Nomadix VSA

Andrew Long fursink at gmail.com
Thu Apr 5 04:41:18 CEST 2012


> I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and
> Nomadix-BW-Down. They are included in the dictionary.nomadix that
> shipped with my installed version, 2.1.8 running on CentOS.
>
> I am using a MySQL backend and have tried adding the attributes in
> radgroupreply (for user group) and radreply (for user), both without
> success. I have tried +=, ==, and := as operators, also without
> success.
>
> raddiusd -X does not complain about any of these, and the user
> authenticates but has a full pipe for BW, rather than the designated
> 768/256 Down/Up.

I've got this working now when assigning the attributes to a user
profile (radreply), but when when passed from a group profile
(radgroupreply) the attributes are not being sent.

radiusd -X shows that freeradius is not performing the same queries as
it does with other users/groups; the query for radgroupreply items is
not being done.

rad_recv: Access-Request packet from host xx.xx.xx.xx port 41155,
id=155, length=51
        User-Password = "password"
        User-Name = "memwg140412"
Wed Apr  4 22:18:50 2012 : Info: +- entering group authorize {...}
Wed Apr  4 22:18:50 2012 : Info: ++[preprocess] returns ok
Wed Apr  4 22:18:50 2012 : Info: ++[chap] returns noop
Wed Apr  4 22:18:50 2012 : Info: ++[mschap] returns noop
Wed Apr  4 22:18:50 2012 : Info: [suffix] No '@' in User-Name =
"memwg140412", looking up realm NULL
Wed Apr  4 22:18:50 2012 : Info: [suffix] No such realm "NULL"
Wed Apr  4 22:18:50 2012 : Info: ++[suffix] returns noop
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: %{User-Name} -> memwg140412
Wed Apr  4 22:18:50 2012 : Info: [sql] sql_set_user escaped user -->
'memwg140412'
Wed Apr  4 22:18:50 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 1
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: SELECT id, username,
attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'memwg140412' ORDER BY id
Wed Apr  4 22:18:50 2012 : Info: [sql] User found in radcheck table
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: SELECT id, username,
attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'memwg140412' ORDER BY id
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}'ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username = 'memwg140412'
ORDER BY priority
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname = 'password-group' ORDER BY id
Wed Apr  4 22:18:50 2012 : Debug: rlm_sql (sql): Released sql socket id: 1
Wed Apr  4 22:18:50 2012 : Info: ++[sql] returns ok
Wed Apr  4 22:18:50 2012 : Info: ++[expiration] returns noop
Wed Apr  4 22:18:50 2012 : Info: ++[logintime] returns noop
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Wed Apr  4 22:18:50 2012 : Info: ++[noresetcounter] returns noop
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Wed Apr  4 22:18:50 2012 : Info: ++[dailycounter] returns noop
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Wed Apr  4 22:18:50 2012 : Info: ++[monthlycounter] returns noop
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code
Wed Apr  4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Wed Apr  4 22:18:50 2012 : Info: ++[daypasscounter] returns noop
Wed Apr  4 22:18:50 2012 : Info: ++[pap] returns updated
Wed Apr  4 22:18:50 2012 : Info: Found Auth-Type = PAP
Wed Apr  4 22:18:50 2012 : Info: +- entering group PAP {...}
Wed Apr  4 22:18:50 2012 : Info: [pap] login attempt with password "password"
Wed Apr  4 22:18:50 2012 : Info: [pap] Using clear text password "password"
Wed Apr  4 22:18:50 2012 : Info: [pap] User authenticated successfully
Wed Apr  4 22:18:50 2012 : Info: ++[pap] returns ok
Wed Apr  4 22:18:50 2012 : Auth: Login OK: [memwg140412] (from client
wolfchase-gateway port 0)
Wed Apr  4 22:18:50 2012 : Info: +- entering group post-auth {...}
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: %{User-Name} -> memwg140412
Wed Apr  4 22:18:50 2012 : Info: [sql] sql_set_user escaped user -->
'memwg140412'
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: %{User-Password} -> password
Wed Apr  4 22:18:50 2012 : Info: [sql]  expand: INSERT INTO
radpostauth (username, pass, reply, authdate) VALUES
('%{User-Name}','%{%{User-Password}:-%{Chap-Password}}','%{reply:Packet-Type}',
'%S') -> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ('memwg140412',                           'password',
                'Access-Accept', '2012-04-04 22:18:50')
Wed Apr  4 22:18:50 2012 : Debug: rlm_sql (sql) in sql_postauth: query
is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES
('memwg140412','password','Access-Accept', '2012-04-04 22:18:50')
Wed Apr  4 22:18:50 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 0
Wed Apr  4 22:18:50 2012 : Debug: rlm_sql (sql): Released sql socket id: 0
Wed Apr  4 22:18:50 2012 : Info: ++[sql] returns ok
Wed Apr  4 22:18:50 2012 : Info: ++[exec] returns noop
Sending Access-Accept of id 155 to xx.xx.xx.xx port 41155


More information about the Freeradius-Users mailing list