Настройка FreeRadius для авторизации по DCHP Option 82 через Mikrotik
На микротике должен быть поднят DHCP сервер, который обращается к Radius клиенту, который обращается к Radius серверу.
queries.conf :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
sql_user_name = "%{%{Agent-Remote-Id}:-%{%{User-Name}:-DEFAULT}}" authorize_check_query = "\ SELECT id, username, attribute, value, op \ FROM ${authcheck_table} \ WHERE REPLACE(mac,':','') = REPLACE(REPLACE('%{SQL-User-Name}','0x',''),':','') and sw_port=''\ UNION ALL select id,username,attribute,value,op from radcheck where upper(sw_mac)=upper(REPLACE('%{Agent-Remote-Id}','0x','')) and upper(sw_port)=upper(RIGHT('%{Agent-Circuit-Id}',2))" authorize_reply_query = "\ SELECT id, username, attribute, value, op \ FROM ${authreply_table} \ WHERE REPLACE(mac,':','') = REPLACE(REPLACE('%{SQL-User-Name}','0x',''),':','') and sw_port=''\ UNION ALL select id,username,attribute,value,op from radreply where upper(sw_mac)=upper(REPLACE('%{Agent-Remote-Id}','0x','')) and upper(sw_port)=upper(RIGHT('%{Agent-Circuit-Id}',2))" |
В sites-enabled/default :
|
1 2 3 4 5 6 |
authorize { update control { Auth-Type := Accept } ... |
Ой, микротик по английски не так пишется)
Да лень исправлять, видел 😉
Совесть загрызла, таки поправил..
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[118]: Failed parsing expanded string:
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[118]: …(mac, ‘:’, ») = REPLACE (REPLACE (‘% {SQL-User-Name}’, ‘0x’, »), ‘:’, ») and sw_port = »…
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[118]: ^ Invalid variable expansion
root@radius:/etc/freeradius/3.0/sites-enabled# vim /etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf
etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[118]: Failed parsing expanded string:
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[118]: …(mac, ‘:’, ») = REPLACE (REPLACE (‘% {SQL-User-Name}’, ‘0x’, »), ‘:’, ») and sw_port = »…
/etc/freeradius/3.0/mods-config/sql/main/mysql/queries.conf[118]: ^ Invalid variable expansion