SQL User in multiple group
Pavel D. Kuzin
pk at nodex.ru
Mon Sep 4 12:33:57 CEST 2006
Hello!
I`m have strange trouble.
Radius using Oracle as backend.
in sql i`m have 2 users 500
User belongs in two groups Local and Users
I`m trying to check Service-Type in groups
When User Appears in group Users, auth is ok, but seems it aslo check group Local
Becouse Reply items from this group have in radius answer
Help please.
Why radius checks Local group?
SELECT a.id, a.username, a.attribute, a.value, a.op
FROM hosting.voip_user_check_attrs a
500 User-Password 12345 ==
400 User-Password 12345 ==
SELECT a.id, a.username, a.groupname
FROM hosting.voip_user_group a
2 500 Local
1 500 Users
SELECT a.id, a.groupname, a.attribute, a.op, a.value
FROM hosting.voip_group_check_attrs a
2 Local Service-Type == SIP-Caller-AVPs
1 Users Service-Type == Sip-Session
SELECT a.id, a.groupname, a.attribute, a.op, a.value
FROM hosting.voip_group_reply_attrs a
3 Local SIP-AVP += next_gw:192.168.39.253
4 Local SIP-AVP += have_local:1
Debug:
rad_recv: Access-Request packet from host 127.0.0.1:46998, id=188, length=234
User-Name = "500 at panda.nodex.ru"
Digest-Attributes = "\n\005500"
Digest-Attributes = "\001\020panda.nodex.ru"
Digest-Attributes = "\002*44fbfed76560873b8901225aab710aeb385d84ed"
Digest-Attributes = "\004\024sip:panda.nodex.ru"
Digest-Attributes = "\003\nREGISTER"
Digest-Response = "9917dd6f660e3a05c6337e0c808f6faa"
Service-Type = Sip-Session
Sip-URI-User = "500"
User-Name = "call-id=0-13c4-3881eda0-1b1c-21d"
NAS-Port = 5060
NAS-IP-Address = 127.0.0.1
Mon Sep 4 14:19:23 2006 : Debug: Processing the authorize section of radiusd.conf
Mon Sep 4 14:19:23 2006 : Debug: modcall: entering group authorize for request 3
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3
Mon Sep 4 14:19:23 2006 : Debug: hints: Matched DEFAULT at 39
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: calling auth_log (rlm_detail) for request 3
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: '/usr/local/radius/var/log/radius/radacct/127.0.0.1/auth-detail-20060904'
Mon Sep 4 14:19:23 2006 : Debug: rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/radius/var/log/radius/radacct/127.0.0.1/auth-detail-20060904
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: returned from auth_log (rlm_detail) for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall[authorize]: module "auth_log" returns ok for request 3
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: calling digest (rlm_digest) for request 3
Mon Sep 4 14:19:23 2006 : Debug: rlm_digest: Adding Auth-Type = DIGEST
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: returned from digest (rlm_digest) for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall[authorize]: module "digest" returns ok for request 3
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: calling sql (rlm_sql) for request 3
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: '500'
Mon Sep 4 14:19:23 2006 : Debug: rlm_sql (sql): sql_set_user escaped user --> '500'
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM VOIP_USER_CHECK_ATTRS WHERE Username =
'500' ORDER BY id'
Mon Sep 4 14:19:23 2006 : Debug: rlm_sql (sql): Reserving sql socket id: 1
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: 'SELECT
VOIP_GROUP_CHECK_ATTRS.id,VOIP_GROUP_CHECK_ATTRS.GroupName,VOIP_GROUP_CHECK_ATTRS.Attribute,VOIP_GROUP_CHECK_ATTRS.Value,VOIP_GROUP_CHECK_ATTRS.op
FROM VOIP_GROUP_CHECK_ATTRS,VOIP_USER_GROUP WHERE VOIP_USER_GROUP.Username = '500' AND VOIP_USER_GROUP.GroupName =
VOIP_GROUP_CHECK_ATTRS.GroupName ORDER BY VOIP_GROUP_CHECK_ATTRS.id'
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM VOIP_USER_REPLY_ATTR WHERE Username =
'500' ORDER BY id'
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: 'SELECT
VOIP_GROUP_REPLY_ATTRS.id,VOIP_GROUP_REPLY_ATTRS.GroupName,VOIP_GROUP_REPLY_ATTRS.Attribute,VOIP_GROUP_REPLY_ATTRS.Value,VOIP_GROUP_REPLY_ATTRS.op
FROM VOIP_GROUP_REPLY_ATTRS,VOIP_USER_GROUP WHERE VOIP_USER_GROUP.Username = '500' AND VOIP_USER_GROUP.GroupName =
VOIP_GROUP_REPLY_ATTRS.GroupName ORDER BY VOIP_GROUP_REPLY_ATTRS.id'
Mon Sep 4 14:19:23 2006 : Debug: rlm_sql (sql): Released sql socket id: 1
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authorize]: returned from sql (rlm_sql) for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall[authorize]: module "sql" returns ok for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall: leaving group authorize (returns ok) for request 3
Mon Sep 4 14:19:23 2006 : Debug: rad_check_password: Found Auth-Type DIGEST
Mon Sep 4 14:19:23 2006 : Debug: auth: type "digest"
Mon Sep 4 14:19:23 2006 : Debug: Processing the authenticate section of radiusd.conf
Mon Sep 4 14:19:23 2006 : Debug: modcall: entering group authenticate for request 3
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authenticate]: calling digest (rlm_digest) for request 3
Mon Sep 4 14:19:23 2006 : Debug: rlm_digest: Converting Digest-Attributes to something sane...
Digest-User-Name = "500"
Digest-Realm = "panda.nodex.ru"
Digest-Nonce = "44fbfed76560873b8901225aab710aeb385d84ed"
Digest-URI = "sip:panda.nodex.ru"
Digest-Method = "REGISTER"
Mon Sep 4 14:19:23 2006 : Debug: A1 = 500:panda.nodex.ru:12345
Mon Sep 4 14:19:23 2006 : Debug: A2 = REGISTER:sip:panda.nodex.ru
Mon Sep 4 14:19:23 2006 : Debug: KD =
519a37878f13e1a70683019d3507c065:44fbfed76560873b8901225aab710aeb385d84ed:dc143550193dc2a4ad1c2f68d31dac39
Mon Sep 4 14:19:23 2006 : Debug: modsingle[authenticate]: returned from digest (rlm_digest) for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall[authenticate]: module "digest" returns ok for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall: leaving group authenticate (returns ok) for request 3
Mon Sep 4 14:19:23 2006 : Debug: Processing the post-auth section of radiusd.conf
Mon Sep 4 14:19:23 2006 : Debug: modcall: entering group post-auth for request 3
Mon Sep 4 14:19:23 2006 : Debug: modsingle[post-auth]: calling reply_log (rlm_detail) for request 3
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: '/usr/local/radius/var/log/radius/radacct/127.0.0.1/reply-detail-20060904'
Mon Sep 4 14:19:23 2006 : Debug: rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /usr/local/radius/var/log/radius/radacct/127.0.0.1/reply-detail-20060904
Mon Sep 4 14:19:23 2006 : Debug: modsingle[post-auth]: returned from reply_log (rlm_detail) for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall[post-auth]: module "reply_log" returns ok for request 3
Mon Sep 4 14:19:23 2006 : Debug: modsingle[post-auth]: calling sql (rlm_sql) for request 3
Mon Sep 4 14:19:23 2006 : Debug: rlm_sql (sql): Processing sql_postauth
Mon Sep 4 14:19:23 2006 : Debug: radius_xlat: '500'
Mon Sep 4 14:19:23 2006 : Debug: rlm_sql (sql): sql_set_user escaped user --> '500'
Mon Sep 4 14:19:23 2006 : Debug: modsingle[post-auth]: returned from sql (rlm_sql) for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall[post-auth]: module "sql" returns noop for request 3
Mon Sep 4 14:19:23 2006 : Debug: modcall: leaving group post-auth (returns ok) for request 3
Sending Access-Accept of id 188 to 127.0.0.1 port 46998
SIP-AVP += "next_gw:192.168.39.253"
SIP-AVP += "have_local:1"
Mon Sep 4 14:19:23 2006 : Debug: Finished request 3
--
Pavel D.Kuzin
System Administrator
Nodex ISP
St. Petersburg, Russia
pk at nodex.ru
http://nodex.ru
More information about the Freeradius-Users
mailing list