这是我在copy-acct-to-home-server中部署的代码段。基本上检查用户名是否带有“ @”符号...如果是,则从比较NAS-IP-Address的mysql表中提取寻线组。最后,如果查询结果不为null,则它将更新Proxy-to-Realm。
if(request:User-Name =~ /@/){
update control {
SQLQueryResult := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'}" }
if( %{control:SQLQueryResult} != '') {
update control {
Proxy-To-Realm := SQLQueryResult } }
}
此代码无法正常运行。这是针对真假条件的调试消息摘要结果
当从数据库中提取某些值时,应该为代理到领域分配适当的值(但是它不起作用)
Acct-Session-Id = "5CD8CA8B-0012B000"
Framed-IP-Address = host.ip.address.local
Acct-Multi-Session-Id = "24c9a18012b85c514f44f9715cd8ca8b085b"
Acct-Link-Count = 1
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "[email protected]"
NAS-IP-Address = some.ip.add.NAS
NAS-Identifier = "CustomNASID"
.........
--> [email protected]
(6) SQL-User-Name set to '[email protected]'
rlm_sql (sql): Reserved connection (5)
(6) EXPAND /var/log/freeradius/sqllog.sql
(6) --> /var/log/freeradius/sqllog.sql
(6) Executing select query: SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='some.ip.add.NAS'
rlm_sql (sql): Released connection (5)
(6) EXPAND %{sql:SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'}
(6) --> customRealm
(6) SQLQueryResult := customRealm
(6) } # update control = noop
(6) if ( %{control:SQLQueryResult} != '') {
(6) if ( %{control:SQLQueryResult} != '') -> TRUE
(6) if ( %{control:SQLQueryResult} != '') {
(6) update control {
(6) No attributes updated
(6) } # update control = noop
(6) } # if ( %{control:SQLQueryResult} != '') = noop
(6) } # if (request:User-Name =~ /@/) = noop
(6) } # preacct = ok
从日志中可以看出,即使两个if条件都为真(用户名包含@并且SQLQueryResult不为null),也不会使用从数据库中获取的值更新属性proxy-to-realm。
即使在没有从数据库中获取任何值的情况下,条件似乎都为真。这是日志片段。
Acct-Session-Id = "5CD8C9F7-C1DA2D04" Framed-IP-Address = host.ip.address.local Acct-Multi-Session-Id = "441e98b16388185680b4a7355cd8c9f7000a" Acct-Link-Count = 5 Acct-Status-Type = Interim-Update Acct-Authentic = RADIUS User-Name = "user@somedomain" NAS-IP-Address = some.ip.address.nas ........... Executing section preacct from file /etc/freeradius/3.0/sites-enabled/copy-acct-to-home-server (8) preacct { (8) [preprocess] = ok (8) if (request:User-Name =~ /@/){ (8) if (request:User-Name =~ /@/) -> TRUE (8) if (request:User-Name =~ /@/) { (8) update control { (8) EXPAND %{User-Name} (8) --> [email protected] (8) SQL-User-Name set to '[email protected]' rlm_sql (sql): Reserved connection (6) (8) EXPAND /var/log/freeradius/sqllog.sql (8) --> /var/log/freeradius/sqllog.sql (8) Executing select query: SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='nas.ip.address.local' (8) SQL query returned no results rlm_sql (sql): Released connection (6) (8) EXPAND %{sql:SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'} (8) --> (8) SQLQueryResult := (8) } # update control = noop (8) if ( %{control:SQLQueryResult} != '') { (8) if ( %{control:SQLQueryResult} != '') -> TRUE (8) if ( %{control:SQLQueryResult} != '') { (8) update control { (8) No attributes updated (8) } # update control = noop (8) } # if ( %{control:SQLQueryResult} != '') = noop (8) } # if (request:User-Name =~ /@/) = noop (8) } # preacct = ok
奇怪的是,尽管它没有从数据库中获取任何值如果条件(SQLQueryResult!='')在这种情况下应该为假,则第二个条件被评估为true。
属性SQLQueryResult已在字典中定义为字符串。
我不确定我在这里缺少什么...似乎很简单。向专家寻求帮助。
这是我在copy-acct-to-home-server中部署的代码段。基本上检查用户名是否带有“ @”符号...如果是,则从比较NAS-IP-Address的mysql表中提取寻线组。...
这里有几个问题。