Hi!<br><br><span><span style="background-color: rgb(255, 255, 255);" title="Estou com o seguinte problema:">I'm having the following problem:
<br></span><span style="background-color: rgb(255, 255, 255);" title="Qualquer ítem que eu coloque no radgroupcheck não está sendo considerado pelo radius...">Any item that I put in radgroupcheck is not being considered by the radius ... </span><span style="background-color: rgb(255, 255, 255);" title="o radius só verifica a tabela radcheck...">the radius only checks the table radcheck ...</span></span><br>
<br>I'm using Radius 2 with mysql database.<br><br><b>nas<br></b>id: 200<br>idrevenda: 1<br>nasname: 192.168.0.10<br>shortname: rb45g<br>type: other<br>ports: 1812<br>secret: 123<br><br><b>radcheck</b><br>idrevenda: 1<br clear="all">
username: "john"<br>attribute: "user-password"<br>op: "=="<br>value: "123456"<br><br><b>radgroupcheck</b><br>idrevenda: 1<br>groupname: "office"<br>attribute: "Calling-Station-Id"<br>
op: "=="<br>value: "00:00:00:00:00:00"<br><br><b>radusergroup</b><br>idrevenda: 1<br>username: "john"<br>groupname: "office"<br>priority: 1<br><br><span id="result_box" class="medium_text"><span style="" title="">Suppose that the </span></span><span id="result_box" class="medium_text"><span style="" title="">John's </span></span><span id="result_box" class="medium_text"><span style="" title="">MAC Address is 00:a2:bf:66:dd:ff ... </span><span style="" title="">the radius should not allow the access...</span></span><br>
<br><span style="font-family: courier new,monospace;"># radtest john 123456 192.168.0.10 10 123</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Sending Access-Request of id 218 to 192.168.0.10 port 1812</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> User-Name = "john"</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> User-Password = "123456"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> NAS-IP-Address = 192.168.0.10</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> NAS-Port = 10</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">rad_recv: Access-Accept packet from host 192.168.0.10 port 1812, id=218, length=20</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">#radius -X</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">...</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">rad_recv: Access-Request packet from host 192.168.0.10 port 44307, id=218, length=56</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> User-Name = "john"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> User-Password = "123456"</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> NAS-IP-Address = 192.168.0.10</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> NAS-Port = 10</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+- entering group authorize {...}</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">++[preprocess] returns ok</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">++[chap] returns noop</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">++[mschap] returns noop</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">++[files] returns noop</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[sql] expand: %{User-Name} -> john</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">[sql] sql_set_user escaped user --> 'john'</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">rlm_sql (sql): Reserving sql socket id: 3</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">[sql] expand: SELECT <a href="http://aut.id" target="_blank">aut.id</a>, aut.username, aut.attribute, aut.value, aut.op FROM radcheck aut WHERE aut.username = '%{SQL-User-Name}' and aut.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) ORDER BY <a href="http://aut.id" target="_blank">aut.id</a> -> SELECT <a href="http://aut.id" target="_blank">aut.id</a>, aut.username, aut.attribute, aut.value, aut.op FROM radcheck aut WHERE aut.username = 'john' and aut.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '192.168.0.10' LIMIT 0,1) ORDER BY <a href="http://aut.id" target="_blank">aut.id</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">WARNING: Found User-Password == "...".</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">WARNING: Are you sure you don't mean Cleartext-Password?</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">WARNING: See "man rlm_pap" for more information.</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">[sql] User found in radcheck table</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[sql] expand: SELECT <a href="http://rp.id" target="_blank">rp.id</a>, rp.username, rp.attribute, rp.value, rp.op FROM radreply rp WHERE rp.username = '%{SQL-User-Name}' and rp.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) ORDER BY <a href="http://rp.id" target="_blank">rp.id</a> -> SELECT <a href="http://rp.id" target="_blank">rp.id</a>, rp.username, rp.attribute, rp.value, rp.op FROM radreply rp WHERE rp.username = 'john' and rp.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '192.168.0.10' LIMIT 0,1) ORDER BY <a href="http://rp.id" target="_blank">rp.id</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[sql] expand: SELECT ug.groupname FROM radusergroup ug WHERE ug.username = '%{SQL-User-Name}' and ug.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) ORDER BY ug.priority -> SELECT ug.groupname FROM radusergroup ug WHERE ug.username = 'john' and ug.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '192.168.0.10' LIMIT 0,1) ORDER BY ug.priority</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[sql] expand: SELECT <a href="http://gc.id" target="_blank">gc.id</a>, gc.groupname, gc.attribute, gc.Value, gc.op FROM radgroupcheck gc WHERE gc.groupname = '%{Sql-Group}' and gc.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) ORDER BY <a href="http://gc.id" target="_blank">gc.id</a> -> SELECT <a href="http://gc.id" target="_blank">gc.id</a>, gc.groupname, gc.attribute, gc.Value, gc.op FROM radgroupcheck gc WHERE gc.groupname = '27' and gc.idrevenda = (SELECT distinct n.idrevenda FROM nas n WHERE n.nasname = '192.168.0.10' LIMIT 0,1) ORDER BY <a href="http://gc.id" target="_blank">gc.id</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">rlm_sql (sql): Released sql socket id: 3</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">++[sql] returns ok</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">++[expiration] returns noop</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">++[logintime] returns noop</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">++[pap] returns updated</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Found Auth-Type = PAP</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">!!! Replacing User-Password in config items with Cleartext-Password. !!!</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">!!! Please update your configuration so that the "known good" !!!</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">!!! clear text password is in Cleartext-Password, and not in User-Password. !!!</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+- entering group PAP {...}</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">[pap] login attempt with password "123456"</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[pap] Using clear text password "123456"</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">[pap] User authenticated successfully</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">++[pap] returns ok</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> expand: -></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Login OK: [john/123456] (from client radtest port 10)</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+- entering group post-auth {...}</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[sql] expand: %{User-Name} -> john</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">[sql] sql_set_user escaped user --> 'john'</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">[sql] expand: %{User-Password} -> 123456</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'john', '123456', 'Access-Accept', '2010-08-06 17:30:29')</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'john', '123456', 'Access-Accept', '2010-08-06 17:30:29')</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">rlm_sql (sql): Reserving sql socket id: 2</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">rlm_sql (sql): Released sql socket id: 2</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">++[sql] returns ok</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">++[exec] returns noop</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Sending Access-Accept of id 218 to 192.168.0.10 port 44307</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Finished request 0.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Going to the next request</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Waking up in 4.9 seconds.</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">Cleaning up request 0 ID 218 with timestamp +6</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">Ready to process requests.</span><br>
<br><br><b>dialup.conf:<br></b><span style="font-family: courier new,monospace;">authorize_check_query = "SELECT <a href="http://aut.id" target="_blank">aut.id</a>, aut.username, aut.attribute, aut.value, aut.op \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> FROM ${authcheck_table} aut \</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> WHERE aut.username = '%{SQL-User-Name}' \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> and aut.idrevenda = (SELECT distinct n.idrevenda FROM ${nas_table} n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> ORDER BY <a href="http://aut.id" target="_blank">aut.id</a>"</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> authorize_reply_query = "SELECT <a href="http://rp.id" target="_blank">rp.id</a>, rp.username, rp.attribute, rp.value, rp.op \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> FROM ${authreply_table} rp \</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> WHERE rp.username = '%{SQL-User-Name}' \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> and rp.idrevenda = (SELECT distinct n.idrevenda FROM ${nas_table} n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> ORDER BY <a href="http://rp.id" target="_blank">rp.id</a>"</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">group_membership_query = "SELECT ug.groupname \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> FROM ${usergroup_table} ug \</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> WHERE ug.username = '%{SQL-User-Name}' \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> and ug.idrevenda = (SELECT distinct n.idrevenda FROM ${nas_table} n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> ORDER BY ug.priority"</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> authorize_group_check_query = "SELECT <a href="http://gc.id" target="_blank">gc.id</a>, gc.groupname, gc.attribute, \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> gc.Value, gc.op \</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> FROM ${groupcheck_table} gc \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> WHERE gc.groupname = '%{Sql-Group}' \</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> and gc.idrevenda = (SELECT distinct n.idrevenda FROM ${nas_table} n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> ORDER BY <a href="http://gc.id" target="_blank">gc.id</a>"</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> authorize_group_reply_query = "SELECT <a href="http://gr.id" target="_blank">gr.id</a>, gr.groupname, gr.attribute, \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> gr.value, gr.op \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> FROM ${groupreply_table} gr \</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> WHERE gr.groupname = '%{Sql-Group}' \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> and gr.idrevenda = (SELECT distinct n.idrevenda FROM ${nas_table} n WHERE n.nasname = '%{NAS-IP-Address}' LIMIT 0,1) \</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> ORDER BY <a href="http://gr.id" target="_blank">gr.id</a>"</span><b><br><br></b><span><span title="">What can it be?<br>
<br></span><span title="">Thank's you for help!</span></span><br><br>-- <br>Erick de A. Fabbio<br>MSN/GTalk: <a href="mailto:erickfabbio@gmail.com" target="_blank">erickfabbio@gmail.com</a><br>
Skype: erickfabbio<br>