released connection (5)
...
的敏銳的觀察者也會注意到一些變化「radcheck」查詢,但這種變化是不相關的手頭的話題。 因此,服務器獲取信息,但我還沒有找到一種方法將其包括到答覆呢。
(1) Sent Access-Accept Id 81 from **IP-Radius-server**:*port* to **IP-supplicant**:*port* length 0
(1) Tunnel-Type = VLAN
(1) Tunnel-Medium-Type = IEEE-802
(1) Tunnel-Private-Group-Id = "100"
(1) Finished request
任何幫助或指針將不勝感激:) 菲利克斯
是或Class,這意味着它也可用於記帳數據包。 –