Invalid Attributes
Moayad Mohammad
mmohammad at thebluezone.com
Mon Jun 21 15:24:29 CEST 2010
Thanks for your response, I want to upload new dictionary for wichrous
system, because wichorus has their own standard dictionary and wimax
dictionary doesn't work with wichorus ASN-GW
Regards,
-----Original Message-----
From:
freeradius-users-bounces+mmohammad=thebluezone.com at lists.freeradius.org
[mailto:freeradius-users-bounces+mmohammad=thebluezone.com at lists.freeradius.
org] On Behalf Of freeradius-users-request at lists.freeradius.org
Sent: Monday, June 21, 2010 3:42 PM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 62, Issue 87
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Invalid Attributes (Moayad Mohammad)
2. Re: Invalid Attributes (Alan DeKok)
3. Re: checkval and != op (Alan DeKok)
4. Re: checkval and != op (Christian Zoffoli)
----------------------------------------------------------------------
Message: 1
Date: Mon, 21 Jun 2010 14:35:13 +0300
From: "Moayad Mohammad" <mmohammad at thebluezone.com>
Subject: Invalid Attributes
To: <freeradius-users at lists.freeradius.org>
Message-ID: <006b01cb1135$d228f6f0$767ae4d0$@com>
Content-Type: text/plain; charset="us-ascii"
Hi to all,
I have to add wichorus dictionary for WiMAX, but in this
dictionary some attributes are invalid to freeradius.
for example: parent_attr and subtype values.
In the below sample of the dictionary:
VENDOR Wimax 24757
BEGIN-VENDOR Wimax
ATTRIBUTE Wimax-Capability 1 octets
ATTRIBUTE Wimax-Capability-Release 1 string parent_attr=Wimax-Capability
subtype=1
ATTRIBUTE Wimax-Capability-Accounting 1 octets
parent_attr=Wimax-Capability subtype=2
ATTRIBUTE Wimax-Capability-Hotlining 1 octets parent_attr=Wimax-Capability
subtype=3
ATTRIBUTE Wimax-Capability-Idle-Mode-Notification 1 octets
parent_attr=Wimax-Capability subtype=4
What I should to do?
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.freeradius.org/pipermail/freeradius-users/attachments/2010062
1/22722f74/attachment.html>
------------------------------
Message: 2
Date: Mon, 21 Jun 2010 13:46:05 +0200
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: Invalid Attributes
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4C1F50FD.4000606 at deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
Moayad Mohammad wrote:
> I have to add wichorus dictionary for WiMAX, but in this
> dictionary some attributes are invalid to freeradius.
>
> for example: parent_attr and subtype values.
Yes... those are not part of FreeRADIUS.
> What I should to do?
Read the documentation for how dictionaries are formatted, and create
the dictionary using the correct format.
Or, *read the dictionary that is included with FreeRADIUS*.
The server ships with a WiMAX dictionary. It's beyond me why you're
trying to replace it with one from another vendor.
Alan DeKok.
------------------------------
Message: 3
Date: Mon, 21 Jun 2010 13:50:08 +0200
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: checkval and != op
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4C1F51F0.6020900 at deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
Christian Zoffoli wrote:
> mysql> SELECT * FROM radcheck WHERE username='bumlwdgx';
...
> mysql> SELECT * FROM radusergroup WHERE username='bumlwdgx';
<sigh> You asked about radgroupcheck. Why post this?
> SELECT * FROM radgroupcheck WHERE groupname='wireless';
> +----+-----------+--------------------+----+-------------------+
> | id | groupname | attribute | op | value |
> +----+-----------+--------------------+----+-------------------+
> | 18 | wireless | Calling-Station-Id | != | 00-22-15-16-35-B0 |
Which is OK, and should work.
> rad_recv: Access-Request packet from host 127.0.0.1 port 34220, id=1,
> length=298
> ChilliSpot-Version = "1.2.2"
> User-Name = "bumlwdgx"
> CHAP-Challenge = 0x777d7fc0c28a480f750e1f5506c3ccd7
> CHAP-Password = 0x008617e203333f1fc66b2cacc4cbbe2255
> NAS-IP-Address = 192.168.182.1
> Service-Type = Login-User
> Framed-IP-Address = 192.168.182.2
> Calling-Station-Id = "00-22-15-16-35-B0"
Which shouldn't match the entry in radgroupcheck.
> expand: SELECT id, groupname, attribute, Value, op
> FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
> ORDER BY id -> SELECT id, groupname, attribute, Value, op
> FROM radgroupcheck WHERE groupname = 'wireless'
> ORDER BY id
> rlm_sql (sql): Released sql socket id: 0
Which doesn't match, as expected.
> ++[sql] returns ok
> rlm_checkval: Item Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
> rlm_checkval: Could not find attribute named Calling-Station-Id in check
> pairs
Of *course* this doesn't work. You didn't add a Calling-Station-Id to
the check pairs.
I told you that the behavior of rlm_sql was documented. Go read that
documentation. *Nothing* in it suggests that using "!=" as a check
operator will result in the Calling-Station-Id attribute being added to
the check pairs.
> in radiusd.conf I have:
>
> checkval {
> item-name = Calling-Station-Id
> check-name = Calling-Station-Id
> data-type = string
> }
Why? What possible use is this? What do you expect it to do?
Alan DeKok.
------------------------------
Message: 4
Date: Mon, 21 Jun 2010 14:41:58 +0200
From: Christian Zoffoli <czoffoli at xmerlin.org>
Subject: Re: checkval and != op
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4C1F5E16.6080501 at xmerlin.org>
Content-Type: text/plain; charset=ISO-8859-1
Il 21/06/2010 13:50, Alan DeKok ha scritto:
[cut]
> Why? What possible use is this? What do you expect it to do?
there is something strange IMHO
if I try a different user in the wired group and this radgroupcheck:
mysql> SELECT * FROM radgroupcheck WHERE groupname='wired';
+----+-----------+--------------------+----+-------------------+
| id | groupname | attribute | op | value |
+----+-----------+--------------------+----+-------------------+
| 6 | wired | Calling-Station-Id | := | 00-22-15-16-35-B0 |
| 7 | wired | Simultaneous-Use | := | 1 |
| 10 | wired | Max-All-Session | := | 3600 |
| 12 | wired | Access-Period | := | 604800 |
+----+-----------+--------------------+----+-------------------+
4 rows in set (0.00 sec)
All works as expected. The software is the same, the machine is the same
but now rlm_checkval works
---
rad_recv: Access-Request packet from host 127.0.0.1 port 51146, id=1,
length=298
ChilliSpot-Version = "1.2.2"
User-Name = "m7dby5cc"
CHAP-Challenge = 0x0c8e9cdfd1f76caa475d8120e0af8660
CHAP-Password = 0x00d4c0245b2a9b2a0429c5c3401da5439e
NAS-IP-Address = 192.168.182.1
Service-Type = Login-User
Framed-IP-Address = 192.168.182.2
Calling-Station-Id = "00-22-15-16-35-B0"
Called-Station-Id = "00-0D-B9-15-F4-C9"
NAS-Identifier = "localhost"
Acct-Session-Id = "4c1f311000000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
WISPr-Location-Name = "HotSpot_Service"
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Message-Authenticator = 0x7d095fb7ce6c28a7459e053a4074bf17
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "m7dby5cc", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
rlm_sql (sql): Reserving sql socket id: 0
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'm7dby5cc' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'm7dby5cc' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'm7dby5cc' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'wired'
ORDER BY id
rlm_sql (sql): User found in group wired
expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'wired'
ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
++[checkval] returns ok
rlm_expiration: Checking Expiration time: '18 Dec 2010 11:06:25'
++[expiration] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='m7dby5cc'
sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='m7dby5cc'}'
rlm_sql (sql): - sql_xlat
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): row[0] returned NULL
rlm_sql (sql): Released sql socket id: 4
expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc'} ->
rlm_sqlcounter: No integer found in string ""
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName =
'%{User-Name}' ORDER BY AcctStartTime LIMIT 1'
expand: SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM
radacct WHERE UserName = '%{User-Name}' ORDER BY AcctStartTime LIMIT 1
-> SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM radacct
WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1
sqlcounter_expand: '%{sql:SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName = 'm7dby5cc'
ORDER BY AcctStartTime LIMIT 1}'
rlm_sql (sql): - sql_xlat
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM
radacct WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1 ->
SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM radacct
WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): SQL query did not return any results
rlm_sql (sql): Released sql socket id: 3
expand: %{sql:SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime)
FROM radacct WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1} ->
rlm_sqlcounter: No integer found in string ""
++[accessperiod] returns noop
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
+- entering group session
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: SELECT COUNT(*) FROM radacct
WHERE username =
'%{SQL-User-Name}' AND acctstoptime is NULL ->
SELECT COUNT(*)
FROM radacct WHERE username = 'm7dby5cc'
AND acctstoptime is NULL
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
Login OK: [m7dby5cc/<CHAP-Password>] (from client localhost port 1 cli
00-22-15-16-35-B0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: %{User-Password} ->
expand: %{Chap-Password} -> 0x00d4c0245b2a9b2a0429c5c3401da5439e
expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'm7dby5cc',
'0x00d4c0245b2a9b2a0429c5c3401da5439e',
'Access-Accept', '2010-06-21 14:36:34')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'm7dby5cc',
'0x00d4c0245b2a9b2a0429c5c3401da5439e',
'Access-Accept', '2010-06-21 14:36:34')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 1 to 127.0.0.1 port 51146
Acct-Interim-Interval := 600
Session-Timeout = 15542991
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 60147,
id=11, length=225
ChilliSpot-Version = "1.2.2"
ChilliSpot-Attr-10 = 0x00000002
Acct-Status-Type = Start
User-Name = "m7dby5cc"
Calling-Station-Id = "00-22-15-16-35-B0"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
Framed-IP-Address = 192.168.182.2
Acct-Session-Id = "4c1f311000000001"
NAS-IP-Address = 192.168.182.1
Called-Station-Id = "00-0D-B9-15-F4-C9"
NAS-Identifier = "localhost"
WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
WISPr-Location-Name = "HotSpot_Service"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 192.168.182.1,Acct-Session-Id =
"4c1f311000000001",User-Name = "m7dby5cc"'
rlm_acct_unique: Acct-Unique-Session-ID = "ddca1f9d2efffb89".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "m7dby5cc", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/detail-20100621
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/detail-20100621
expand: %t -> Mon Jun 21 14:36:35 2010
++[detail] returns ok
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: %{Acct-Delay-Time} ->
expand: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}') -> INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay, xascendsessionsvrkey) VALUES
('4c1f311000000001', 'ddca1f9d2efffb89', 'm7dby5cc',
'', '192.168.182.1', '1', 'Wireless-802.11',
'2010-06-21 14:36:35', NULL, '0', '', '', '',
'0', '0', '00-0D-B9-15-F4-C9', '00-22-15-16-35-B0', '',
'', '', '192.168.182.2', '0', '0', '')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
expand: %{User-Name} -> m7dby5cc
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 11 to 127.0.0.1 port 60147
Finished request 15.
Cleaning up request 15 ID 11 with timestamp +12417
Going to the next request
Waking up in 4.9 seconds.
---
Best regards,
Christian
------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 62, Issue 87
************************************************
More information about the Freeradius-Users
mailing list