A resposta de NickW, em teoria, deveria funcionar. No entanto, por algum motivo, ele trabalhou usando um radtest, mas falhou quando eu authed via o AP. Estou usando o EAP, portanto, wpa2-enterpise com um certificado assinado. (Eu segui este guia , note que estou usando um servidor centos não Ubuntu)
Acabei indo para o meu site-enabled / default, na seção de pós-autenticação eu adicionei isso antes do meu sqlippool.
update control {
Pool-Name := "%{sql:select value from radgroupcheck left join radhuntgroup on (radhuntgroup.groupname=radgroupcheck.groupname) where radhuntgroup.nasipaddress ='%{NAS-IP-Address}'}"
}
Meu layout de tabela é padrão, eu adicionei o radhuntgroup como sugerido por NickW, então combinei isso com a minha tabela radgroupcheck, como tal
radhuntgroup:
id | groupname | nasipaddress | nasportid
----+--------------+--------------+-----------
1 | South Africa | 10.xx.xx.xx |
2 | Mozambique | 10.xx.xx.xx |
radgroupcheck:
id | groupname | attribute | op | value
----+--------------+-----------+----+------------
4 | South Africa | Pool-Name | := | ZA_IP_POOL
7 | Mozambique | Pool-Name | := | MZ_IP_POOL
Então o resultado no meu radiusd -X é o seguinte
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
sql_xlat
expand: %{User-Name} -> robert@test
sql_set_user escaped user --> 'robert@test'
expand: select value from radgroupcheck left join radhuntgroup on (radhuntgroup.groupname=radgroupcheck.groupname) where radhuntgroup.nasipaddress ='%{NAS-IP-Address}' -> select value from radgroupcheck left join radhuntgroup on (radhuntgroup.groupname=radgroupcheck.groupname) where radhuntgroup.nasipaddress ='10.53.0.7'
expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: select value from radgroupcheck left join radhuntgroup on (radhuntgroup.groupname=radgroupcheck.groupname) where radhuntgroup.nasipaddress ='10.53.0.7'
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
sql_xlat finished
rlm_sql (sql): Released sql socket id: 4
expand: %{sql:select value from radgroupcheck left join radhuntgroup on (radhuntgroup.groupname=radgroupcheck.groupname) where radhuntgroup.nasipaddress ='%{NAS-IP-Address}'} -> ZA_IP_POOL
++[control] returns noop
rlm_sql (sql): Reserving sql socket id: 3
[sqlippool] expand: %{User-Name} -> robert@test
[sqlippool] sql_set_user escaped user --> 'robert@test'
[sqlippool] expand: START TRANSACTION -> START TRANSACTION
rlm_sql_postgresql: query: START TRANSACTION
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 0
[sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', expiry_time = 'now'::timestamp(0) - '1 second'::interval WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '%{NAS-Port}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', expiry_time = 'now'::timestamp(0) - '1 second'::interval WHERE nasipaddress = '10.53.0.7' AND pool_key = ''
rlm_sql_postgresql: query: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', expiry_time = 'now'::timestamp(0) - '1 second'::interval WHERE nasipaddress = '10.53.0.7' AND pool_key = ''
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
[sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < 'now'::timestamp(0) ORDER BY (username <> '%{SQL-User-Name}'), (callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'ZA_IP_POOL' AND expiry_time < 'now'::timestamp(0) ORDER BY (username <> 'robert@test'), (callingstationid <> '38-AA-3C-5E-7E-40'), expiry_time LIMIT 1 FOR UPDATE
rlm_sql_postgresql: query: SELECT framedipaddress FROM radippool WHERE pool_name = 'ZA_IP_POOL' AND expiry_time < 'now'::timestamp(0) ORDER BY (username <> 'robert@test'), (callingstationid <> '38-AA-3C-5E-7E-40'), expiry_time LIMIT 1 FOR UPDATE
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{SQL-User-Name}', expiry_time = 'now'::timestamp(0) + '18000 second'::interval WHERE framedipaddress = '10.53.0.111' -> UPDATE radippool SET nasipaddress = '10.53.0.7', pool_key = '', callingstationid = '38-AA-3C-5E-7E-40', username = 'robert@test', expiry_time = 'now'::timestamp(0) + '18000 second'::interval WHERE framedipaddress = '10.53.0.111'
rlm_sql_postgresql: query: UPDATE radippool SET nasipaddress = '10.53.0.7', pool_key = '', callingstationid = '38-AA-3C-5E-7E-40', username = 'robert@test', expiry_time = 'now'::timestamp(0) + '18000 second'::interval WHERE framedipaddress = '10.53.0.111'
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
[sqlippool] Allocated IP 10.53.0.111 [6f00350a]
[sqlippool] expand: COMMIT -> COMMIT
Espero que esta informação possa ajudar alguém a passar pela mesma luta que passei.