Attribute NOT being returned in access-accept but is returned in Access-Challenge

Jake He jake.he at gmail.com
Sat Jun 27 07:34:50 CEST 2015


Thank you Alan.

Mikrotik-Total-Limit is set in server default. But when virtual server
inner-tunnel is called. The sql over write the Mikrotik-Total-Limit. This
is my understanding of what happened.

Is there a way for inner-tunnel not to set the reply attributes again?

Jake

(7) Virtual server inner-tunnel received request
(7)   EAP-Message = 0x02010016041045307f80005829c45ec3c5a20be7bc6c
(7)   User-Name = 'jake'
(7)   State = 0xc7faab94c7fbaf949e6d25fbda29b50d
(7) server inner-tunnel {
(7)   session-state: No cached attributes
(7)   # Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
(7)     authorize {
(7)       [chap] = noop
(7)       [mschap] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "jake", looking up realm NULL
(7) suffix: No such realm "NULL"
(7)       [suffix] = noop
(7)       update control {
(7)         &Proxy-To-Realm := LOCAL
(7)       } # update control = noop
(7) eap: Peer sent code Response (2) ID 1 length 22
(7) eap: No EAP Start, assuming it's an on-going EAP conversation
(7)       [eap] = updated
(7)       [files] = noop
(7) sql: EXPAND %{User-Name}
(7) sql:    --> jake
(7) sql: SQL-User-Name set to 'jake'
rlm_sql (sql): Reserved connection (4)
(7) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'jake' ORDER BY id
(7) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'jake' ORDER BY id
(7) sql: User found in radcheck table
(7) sql: Conditional check items matched, merging assignment check items
(7) sql:   Cleartext-Password := 'fheman123'
(7) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7) sql:    --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'jake' ORDER BY id
(7) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'jake' ORDER BY id
(7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(7) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
ORDER BY priority
(7) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'jake' ORDER BY priority
(7) sql: User found in the group table
(7) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
(7) sql:    --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
(7) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
(7) sql: Group "14kimberleyst": Conditional check items matched
(7) sql: Group "14kimberleyst": Merging assignment check items
(7) sql:   Reset-Date := '13'
(7) sql:   Total-Bytes := '999999999999999999'
(7) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id
(7) sql:    --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
(7) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
(7) sql: Group "14kimberleyst": Merging reply items
(7) sql:   Session-Timeout := 10800
(7) sql:   Mikrotik-Total-Limit := 1

On 27 June 2015 at 01:24, Alan DeKok <aland at deployingradius.com> wrote:

> On Jun 26, 2015, at 12:08 PM, Jake He <jake.he at gmail.com> wrote:
> > Sorry, I make a mistake. I am using Mikrotik-Total-Limit not
> > Mikrotik-Recv-Limit.
>
>   Describing the problem correctly helps.
>
> > This is the debug for my perl script.
> > (1) check_usage: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'}
> ->
> > '10800'
> > (1) check_usage: &reply:Mikrotik-Total-Limit-Gigawords =
> > $RAD_REPLY{'Mikrotik-Total-Limit-Gigawords'} -> ‘232830643'
>
>  So it’s getting set.  That’s nice.
>
> > This means that Mikrotik-Total-Limit is set right?
>
>   Yes.
>
>   Then go read the debug log to see when it’s being set, and when your
> perl script is being executed.
>
>   There’s no magic here.  Just read the debug output to see what it’s
> doing.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


More information about the Freeradius-Users mailing list