<p>Sorry! I was writing this post and correcting the align spaces when press the
"e" for accident. In my usergroup is test-pap.</p><p> <br
/>thanks.<br
/>--------------------------------------------------------------------------------<br
/> There is a typo in usergroup table. Group is set as teste-pap, while<br /> other
tables have group test-pap.<br /> <br /> Ivan Kalik<br /> Kalik Informatika ISP<br
/> <br /> <br /> Dana 15/1/2008, "Arlinelson Fernandes dos Santos"
pi¹e:<br /> <br /> >Don't take your ball, not good. ;) Here's
informations:##<br />
>radcheck+----+-----------+--------------------+----+---------+|<br /> >id |
UserName | Attribute <br /> > | op | Value
|+----+-----------+--------------------+----+---------+| 3 |<br /> >test-pap
| Cleartext-Password | := | pw123
|+----+-----------+--------------------+----+---------+##<br />
>radreply+----+-----------+---------------------+----+-------+| id<br /> > |
UserName | Attribute <br /> > | op | Value
|+----+-----------+---------------------+----+-------+| 6 |<br /> >test-pap
| Upstream-Speed | = | 800 <br /> >|| 7 | test-pap | Downstream-Speed
|<br /> >= | 800
|+----+-----------+---------------------+----+-------+##<br />
>radgroupcheck+----+----------------+--------------------+----+-------+| id |
GroupName | Attribute <br /> > | op | Value
|+----+----------------+--------------------+----+-------+| <br /> >5 |
f_pppoe_250k | Auth-Type <br /> > | = | PAP || 6 | f_pppoe_250k
|<br /> >Simultaneous-Use | = | 1
|+----+----------------+--------------------+----+-------+ ##<br />
>radgroupreply<br />
>+----+--------------+-----------------------+----+----------------------+|<br
/> >id | GroupName | Attribute <br /> > | op |<br />
>Value <br /> >
|+----+--------------+-----------------------+----+----------------------+|<br />
>13 | f_pppoe_250k | Framed-Protocol | = |<br /> >PPP
<br /> > || 14 | f_pppoe_250k |<br /> >Framed-MTU | = |<br
/> >1492 <br /> > || 15 | f_pppoe_250k |<br />
>Framed-Compression | = | Van-Jacobsen-TCP-IP || 16 | f_pppoe_250k |<br />
>Service-Type | = |<br /> >Framed-User
|+---+----------------+----------------------+----+----------------------+<br />
>## radusergroup (same usergroup table in 1.3 version freeradius, I have both<br
/> >tables) +-----------+----------------+----------+ | UserName |<br />
>GroupName | priority |<br />
>+-----------+----------------+----------+ | teste-pap | f_pppoe_250k<br />
>| 1 |<br /> >+-----------+----------------+----------+ ## radiusd
-X<br /> > rad_recv: Access-Request packet from host 7.7.7.1 port 32790,
id=163,<br /> >length=73 Service-Type >Framed-User
Framed-Protocol >PPP User-Name >"test-pap"
User-Password<br /> >= "pw123" NAS-IP-Address<br /> >=
NAS-Port = 0 <br /> >Processing the authorize section of radiusd.conf +-
entering group<br /> >authorize ++[preprocess] returns ok ++[chap] returns
noop<br /> >++[mschap] returns noop rlm_eap: No EAP-Message, not doing EAP<br
/> >++[eap] returns noop radius_xlat: 'test-pap' rlm_sql (sql):<br />
>sql_set_user escaped user --> 'test-pap' rlm_sql (sql): Reserving sql<br />
>socket id: 3 radius_xlat: 'SELECT id, UserName, Attribute, Value,<br /> >op
FROM<br /> >radcheck WHERE Username<br /> >= 'test-pap'
ORDER BY<br /> >id' ######## loading radcheck table ##########
rlm_sql<br /> >(sql): User found in radcheck table radius_xlat: 'SELECT id,
UserName,<br /> >Attribute, Value, op <br /> >FROM radreply
WHERE<br /> >Username = 'test-pap' <br /> >ORDER BY id' #######
loading radreply table ########## rlm_sql<br /> >(sql): Released sql socket
id:<br /> >3
<br /> >#### if found "Fall-Through = Yes" attribute, radgroupcheck is
loaded,<br /> >but not radgroupreply ######### ++[sql] returns ok
++[expiration]<br /> >returns noop ++[logintime] returns noop ++[pap] returns
updated<br /> >+- group authorize returns updated rad_check_password:
Found<br /> >Auth-Type auth: type "PAP" Processing the
authenticate<br /> >section of radiusd.conf +- entering group PAP rlm_pap: login
attempt<br /> >with password ngc0bqi rlm_pap: Using clear text password.
rlm_pap: User<br /> >authenticated successfully ++[pap] returns ok +- group PAP
returns<br /> >ok Processing the post-auth section of radiusd.conf +-
entering<br /> >group post-auth rlm_sql (sql): Processing sql_postauth rlm_sql
(sql):<br /> >sql_set_user escaped user --> 'test-pap' radius_xlat: 'INSERT
into<br /> >radpostauth (id, user, pass, reply, date) values ('', 'test-pap',
'ngc0bqi',<br /> >'Access-Accept', '2008-01-15 20:33:58')' rlm_sql (sql) in
sql_postauth: query<br /> >is INSERT into radpostauth (id, user, pass, reply,
date) values ('', 'test-pap',<br /> >'pw123', 'Access-Accept', '2008-01-15
20:33:58') rlm_sql (sql): Reserving sql<br /> >socket id: 2 rlm_sql (sql):
Released sql socket id: 2 ++[sql] returns<br /> >ok +- group post-auth returns
ok Sending Access-Accept of id 163 to<br /> >7.7.7.1 port 32790
############# Here is<br /> >when radius server send "items reply" to
radiusclient<br /> >################# Upstream-Speed >800
######## attribute in<br /> >radreply ######## Downstream-Speed<br />
>= 800 ###### attribute in radreply ######## Finished<br /> >request 0
state 5 Going to the next request rad_recv:<br /> >Accounting-Request packet
from host 7.7.7.1 port 32790, id=164, length=101<br /> > Acct-Session-Id
>"478D34D61E1F00" <br /> >User-Name = "test-pap"
<br /> >Acct-Status-Type = Start <br /> >Service-Type =
Framed-User <br /> >Framed-Protocol = PPP <br />
>Acct-Authentic = RADIUS <br /> >NAS-Port-Type = Virtual <br />
>Framed-IP-Address = 7.7.7.123 <br /> >NAS-IP-Address = 7.7.7.1
NAS-Port<br /> >= 0 Acct-Delay-Time = 0<br /> > Processing the
preacct section of radiusd.conf +- entering group<br /> >preacct ++[preprocess]
returns ok rlm_acct_unique: Hashing 'NAS-Port >0,Framed-IP-Address =
7.7.7.123,NAS-IP-Address = 7.7.7.1,Acct-Session-Id
>"478D34D61E1F00",User-Name = "test-pap"'
rlm_acct_unique:<br /> >Acct-Unique-Session-ID = "a5e052f9f07c2f6f".
++[acct_unique]<br /> >returns ok +- group preacct returns ok Processing the
accounting<br /> >section of radiusd.conf +- entering group accounting
radius_xlat: <br /> >'/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115'
rlm_detail:<br />
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to<br /> >/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115 radius_xlat:
<br /> >'Tue Jan 15 20:33:58 2008' ++[detail] returns ok radius_xlat: <br />
>'/usr/local/var/log/radius/radutmp' radius_xlat: 'test-pap'<br />
>++[radutmp] returns ok radius_xlat: 'test-pap' rlm_sql (sql):<br />
>sql_set_user escaped user --> 'test-pap' radius_xlat: 'INSERT into<br />
>radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId,<br /> >NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctAuthentic,<br /> >ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets,<br /> >CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol,<br /> >FramedIPAddress, AcctStartDelay,
AcctStopDelay) values('478D34D61E1F00',<br /> >'a5e052f9f07c2f6f', 'test-pap',
'', '7.7.7.1', '0', 'Virtual', '2008-01-15<br /> >20:33:58', '0', '0', 'RADIUS',
'', '', '0', '0', '', '', '', 'Framed-User', 'PPP',<br /> >'7.7.7.123', '0',
'0')' rlm_sql (sql): Reserving sql socket id: 1<br /> >rlm_sql (sql): Released
sql socket id: 1 ++[sql] returns ok<br /> >radius_xlat: 'test-pap'
attr_filter: Matched entry DEFAULT at<br /> >line 12
++[attr_filter.accounting_response] returns updated +- group<br /> >accounting
returns updated Sending Accounting-Response of id 164 to 7.7.7.1<br /> >port
32790 Finished request 1 state 6 Going to the next request<br /> >Cleaning up
request 1 ID 164 with timestamp +15 Waking up in 4 seconds... Cleaning up request 0
ID 163 with timestamp +15 Nothing to do. <br /> >Sleeping until we see a
request. ################################ <br /> >In freeradius documentation
say (http://wiki.freeradius.org/Rlm_sql):<br /> >Search the radcheck table for
any check attributes specific to the user<br /> >If check attributes are found,
and there's a match, pull the reply items<br /> >from the radreply table for
this user and add them to the reply Group<br /> >processing then begins if any
of the following conditions are met: The user<br /> >IS NOT found in radcheck
The user IS found in radcheck, but the check<br /> >items don't match The user
IS found in radcheck, the check items DO match<br /> >AND Fall-Through is set in
the radreply table The user IS found in<br /> >radcheck, the check items DO
match AND the read_groups<br /> >directive is set to 'yes' If groups are to be
processed for<br /> >this user, the first thing that is done is the list of
groups this user is a member<br /> >of is pulled from the usergroup table
ordered by the priority field. The priority<br /> >field of the usergroup table
allows us to control the order in which groups are<br /> >processed, so that we
can emulate the ordering in the users file. <br /> >################### My case
matches with last condition, the user is<br /> >found in radcheck, the check
items DO match AND the read_groups directive is set to<br /> >'yes'. But... I've
testing the read_groups and it don't work. I made an invalid<br /> >directive
and it is ignored by radiusd, it's not appers in debug log. read_groups<br />
>don't too. I have testing the Fall-Through in radreply and it work, but<br />
>don't load the radgroupreply table. I need this table, because its attributes
are<br /> >replied to radiusclient, and my scripts in NAS side can work it.
Note: In<br /> >freeradius 1.3 don't have read_groups directive, but all tables
are loaded.<br />
>--------------------------------------------------------------------------------
OK, can we see database entries for a user (and group he belongs to) and<br />
>the debug of the access request? Or should I get my crystal ball back from<br
/> >the polisher? Ivan Kalik Kalik Informatika ISP Dana 15/1/2008,
"Arlinelson Fernandes dos Santos" pi¹e:<br /> > >Yes! I did.
And I put attributes into all tables ckeck and reply.<br />
>--------------------------------------------------------------------------------<br
/> >Did you put something in usergroup table to link users and groups? <br />
><br /> ><br /> ><br />
>------------------------------------------------------------------------------------------------------<br
/> >Acelerador POP<br /> >Acelere a sua conexão discada em até
19 x. Use o Acelerador POP. É grátis, pegue já o seu.<br />
>http://www.pop.com.br/acelerador<br /> ><br /> ><br /> <br /> -<br />
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br
/> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /></p>
<br>------------------------------------------------------------------------------------------------------<br>
<b>Acelerador POP</b><br>
Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu.<br>
http://www.pop.com.br/acelerador