<p>Don't take your ball, not good. ;)</p><p> Here's informations:</p><p>##
radcheck</p><p>+----+-----------+--------------------+----+---------+<br />|
id | UserName | Attribute
| op | Value |<br
/>+----+-----------+--------------------+----+---------+<br />| 3 |
test-pap | Cleartext-Password | := | pw123 |<br
/>+----+-----------+--------------------+----+---------+<br /></p><p>##
radreply</p><p>+----+-----------+---------------------+----+-------+<br />| id
| UserName | Attribute
| op | Value |<br
/>+----+-----------+---------------------+----+-------+<br />| 6 |
test-pap | Upstream-Speed | = | 800
|<br />| 7 | test-pap | Downstream-Speed |
= | 800 |<br
/>+----+-----------+---------------------+----+-------+<br /></p><p>##
radgroupcheck</p><p>+----+----------------+--------------------+----+-------+<br
/>| id | GroupName | Attribute
| op | Value |<br
/>+----+----------------+--------------------+----+-------+<br />|
5 | f_pppoe_250k | Auth-Type
| = | PAP |<br />| 6 | f_pppoe_250k |
Simultaneous-Use | = | 1 |<br
/>+----+----------------+--------------------+----+-------+<br /> </p> <p>##
radgroupreply</p>
<p>+----+--------------+-----------------------+----+----------------------+<br />|
id | GroupName | Attribute
| op |
Value
|<br
/>+----+--------------+-----------------------+----+----------------------+<br />|
13 | f_pppoe_250k | Framed-Protocol | = |
PPP
|<br />| 14 | f_pppoe_250k |
Framed-MTU | = |
1492
|<br />| 15 | f_pppoe_250k |
Framed-Compression | = | Van-Jacobsen-TCP-IP |<br />| 16 | f_pppoe_250k |
Service-Type | = |
Framed-User |<br
/>+---+----------------+----------------------+----+----------------------+</p>
<p>## radusergroup (same usergroup table in 1.3 version freeradius, I have both
tables)</p> <p>+-----------+----------------+----------+<br /> | UserName |
GroupName | priority |<br />
+-----------+----------------+----------+<br /> | teste-pap | f_pppoe_250k
| 1 |<br />
+-----------+----------------+----------+<br /> </p> <p>## radiusd -X</p>
<p> rad_recv: Access-Request packet from host 7.7.7.1 port 32790, id=163,
length=73<br /> Service-Type =
Framed-User<br /> Framed-Protocol =
PPP<br /> User-Name =
"test-pap"<br /> User-Password
= "pw123"<br /> NAS-IP-Address
= <br /> NAS-Port = 0<br />
Processing the authorize section of radiusd.conf<br /> +- entering group
authorize<br /> ++[preprocess] returns ok<br /> ++[chap] returns noop<br />
++[mschap] returns noop<br /> rlm_eap: No EAP-Message, not doing EAP<br />
++[eap] returns noop<br /> radius_xlat: 'test-pap'<br /> rlm_sql (sql):
sql_set_user escaped user --> 'test-pap'<br /> rlm_sql (sql): Reserving sql
socket id: 3<br /> radius_xlat: 'SELECT id, UserName, Attribute, Value,
op FROM
radcheck WHERE Username
= 'test-pap' ORDER BY
id' ######## loading radcheck table ##########<br /> rlm_sql
(sql): User found in radcheck table<br /> radius_xlat: 'SELECT id, UserName,
Attribute, Value, op
FROM radreply WHERE
Username = 'test-pap'
ORDER BY id' ####### loading radreply table ##########<br /> rlm_sql
(sql): Released sql socket id:
3
#### if found "Fall-Through = Yes" attribute, radgroupcheck is loaded,
but not radgroupreply #########<br /> ++[sql] returns ok<br /> ++[expiration]
returns noop<br /> ++[logintime] returns noop<br /> ++[pap] returns updated<br />
+- group authorize returns updated<br /> rad_check_password: Found
Auth-Type<br /> auth: type "PAP"<br /> Processing the authenticate
section of radiusd.conf<br /> +- entering group PAP<br /> rlm_pap: login attempt
with password ngc0bqi<br /> rlm_pap: Using clear text password.<br /> rlm_pap: User
authenticated successfully<br /> ++[pap] returns ok<br /> +- group PAP returns
ok<br /> Processing the post-auth section of radiusd.conf<br /> +- entering
group post-auth<br /> rlm_sql (sql): Processing sql_postauth<br /> rlm_sql (sql):
sql_set_user escaped user --> 'test-pap'<br /> radius_xlat: 'INSERT into
radpostauth (id, user, pass, reply, date) values ('', 'test-pap', 'ngc0bqi',
'Access-Accept', '2008-01-15 20:33:58')'<br /> rlm_sql (sql) in sql_postauth: query
is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'test-pap',
'pw123', 'Access-Accept', '2008-01-15 20:33:58')<br /> rlm_sql (sql): Reserving sql
socket id: 2<br /> rlm_sql (sql): Released sql socket id: 2<br /> ++[sql] returns
ok<br /> +- group post-auth returns ok<br /> Sending Access-Accept of id 163 to
7.7.7.1 port 32790 ############# Here is
when radius server send "items reply" to radiusclient
#################<br /> Upstream-Speed =
800 ######## attribute in
radreply ########<br /> Downstream-Speed
= 800 ###### attribute in radreply ########<br /> Finished
request 0 state 5<br /> Going to the next request<br /> rad_recv:
Accounting-Request packet from host 7.7.7.1 port 32790, id=164, length=101<br />
Acct-Session-Id =
"478D34D61E1F00"<br />
User-Name = "test-pap"<br />
Acct-Status-Type = Start<br />
Service-Type = Framed-User<br />
Framed-Protocol = PPP<br />
Acct-Authentic = RADIUS<br />
NAS-Port-Type = Virtual<br />
Framed-IP-Address = 7.7.7.123<br />
NAS-IP-Address = 7.7.7.1<br /> NAS-Port
= 0<br /> Acct-Delay-Time = 0<br />
Processing the preacct section of radiusd.conf<br /> +- entering group
preacct<br /> ++[preprocess] returns ok<br /> rlm_acct_unique: Hashing 'NAS-Port =
0,Framed-IP-Address = 7.7.7.123,NAS-IP-Address = 7.7.7.1,Acct-Session-Id =
"478D34D61E1F00",User-Name = "test-pap"'<br /> rlm_acct_unique:
Acct-Unique-Session-ID = "a5e052f9f07c2f6f".<br /> ++[acct_unique]
returns ok<br /> +- group preacct returns ok<br /> Processing the accounting
section of radiusd.conf<br /> +- entering group accounting<br /> radius_xlat:
'/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115'<br /> rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115<br /> radius_xlat:
'Tue Jan 15 20:33:58 2008'<br /> ++[detail] returns ok<br /> radius_xlat:
'/usr/local/var/log/radius/radutmp'<br /> radius_xlat: 'test-pap'<br />
++[radutmp] returns ok<br /> radius_xlat: 'test-pap'<br /> rlm_sql (sql):
sql_set_user escaped user --> 'test-pap'<br /> radius_xlat: 'INSERT into
radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('478D34D61E1F00',
'a5e052f9f07c2f6f', 'test-pap', '', '7.7.7.1', '0', 'Virtual', '2008-01-15
20:33:58', '0', '0', 'RADIUS', '', '', '0', '0', '', '', '', 'Framed-User', 'PPP',
'7.7.7.123', '0', '0')'<br /> rlm_sql (sql): Reserving sql socket id: 1<br />
rlm_sql (sql): Released sql socket id: 1<br /> ++[sql] returns ok<br />
radius_xlat: 'test-pap'<br /> attr_filter: Matched entry DEFAULT at
line 12<br /> ++[attr_filter.accounting_response] returns updated<br /> +- group
accounting returns updated<br /> Sending Accounting-Response of id 164 to 7.7.7.1
port 32790<br /> Finished request 1 state 6<br /> Going to the next request<br />
Cleaning up request 1 ID 164 with timestamp +15<br /> Waking up in 4 seconds...<br
/> Cleaning up request 0 ID 163 with timestamp +15<br /> Nothing to do.
Sleeping until we see a request.<br /> ################################<br /> </p>
<p>In freeradius documentation say (http://wiki.freeradius.org/Rlm_sql):</p>
<li>Search the radcheck table for any check attributes specific to the user
</li><li>If check attributes are found, and there's a match, pull the reply items
from the radreply table for this user and add them to the reply </li><li>Group
processing then begins if any of the following conditions are met: <ul><li>The user
IS NOT found in radcheck </li><li>The user IS found in radcheck, but the check
items don't match </li><li>The user IS found in radcheck, the check items DO match
AND Fall-Through is set in the radreply table </li><li>The user IS found in
radcheck, the check items DO match AND the <a title="Read groups" class="new"
href="http://wiki.freeradius.org/index.php?title=Read_groups&action=edit">read_groups</a>
directive is set to 'yes' </li></ul> </li><li>If groups are to be processed for
this user, the first thing that is done is the list of groups this user is a member
of is pulled from the usergroup table ordered by the priority field. The priority
field of the usergroup table allows us to control the order in which groups are
processed, so that we can emulate the ordering in the users file.</li><p> </p>
<p>###################</p> <p>My case matches with last condition, the user is
found in radcheck, the check items DO match AND the read_groups directive is set to
'yes'. But... I've testing the read_groups and it don't work. I made an invalid
directive and it is ignored by radiusd, it's not appers in debug log. read_groups
don't too.</p> <p>I have testing the Fall-Through in radreply and it work, but
don't load the radgroupreply table. I need this table, because its attributes are
replied to radiusclient, and my scripts in NAS side can work it.</p> <p>Note: In
freeradius 1.3 don't have read_groups directive, but all tables are loaded.</p>
<p><br
/>--------------------------------------------------------------------------------<br
/> OK, can we see database entries for a user (and group he belongs to) and<br />
the debug of the access request? Or should I get my crystal ball back<br /> from
the polisher?<br /> <br /> Ivan Kalik<br /> Kalik Informatika ISP<br /> <br /> <br
/> Dana 15/1/2008, "Arlinelson Fernandes dos Santos" pi¹e:<br />
<br /> >Yes! I did. And I put attributes into all tables ckeck and reply.</p>
<p>--------------------------------------------------------------------------------</p>
<p>Did you put something in usergroup table to link users and groups? <br /></p>
<br>------------------------------------------------------------------------------------------------------<br>
<b>Acelerador POP</b><br>
Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu.<br>
http://www.pop.com.br/acelerador