operator = not working

Alan Batie alan at peak.org
Thu Feb 11 01:28:04 CET 2016


According to http://wiki.freeradius.org/config/Operators :

=	Attribute = Value	Not allowed as a check item for RADIUS protocol
attributes. It is allowed for server configuration attributes
(Auth-Type, etc), and sets the value of on attribute, only if there is
no other item of the same attribute.

It specifically says Auth-Type (which does seem to be working), and
Pool-Name is another control attribute:

mysql> select * from radgroupcheck where groupname = 'test_pool';
+----+-----------+-----------+----+-----------+
| id | GroupName | Attribute | op | Value     |
+----+-----------+-----------+----+-----------+
| 41 | TEST_POOL | Auth-Type | =  | PAP       |
| 42 | TEST_POOL | Pool-Name | =  | test_pool |
+----+-----------+-----------+----+-----------+
2 rows in set (0.00 sec)

however with things set this way (I have a perl module defined to dump
the various lists for debugging), Pool-Name does not get set:

> (0) Wed Feb 10 15:47:11 2016: Debug: # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/peak
> (0) Wed Feb 10 15:47:11 2016: Debug:   post-auth {
> (0) Wed Feb 10 15:47:11 2016: Debug:     update {
> (0) Wed Feb 10 15:47:11 2016: Debug:       No attributes updated
> (0) Wed Feb 10 15:47:11 2016: Debug:     } # update = noop
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: EXPAND .query
> (0) Wed Feb 10 15:47:11 2016: Debug: sql:    --> .query
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: Using query template 'query'
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: EXPAND %{User-Name}
> (0) Wed Feb 10 15:47:11 2016: Debug: sql:    --> radtest-pool
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: SQL-User-Name set to 'radtest-pool'
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{Cleartext-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
> (0) Wed Feb 10 15:47:11 2016: Debug: sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'radtest-pool', '', 'Access-Accept', '2016-02-10 15:47:11')
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'radtest-pool', '', 'Access-Accept', '2016-02-10 15:47:11')
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: SQL query returned: success
> (0) Wed Feb 10 15:47:11 2016: Debug: sql: 1 record(s) updated
> (0) Wed Feb 10 15:47:11 2016: Debug:     [sql] = ok
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'radtest-pool'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'password'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '69.59.217.117'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '15762707'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '12:34:56:78:90:03'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'plo-cr1'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Feb 10 2016 15:47:11 PST'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> 'ether3.1900'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'PAP'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_CHECK{'Cleartext-Password'} = &control:Cleartext-Password -> 'password'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'PAP'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl:   $RAD_CONFIG{'Cleartext-Password'} = &control:Cleartext-Password -> 'password'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '12:34:56:78:90:03'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'radtest-pool'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Feb 10 2016 15:47:11 PST'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'password'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'plo-cr1'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '69.59.217.117'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '15762707'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'ether3.1900'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &control:Cleartext-Password = $RAD_CHECK{'Cleartext-Password'} -> 'password'
> (0) Wed Feb 10 15:47:11 2016: Debug: perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'PAP'
> (0) Wed Feb 10 15:47:11 2016: Debug:     [perl] = ok
> (0) Wed Feb 10 15:47:11 2016: Debug: sqlippool: No Pool-Name defined
> (0) Wed Feb 10 15:47:11 2016: Debug: sqlippool: EXPAND No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})
> (0) Wed Feb 10 15:47:11 2016: Debug: sqlippool:    --> No Pool-Name defined (did  cli 12:34:56:78:90:03 port 15762707 user radtest-pool)
> (0) Wed Feb 10 15:47:11 2016: Debug:     [sqlippool] = noop
> (0) Wed Feb 10 15:47:11 2016: Debug:   } # post-auth = ok

If I change the operator to ":=" (the "set it dammit no matter what"
operator), it does the right thing:

mysql> select * from radgroupcheck where groupname = 'test_pool';
+----+-----------+-----------+----+-----------+
| id | GroupName | Attribute | op | Value     |
+----+-----------+-----------+----+-----------+
| 41 | TEST_POOL | Auth-Type | := | PAP       |
| 42 | TEST_POOL | Pool-Name | := | test_pool |
+----+-----------+-----------+----+-----------+
2 rows in set (0.00 sec)

> (0) Wed Feb 10 16:13:29 2016: Debug:   post-auth {
> (0) Wed Feb 10 16:13:29 2016: Debug:     update {
> (0) Wed Feb 10 16:13:29 2016: Debug:       No attributes updated
> (0) Wed Feb 10 16:13:29 2016: Debug:     } # update = noop
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: EXPAND .query
> (0) Wed Feb 10 16:13:29 2016: Debug: sql:    --> .query
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: Using query template 'query'
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: EXPAND %{User-Name}
> (0) Wed Feb 10 16:13:29 2016: Debug: sql:    --> radtest-pool
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: SQL-User-Name set to 'radtest-pool'
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{Cleartext-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
> (0) Wed Feb 10 16:13:29 2016: Debug: sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'radtest-pool', '', 'Access-Accept', '2016-02-10 16:13:29')
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'radtest-pool', '', 'Access-Accept', '2016-02-10 16:13:29')
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: SQL query returned: success
> (0) Wed Feb 10 16:13:29 2016: Debug: sql: 1 record(s) updated
> (0) Wed Feb 10 16:13:29 2016: Debug:     [sql] = ok
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> 'radtest-pool'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'User-Password'} = &request:User-Password -> 'password'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address -> '69.59.217.117'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '15762707'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'Service-Type'} = &request:Service-Type -> 'Framed-User'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'Framed-Protocol'} = &request:Framed-Protocol -> 'PPP'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'Calling-Station-Id'} = &request:Calling-Station-Id -> '12:34:56:78:90:03'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'NAS-Identifier'} = &request:NAS-Identifier -> 'plo-cr1'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'NAS-Port-Type'} = &request:NAS-Port-Type -> 'Ethernet'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp -> 'Feb 10 2016 16:13:29 PST'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REQUEST{'NAS-Port-Id'} = &request:NAS-Port-Id -> 'ether3.1900'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REPLY{'Service-Type'} = &reply:Service-Type -> 'Framed-User'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REPLY{'Framed-Protocol'} = &reply:Framed-Protocol -> 'PPP'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REPLY{'Framed-IP-Netmask'} = &reply:Framed-IP-Netmask -> '255.255.255.255'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REPLY{'Framed-MTU'} = &reply:Framed-MTU -> '1500'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REPLY{'Framed-Compression'} = &reply:Framed-Compression -> 'None'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_REPLY{'Mikrotik-Rate-Limit'} = &reply:Mikrotik-Rate-Limit -> '20M/10M'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'PAP'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_CHECK{'Pool-Name'} = &control:Pool-Name -> 'test_pool'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_CHECK{'Cleartext-Password'} = &control:Cleartext-Password -> 'password'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'PAP'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_CONFIG{'Pool-Name'} = &control:Pool-Name -> 'test_pool'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl:   $RAD_CONFIG{'Cleartext-Password'} = &control:Cleartext-Password -> 'password'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Framed-User'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> '12:34:56:78:90:03'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:User-Name = $RAD_REQUEST{'User-Name'} -> 'radtest-pool'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Feb 10 2016 16:13:29 PST'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:User-Password = $RAD_REQUEST{'User-Password'} -> 'password'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'plo-cr1'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} -> '69.59.217.117'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:NAS-Port = $RAD_REQUEST{'NAS-Port'} -> '15762707'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> 'ether3.1900'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &reply:Framed-Protocol = $RAD_REPLY{'Framed-Protocol'} -> 'PPP'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &reply:Service-Type = $RAD_REPLY{'Service-Type'} -> 'Framed-User'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &reply:Mikrotik-Rate-Limit = $RAD_REPLY{'Mikrotik-Rate-Limit'} -> '20M/10M'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &reply:Framed-Compression = $RAD_REPLY{'Framed-Compression'} -> 'None'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &reply:Framed-IP-Netmask = $RAD_REPLY{'Framed-IP-Netmask'} -> '255.255.255.255'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &reply:Framed-MTU = $RAD_REPLY{'Framed-MTU'} -> '1500'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &control:Cleartext-Password = $RAD_CHECK{'Cleartext-Password'} -> 'password'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &control:Auth-Type = $RAD_CHECK{'Auth-Type'} -> 'PAP'
> (0) Wed Feb 10 16:13:29 2016: Debug: perl: &control:Pool-Name = $RAD_CHECK{'Pool-Name'} -> 'test_pool'
> (0) Wed Feb 10 16:13:29 2016: Debug:     [perl] = ok
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND %{User-Name}
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> radtest-pool
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: SQL-User-Name set to 'radtest-pool'
> (0) Wed Feb 10 16:13:29 2016: ERROR: sqlippool: Clear stale connections
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND START TRANSACTION
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> START TRANSACTION
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: Executing query: START TRANSACTION
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND COMMIT
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> COMMIT
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: Executing query: COMMIT
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND START TRANSACTION
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> START TRANSACTION
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: Executing query: START TRANSACTION
> (0) Wed Feb 10 16:13:29 2016: ERROR: sqlippool: allocate_find
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND (expiry_time < NOW() OR expiry_time IS NULL or expiry_time = 0) ORDER BY (username <> '%{User-Name}'), (callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR UPDATE
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> SELECT framedipaddress FROM radippool WHERE pool_name = 'test_pool' AND (expiry_time < NOW() OR expiry_time IS NULL or expiry_time = 0) ORDER BY (username <> 'radtest-pool'), (callingstationid <> '12:34:56:78:90:03'), expiry_time LIMIT 1 FOR UPDATE
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: Executing select query: SELECT framedipaddress FROM radippool WHERE pool_name = 'test_pool' AND (expiry_time < NOW() OR expiry_time IS NULL or expiry_time = 0) ORDER BY (username <> 'radtest-pool'), (callingstationid <> '12:34:56:78:90:03'), expiry_time LIMIT 1 FOR UPDATE
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: Allocated IP 10.98.0.4
> (0) Wed Feb 10 16:13:29 2016: ERROR: sqlippool: allocate_update
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{Calling-Station-Id}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.98.0.4'
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> UPDATE radippool SET nasipaddress = '69.59.217.117', pool_key = '12:34:56:78:90:03', callingstationid = '12:34:56:78:90:03', username = 'radtest-pool', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.98.0.4'
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: Executing query: UPDATE radippool SET nasipaddress = '69.59.217.117', pool_key = '12:34:56:78:90:03', callingstationid = '12:34:56:78:90:03', username = 'radtest-pool', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.98.0.4'
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND COMMIT
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> COMMIT
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: Executing query: COMMIT
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool: EXPAND Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})
> (0) Wed Feb 10 16:13:29 2016: Debug: sqlippool:    --> Allocated IP: 10.98.0.4 from test_pool (did  cli 12:34:56:78:90:03 port 15762707 user radtest-pool)
> (0) Wed Feb 10 16:13:29 2016: Debug:     [sqlippool] = ok
> (0) Wed Feb 10 16:13:29 2016: Debug:   } # post-auth = ok


More information about the Freeradius-Users mailing list