[Help-gnu-radius] Reply attributes using mysql auth

[Robin Brown]

Hello,

I've just started to implement GNU radius and I'm having an issue trying to
set the Cisco-AVPair in a reply to the requesting NAS.

Using radius-1.2 and mysql.  In the attrib mysql table I have

user_name= user
attr=Cisco-AVPair
value=shell:priv-lvl=15
op=

While the user can get authenticated, authorization fails and the privilege
level is not set.  In the radius.log file I am getting SQL: invalid operator
when the op field is set to null.

After reading through the SQL authorization docs I thought that if the op
field was NULL in the attrib table that the entry would be returned when the
reply_attr_query was executed.  It's not working, and when there is a NULL
in the op field I get the SQL error.

Can I get some direction on how I can set the privilege level with a Cisco
NAS using SQL auth?  I was able to get this part to work with ICRadius,
however ICRadius appears to not support the rewrite functions which I will
need.  That's why I'm trying GNU radius.

Also, when the mysql tables were setup, the attrib table does not have a
primary key.  Which field is best to use as that?

Thanks and regards,
Robin