white list for nas-ipaddress
Dimitrios Giannakopoulos
d.giannakop at gmail.com
Tue Jul 28 20:25:39 CEST 2009
The problem is that the sql module returns reject
you can remove the sql from authorization
On Tue, Jul 28, 2009 at 8:53 PM, Miguel
Miranda<miguel.mirandag at gmail.com> wrote:
> Hi, i want to accept all request coming from a specific nas-ip-assdress , i
> used to configure like this (in users file):
>
> DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept
> Fall-Through = Yes
> The above settings are not working now, this is the debug of a transaction:
>
> rad_recv: Access-Request packet from host 192.168.150.25 port 1645, id=52,
> length=94
> NAS-IP-Address = 192.168.150.25
> NAS-Port = 108
> NAS-Port-Type = Async
> User-Name = "123.com.sv"
> Called-Station-Id = "22660321"
> Calling-Station-Id = "22264218"
> User-Password = "cisco"
> Service-Type = Dialout-Framed-User
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[files] returns noop
> expand: %{User-Name} -> 123.com.sv
> [sql] sql_set_user escaped user --> '123.com.sv'
> rlm_sql (sql): Reserving sql socket id: 22
> expand: SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
> -> SELECT id, username, attribute, value, op FROM
> radcheck WHERE username = '123.com.sv' ORDER BY id
> expand: SELECT groupname FROM radusergroup WHERE
> username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
> groupname FROM radusergroup WHERE username =
> '123.com.sv' ORDER BY priority
> rlm_sql (sql): Released sql socket id: 22
> [sql] User 123.com.sv not found
> ++[sql] returns notfound
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this.
> ++[pap] returns noop
> No authenticate method (Auth-Type) configuration found for the request:
> Rejecting the user
> Failed to authenticate the user.
> Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli 22264218)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> expand: %{User-Name} -> 123.com.sv
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 1 for 1 seconds
> Going to the next request
>
>
> Im using freeradius 2 and daloradius 0.9, and this a extract of relevant
> radius.conf settings:
>
> authorize {
> preprocess
> chap
> mschap
> suffix
> eap {
> ok = return
> }
>
> files
> sql
> expiration
> logintime
> pap
> }
>
>
>
> authenticate {
> Auth-Type PAP {
> pap
> }
>
> Auth-Type CHAP {
> chap
> }
>
> Auth-Type MS-CHAP {
> mschap
> }
> eap
> }
>
>
> preacct {
> preprocess
> acct_unique
> suffix
> files
> }
>
> accounting {
> detail
> sql
> attr_filter.accounting_response
> }
>
>
> session {
> radutmp
> }
>
>
> post-auth {
>
>
>
>
>
> exec
>
> Post-Auth-Type REJECT {
> attr_filter.access_reject
> }
> }
>
> post-proxy {
> eap
> }
>
>
> From the debug it appears that users file is not being processed correctly,
> what should i check?
> regards
> Miguel Miranda
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list