MySQL DB and /n in Cisco-AVPair problem

Andy Smith a.smith at ldex.co.uk
Thu Jul 20 16:07:13 CEST 2017 

I was using the radclient from a Linux desktop, which was version 2.2.8,
for testing against both the 1.x server and the 3.0.14. I've just tested
again with the v3.0.14 radclient to both servers and I see the same
thing, ie the response has a double escaped //n from the 1.x server but
not the 3.0.14. 

Here is the full debug from the 3.0.14 server during this test: 

(7) Received Access-Request Id 234 from 127.0.0.1:19688 to
127.0.0.1:1812 length 60
(7) User-Name = "ttb-test at realm-1.ws"
(7) CHAP-Password = 0x0ec29b10ac548d021a2e021e687c2556ab
(7) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(7) authorize {
(7) [preprocess] = ok
(7) chap: &control:Auth-Type := CHAP
(7) [chap] = ok
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: Looking up realm "realm-1.ws" for User-Name =
"ttb-test at realm-1.ws"
(7) suffix: No such realm "realm-1.ws"
(7) [suffix] = noop
(7) eap: No EAP-Message, not doing EAP
(7) [eap] = noop
(7) [files] = noop
(7) sql: EXPAND %{User-Name}
(7) sql: --> ttb-test at realm-1.ws
(7) sql: SQL-User-Name set to 'ttb-test at realm-1.ws'
rlm_sql (sql): Closing connection (12): Hit idle_timeout, was idle for
262 seconds
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (11): Hit idle_timeout, was idle for
215 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (14): Hit idle_timeout, was idle for
215 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): Closing connection (13): Hit idle_timeout, was idle for
215 seconds
rlm_sql (sql): You probably need to lower "min"
rlm_sql_mysql: Socket destructor called, closing socket
rlm_sql (sql): 0 of 0 connections in use. You may need to increase
"spare"
rlm_sql (sql): Opening additional connection (15), 1 of 32 pending slots
used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
socket, server version 8.0.0-dmr-log, protocol version 10
rlm_sql (sql): Reserved connection (15)
(7) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'ttb-test at realm-1.ws' ORDER BY id
(7) sql: Executing select query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username = 'ttb-test at realm-1.ws' ORDER BY id
(7) sql: User found in radcheck table
(7) sql: Conditional check items matched, merging assignment check items
(7) sql: Cleartext-Password := "test"
(7) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(7) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'ttb-test at realm-1.ws' ORDER BY id
(7) sql: Executing select query: SELECT id, username, attribute, value,
op FROM radreply WHERE username = 'ttb-test at realm-1.ws' ORDER BY id
(7) sql: User found in radreply table, merging reply items
(7) sql: Cisco-AVPair := "lcp:interface-config=ip unnumbered loopback
2003\n"
(7) sql: Framed-IP-Address := 93.191.37.198
(7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(7) sql: --> SELECT groupname FROM radusergroup WHERE username =
'ttb-test at realm-1.ws' ORDER BY priority
(7) sql: Executing select query: SELECT groupname FROM radusergroup
WHERE username = 'ttb-test at realm-1.ws' ORDER BY priority
(7) sql: User found in the group table
(7) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(7) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'realm-1' ORDER BY id
(7) sql: Executing select query: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname = 'realm-1' ORDER BY id
(7) sql: Group "realm-1": Conditional check items matched
(7) sql: Group "realm-1": Merging assignment check items
(7) sql: Auth-Type := CHAP
(7) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(7) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'realm-1' ORDER BY id
(7) sql: Executing select query: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname = 'realm-1' ORDER BY id
(7) sql: Group "realm-1": Merging reply items
(7) sql: Service-Type := Framed-User
(7) sql: Tunnel-Medium-Type := IPv4
(7) sql: Tunnel-Type := L2TP
(7) sql: Tunnel-Password := "flu1dl2tp"
(7) sql: Tunnel-Server-Endpoint := "178.248.104.124"
(7) sql: Tunnel-Client-Auth-Id := "broadband-3"
rlm_sql (sql): Released connection (15)
Need 2 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (16), 1 of 31 pending slots
used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX
socket, server version 8.0.0-dmr-log, protocol version 10
(7) [sql] = ok
(7) [expiration] = noop
(7) [logintime] = noop
(7) pap: WARNING: Auth-Type already set. Not setting to PAP
(7) [pap] = noop
(7) } # authorize = ok
(7) Found Auth-Type = CHAP
(7) # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
(7) Auth-Type CHAP {
(7) chap: Comparing with "known good" Cleartext-Password
(7) chap: CHAP user "ttb-test at realm-1.ws" authenticated successfully
(7) [chap] = ok
(7) } # Auth-Type CHAP = ok
(7) # Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
(7) post-auth {
(7) update {
(7) No attributes updated
(7) } # update = noop
(7) sql: EXPAND .query
(7) sql: --> .query
(7) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (15)
(7) sql: EXPAND %{User-Name}
(7) sql: --> ttb-test at realm-1.ws
(7) sql: SQL-User-Name set to 'ttb-test at realm-1.ws'
(7) sql: EXPAND INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(7) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'ttb-test at realm-1.ws', '0x0ec29b10ac548d021a2e021e687c2556ab',
'Access-Accept', '2017-07-20 15:03:35')
(7) sql: Executing query: INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'ttb-test at realm-1.ws',
'0x0ec29b10ac548d021a2e021e687c2556ab', 'Access-Accept', '2017-07-20
15:03:35')
(7) sql: SQL query returned: success
(7) sql: 1 record(s) updated
rlm_sql (sql): Released connection (15)
(7) [sql] = ok
(7) [exec] = noop
(7) policy remove_reply_message_if_eap {
(7) if (&reply:EAP-Message && &reply:Reply-Message) {
(7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(7) else {
(7) [noop] = noop
(7) } # else = noop
(7) } # policy remove_reply_message_if_eap = noop
(7) } # post-auth = ok
(7) Sent Access-Accept Id 234 from 127.0.0.1:1812 to 127.0.0.1:19688
length 0
(7) Cisco-AVPair = "lcp:interface-config=ip unnumbered loopback 2003\n"
(7) Framed-IP-Address = 93.191.37.198
(7) Service-Type = Framed-User
(7) Tunnel-Medium-Type = IPv4
(7) Tunnel-Type = L2TP
(7) Tunnel-Password = "flu1dl2tp"
(7) Tunnel-Server-Endpoint = "178.248.104.124"
(7) Tunnel-Client-Auth-Id = "broadband-3"
(7) Finished request 

I'm new to both the forum and FreeRadius. If this is still not the info
needed please let me know what I should be providing, 

thanks, Andy.

More information about the Freeradius-Users mailing list