Mikrotik Attribute problem

Chris Knipe savage at savage.za.org
Tue Apr 8 20:46:45 CEST 2014 

Compare your dicionaries - carefully.

Remember - there's a bunch of dictionary files, but they are not *all*
included.  Run a recursive diff and study the differences.  I've had
things like this before with Mikrotik where attributes that Mikrotik
defined, was already defined in some other dictionary (thankfully that
I didn't use).  Normally just commenting out the dictionary that
clashed with Mikrotik solved the issues.

You can also try the -latest- dictionary available at mikrotik.com
somewhere (I think it's in the wiki).



On Tue, Apr 8, 2014 at 8:31 PM, Ryan De Kock <ryandekock1988 at gmail.com> wrote:
> Testing with radclient i see this.
>
> echo "User-Name=test,User-Password=password,NAS-Identifier=XXXX" | radclient
> X.X.X.X auth secret
>
> Received response ID 168, code 2, length = 26
>     Old-Password = "\014\177\362v"
>
>
> however on the server i see
>
>
> +- entering group PERL {...}
> rlm_perl: Added pair User-Name = test
>
> rlm_perl: Added pair User-Password = password
> rlm_perl: Added pair NAS-IP-Address = 196.213.176.115
> rlm_perl: Added pair Mikrotik-Total-Limit = 209711734
>
> rlm_perl: Added pair Cleartext-Password = password
> rlm_perl: Added pair databank = 209711734
>
> rlm_perl: Added pair Auth-Type = PERL
> ++[perl] returns ok
> Login OK: [test/password] (from client X.X.X.X port 0)
>
> # Executing section post-auth from file /etc/raddb/sites-enabled/default
> +- entering group post-auth {...}
> ++[exec] returns noop
> Sending Access-Accept of id 168 to X.X.X.X port 55616
>     Mikrotik-Total-Limit = 209711734
>
> This is when I add Mikrotik-Total-Limit to the /etc/raddb/dictionary file.
>
> Why is the incorrect attribute being returned?
>
>
> On 8 April 2014 18:34, Ryan De Kock <ryandekock1988 at gmail.com> wrote:
>>
>> Thanks... I guess
>>
>> My question is more around "Is there any thing I can do to fix this"?
>>
>> When the Attribute is commented out of /etc/raddb/dictionary
>>
>> I get
>> ...
>> rlm_perl: ERROR: Failed to create pair Mikrotik-Total-Limit = 192871485
>> ...
>>
>> When its in there I get
>>
>> ...
>> Tue Apr  8 18:23:47 2014 : Debug: rlm_perl: Added pair
>> Mikrotik-Total-Limit = 209715200
>> Tue Apr  8 18:23:47 2014 : Debug: rlm_perl: Added pair Cleartext-Password
>> = password
>> Tue Apr  8 18:23:47 2014 : Debug: rlm_perl: Added pair databank =
>> 209715200
>> Tue Apr  8 18:23:47 2014 : Debug: rlm_perl: Added pair Auth-Type = PERL
>> Tue Apr  8 18:23:47 2014 : Info: ++[perl] returns ok
>> Tue Apr  8 18:23:47 2014 : Auth: Login OK: [XX:XX:XX:XX:XX:XX/password]
>> (from client X.X.X.X port 2154826130 cli XX:XX:XX:XX:XX:XX)
>> Tue Apr  8 18:23:47 2014 : Info: # Executing section post-auth from file
>> /etc/raddb/sites-enabled/default
>> Tue Apr  8 18:23:47 2014 : Info: +- entering group post-auth {...}
>> Tue Apr  8 18:23:47 2014 : Info: ++[exec] returns noop
>> Sending Access-Accept of id 30 to X.X.X.X port 50238
>>     Mikrotik-Total-Limit = 209715200
>> ...
>>
>> So is freeradius not reading the dictionary file for Mikrotik that is
>> there & correct?
>>
>>
>> On 8 April 2014 14:48, Alan DeKok <aland at deployingradius.com> wrote:
>>>
>>> Ryan De Kock wrote:
>>> > I was running freeradius v2.1.12 on Fedora and have changed over to
>>> > CentOS now (also v2.1.12).
>>>
>>>   OK...
>>>
>>> > It looks as if the dictionary file location has been changed BUT here
>>> > is
>>> > the working dictionary
>>>
>>>   So one distribution has a working dictionary file, and the other one
>>> doesn't?  That's not nice.
>>>
>>> > Working server:
>>> ...
>>> > Not working server:
>>>
>>>   There's no need to post the dictionaries.  We've seen them already.
>>> Just post a summary of what changed.
>>>
>>> > What i have noticed is that if I add "ATTRIBUTE
>>> > Mikrotik-Total-Limit          17  integer" to the
>>> > /usr/local/etc/raddb/dictionary file then freeradius says that it sends
>>> > the attribute however the Mikrotik complains that its incorrect.
>>>
>>>   That attribute is already in both dictionaries.  What's the problem?
>>>
>>> > Have I missed something? I have checked that
>>> > "/usr/local/share/freeradius/dictionary.mikrotik" is included in
>>> > /usr/local/share/freeradius/dictionary.
>>> >
>>> > any advice would be great
>>>
>>>   Use a version that works.  If the version supplied by your vendor
>>> doesn't work, then (a) upgrade, or (b) tell your vendor to fix it.
>>>
>>>   Alan DeKok.
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 

Regards,
Chris Knipe

More information about the Freeradius-Users mailing list