Freeradius & MySQL: atr_rewrite

Hallo,

Ik gebruik freeradius om clients op een PPPoE server te authoriseren op een MikroTik V2.8 RouterOS, maar nu wil ik ook de Wireless MAC lijst via radius laten authoriseren het probleem is echter dat deze beide de attribute User-Name gebruiken. Nu heeft dit als gevolg dat hij wil kijken of de gebruik er bestaat in de database van usernames van de PPPoE accounts, maar ik wil dit graag in een andere tabel hebben binnen de database. Nu kun je volgens mij met attr_rewrite een packet herschrijven maar dit haalt tot nu toe nog niets uit.

even voor de duidelijk heid ik gebruik freeradius 1.0 ism MySQL 4 onder FC2

hieronder een deel van mij freeradius.conf

declaratie module macauth


_{attr_rewrite macauth {
attribute = User-Name
searchin = packet
searchfor = ":"
replacewith = "-"
new_attribute = yes
append = yes
}}


hier zeg ik dat hij tijdens het authoriseren de module macauth moet gebruiken


<sub>authorize {
#
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
#
# It takes care of processing the 'raddb/hints' and the
# 'raddb/huntgroups' files.
#
# It also adds the %{Client-IP-Address} attribute to the request.
preprocess
#
# If you want to have a log of authentication requests,
# un-comment the following line, and the 'detail auth_log'
# section, above.
# auth_log

macauth</sub>



een request van een draadloze client op de radius server


_{rad_recv: Access-Request packet from host 62.221.***.***:1028, id=93, length=79
Service-Type = Framed-User
NAS-Identifier = "*****.****.nl"
NAS-Port-Id = "wlan3"
User-Name = "00:02:6F:05:68:4C"
User-Password = ""
NAS-IP-Address = 62.221.****.***
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
modcall[authorize]: module "preprocess" returns ok for request 17
radius_xlat: '-'
rlm_attr_rewrite: Added attribute User-Name with value '-'
modcall[authorize]: module "macauth" returns ok for request 17
modcall[authorize]: module "attr_filter" returns noop for request 17
modcall[authorize]: module "chap" returns noop for request 17
modcall[authorize]: module "mschap" returns noop for request 17
rlm_realm: No '@' in User-Name = "00:02:6F:05:68:4C", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 17
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 17
radius_xlat: '00:02:6F:05:68:4C'
rlm_sql (sql): sql_set_user escaped user --> '00:02:6F:05:68:4C'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:02:6F:05:68:4C' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:02:6F:05:68:4C' ORDER BY id
rlm_sql (sql): User 00:02:6F:05:68:4C not found in radcheck
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,radusergroup WHERE radusergroup.Username = '00:02:6F:05:68:4C' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,radusergroup WHERE radusergroup.Username = '00:02:6F:05:68:4C' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,radusergroup WHERE radusergroup.Username = '00:02:6F:05:68:4C' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,radusergroup WHERE radusergroup.Username = '00:02:6F:05:68:4C' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): User 00:02:6F:05:68:4C not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns notfound for request 17
modcall: group authorize returns ok for request 17
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Delaying request 17 for 1 seconds
Finished request 17}


nu wil ik dus van de volgende regel


_{User-Name = "00:02:6F:05:68:4C"}


deze regel maken


_{MAC = "00:02:6F:05:68:4C"}


iemand een idee hoe ik dit kan doen?

bvd

Johan