Virtual server can't set reply attributes

Paul ensoniqpb at gmail.com
Fri Sep 5 16:26:03 CEST 2014


 Alan wrote:
>  That's wrong.  Why are you using Cisco-AVPair twice?  It should be:
> Cisco-AVPair
> +=
> "ip:inacl=ACL_VIRT_SECURE_IN"
I just badly pasted. The SQL table is fine.

>  OK... and what does the debug log look like for 2.2.5?  Are you using the same SQL tables?  Or different ones?
The same tables. 2.2.5 output:

rad_recv: Access-Request packet from host 193.151.53.4 port 1645,
id=59, length=121
        Framed-Protocol = PPP
        User-Name = "test1"
        CHAP-Password = 0x0123554ba1746f7fd30486bd0bd46c39de
        Calling-Station-Id = "0024.c435.f7e4"
        NAS-Port-Type = Ethernet
        NAS-Port = 33554632
        NAS-Port-Id = "0/0/2/200"
        Connect-Info = "POL_Vlan200_500M"
        Service-Type = Framed-User
        NAS-IP-Address = 193.151.53.4
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/srv_default
+group authorize {
++[preprocess] = ok
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "test1"
[suffix] Adding Realm = "NULL"
[suffix] Proxying request from user test1 to realm NULL
[suffix] Preparing to proxy authentication request to realm "NULL"
++[suffix] = updated
+} # group authorize = updated
  WARNING: Empty pre-proxy section.  Using default return values.
>>> Sending proxied request internally to virtual server.
server srv_null {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/srv_null
+group authorize {
++[preprocess] = ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] = ok
[files] users: Matched entry DEFAULT at line 172
++[files] = ok
[sql]   expand: %{Stripped-User-Name} -> test1
[sql]   expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> test1
[sql] sql_set_user escaped user --> 'test1'
rlm_sql (sql): Reserving sql socket id: 26
[sql]   expand: SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = BINARY '%{SQL-User-Name}'
      ORDER BY id -> SELECT id, username, attribute, value, op
  FROM radcheck           WHERE username = BINARY 'test1'
ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op
FROM radreply           WHERE username = BINARY '%{SQL-User-Name}'
      ORDER BY id -> SELECT id, username, attribute, value, op
  FROM radreply           WHERE username = BINARY 'test1'
ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = BINARY '%{SQL-User-Name}'           ORDER BY priority
-> SELECT groupname           FROM radusergroup           WHERE
username = BINARY 'test1'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 26
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
+} # group authorize = ok
Found Auth-Type = CHAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/srv_null
+group CHAP {
[chap] login attempt by "test1" with CHAP password
[chap] Using clear text password "test121" for user test1 authentication.
[chap] chap user test1 authenticated succesfully
++[chap] = ok
+} # group CHAP = ok
  WARNING: Empty post-auth section.  Using default return values.
} # server srv_null
Going to the next request
<<< Received proxied response code 2 from internal virtual server.
  WARNING: Empty post-proxy section.  Using default return values.
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/srv_default
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/srv_default
Sending Access-Accept of id 59 to 193.151.53.4 port 1645
        Framed-Protocol = PPP
        Cisco-AVPair += "ip:inacl=ACL_VIRT_SECURE_IN"
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.

-- 
Regards,
Paul


More information about the Freeradius-Users mailing list