<div dir="ltr"><div><div><div><div><span style="font-family:arial,helvetica,sans-serif">Hello everyone<br><br></span></div><span style="font-family:arial,helvetica,sans-serif">I am still testing ippool-dhcp and after updating to the latest git HEAD I have come across a new issue. For some reason I am seeing the error "Unknown attribute" regarding the variable %{pool-key}. Here is a snippet of the debug log:<br>
<br>(0) ERROR: dhcp_sqlippool : database query error in: 'UPDATE radippool SET nasipaddress = 'this sql statement' WHERE nasipaddress = 'is not in use''<br>(0) ERROR: dhcp_sqlippool : SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < current_timestamp AND rownum <= 1 ORDER BY CASE WHEN pool_key = '%{pool-key}' THEN 0 ELSE 1 END, expiry_time FOR UPDATE<br>
(0) ERROR: dhcp_sqlippool : ^ Unknown attribute<br><br>
</span></div>In file mods-enabled/dhcp_sqlippool I have the following configuration:<br><br> # Client's MAC address is mapped to Calling-Station-Id in policy.conf<br> pool-key = "%{DHCP-Client-Hardware-Address}"<br>
<br></div>I would be grateful for any help in solving this. It was working before but I made the mistake of chnging my configuration and upgrading FreeRADIUS at the same time so I am not sure where the problem lies. Here is the full debug output :-<br>
<br>root@xxxx:~# /usr/local/sbin/radiusd -X<br>radiusd: FreeRADIUS Version 3.0.0 (git #e6495d1), for host x86_64-unknown-linux-gnu, built on Jun 9 2013 at 13:41:15<br>Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.<br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A<br>PARTICULAR PURPOSE.<br>You may redistribute copies of FreeRADIUS under the terms of the<br>GNU General Public License.<br>For more information about these matters, see the file named COPYRIGHT.<br>
Starting - reading configuration files ...<br>including dictionary file /usr/local/etc/raddb/dictionary<br>including configuration file /usr/local/etc/raddb/radiusd.conf<br>including configuration file /usr/local/etc/raddb/proxy.conf<br>
including configuration file /usr/local/etc/raddb/clients.conf<br>including files in directory /usr/local/etc/raddb/mods-enabled/<br>including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter<br>including configuration file /usr/local/etc/raddb/mods-enabled/dhcp_sqlippool<br>
including configuration file /usr/local/etc/raddb/sql/ippool-dhcp/oracle/queries.conf<br>including configuration file /usr/local/etc/raddb/mods-enabled/linelog<br>including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp<br>
including configuration file /usr/local/etc/raddb/mods-enabled/detail<br>including configuration file /usr/local/etc/raddb/mods-enabled/mschap<br>including configuration file /usr/local/etc/raddb/mods-enabled/expiration<br>
including configuration file /usr/local/etc/raddb/mods-enabled/always<br>including configuration file /usr/local/etc/raddb/mods-enabled/passwd<br>including configuration file /usr/local/etc/raddb/mods-enabled/logintime<br>
including configuration file /usr/local/etc/raddb/mods-enabled/pap<br>including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth<br>including configuration file /usr/local/etc/raddb/mods-enabled/echo<br>including configuration file /usr/local/etc/raddb/mods-enabled/utf8<br>
including configuration file /usr/local/etc/raddb/mods-enabled/files<br>including configuration file /usr/local/etc/raddb/mods-enabled/unix<br>including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap<br>including configuration file /usr/local/etc/raddb/mods-enabled/chap<br>
including configuration file /usr/local/etc/raddb/mods-enabled/realm<br>including configuration file /usr/local/etc/raddb/mods-enabled/replicate<br>including configuration file /usr/local/etc/raddb/mods-enabled/preprocess<br>
including configuration file /usr/local/etc/raddb/mods-enabled/radutmp<br>including configuration file /usr/local/etc/raddb/mods-enabled/eap<br>including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients<br>
including configuration file /usr/local/etc/raddb/mods-enabled/soh<br>including configuration file /usr/local/etc/raddb/mods-enabled/expr<br>including configuration file /usr/local/etc/raddb/mods-enabled/detail.log<br>including configuration file /usr/local/etc/raddb/mods-enabled/dhcp<br>
including configuration file /usr/local/etc/raddb/mods-enabled/sql<br>including configuration file /usr/local/etc/raddb/mods-enabled/../sql/main/oracle/queries.conf<br>including configuration file /usr/local/etc/raddb/mods-enabled/digest<br>
including configuration file /usr/local/etc/raddb/mods-enabled/exec<br>including files in directory /usr/local/etc/raddb/policy.d/<br>including configuration file /usr/local/etc/raddb/policy.d/control<br>including configuration file /usr/local/etc/raddb/policy.d/cui<br>
including configuration file /usr/local/etc/raddb/policy.d/accounting<br>including configuration file /usr/local/etc/raddb/policy.d/operator-name<br>including configuration file /usr/local/etc/raddb/policy.d/eap<br>including configuration file /usr/local/etc/raddb/policy.d/canonicalization<br>
including configuration file /usr/local/etc/raddb/policy.d/dhcp<br>including configuration file /usr/local/etc/raddb/policy.d/filter<br>including files in directory /usr/local/etc/raddb/sites-enabled/<br>including configuration file /usr/local/etc/raddb/sites-enabled/dhcp<br>
main {<br>security {<br> allow_core_dumps = no<br>}<br>}<br>main {<br> name = "radiusd"<br> prefix = "/usr/local"<br> localstatedir = "/usr/local/var"<br> sbindir = "/usr/local/sbin"<br>
logdir = "/usr/local/var/log/radius"<br> run_dir = "/usr/local/var/run/radiusd"<br> libdir = "/usr/local/lib"<br> radacctdir = "/usr/local/var/log/radius/radacct"<br> hostname_lookups = no<br>
max_request_time = 30<br> cleanup_delay = 5<br> max_requests = 1024<br> pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<br> checkrad = "/usr/local/sbin/checkrad"<br> debug_level = 0<br>
proxy_requests = yes<br>log {<br> stripped_names = no<br> auth = no<br> auth_badpass = no<br> auth_goodpass = no<br> colourise = yes<br>}<br>security {<br> max_attributes = 200<br> reject_delay = 1<br>
status_server = yes<br>}<br>}<br>radiusd: #### Loading Realms and Home Servers ####<br>proxy server {<br> retry_delay = 5<br> retry_count = 3<br> default_fallback = no<br> dead_time = 120<br> wake_all_if_all_dead = no<br>
}<br>home_server localhost {<br> ipaddr = 127.0.0.1<br> port = 1812<br> type = "auth"<br> secret = "testing123"<br> response_window = 20<br> max_outstanding = 65536<br> zombie_period = 40<br>
status_check = "status-server"<br> ping_interval = 30<br> check_interval = 30<br> num_answers_to_alive = 3<br> revive_interval = 120<br> status_check_timeout = 4<br> coa {<br> irt = 2<br>
mrt = 16<br> mrc = 5<br> mrd = 30<br> }<br> limit {<br> max_connections = 16<br> max_requests = 0<br> lifetime = 0<br> idle_timeout = 0<br> }<br>}<br>home_server_pool my_auth_failover {<br>
type = fail-over<br> home_server = localhost<br>}<br>realm <a href="http://example.com">example.com</a> {<br> auth_pool = my_auth_failover<br>}<br>realm LOCAL {<br>}<br>radiusd: #### Loading Clients ####<br>
client localhost {<br> ipaddr = 127.0.0.1<br> require_message_authenticator = no<br> secret = "testing123"<br> nastype = "other"<br> proto = "*"<br> limit {<br> max_connections = 16<br>
lifetime = 0<br> idle_timeout = 30<br> }<br>}<br>radiusd: #### Instantiating modules ####<br>instantiate {<br>}<br>modules {<br> # Loaded module rlm_attr_filter<br> # Instantiating module "attr_filter.post-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter<br>
attr_filter attr_filter.post-proxy {<br> file = "/usr/local/etc/raddb/filter/post-proxy"<br> key = "%{Realm}"<br> relaxed = no<br> }<br>reading pairlist file /usr/local/etc/raddb/filter/post-proxy<br>
# Instantiating module "attr_filter.pre-proxy" from file /usr/local/etc/raddb/mods-enabled/attr_filter<br> attr_filter attr_filter.pre-proxy {<br> file = "/usr/local/etc/raddb/filter/pre-proxy"<br>
key = "%{Realm}"<br> relaxed = no<br> }<br>reading pairlist file /usr/local/etc/raddb/filter/pre-proxy<br> # Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/mods-enabled/attr_filter<br>
attr_filter attr_filter.access_reject {<br> file = "/usr/local/etc/raddb/filter/access_reject"<br> key = "%{User-Name}"<br> relaxed = no<br> }<br>reading pairlist file /usr/local/etc/raddb/filter/access_reject<br>
# Instantiating module "attr_filter.access_challenge" from file /usr/local/etc/raddb/mods-enabled/attr_filter<br> attr_filter attr_filter.access_challenge {<br> file = "/usr/local/etc/raddb/filter/access_challenge"<br>
key = "%{User-Name}"<br> relaxed = no<br> }<br>reading pairlist file /usr/local/etc/raddb/filter/access_challenge<br> # Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/mods-enabled/attr_filter<br>
attr_filter attr_filter.accounting_response {<br> file = "/usr/local/etc/raddb/filter/accounting_response"<br> key = "%{User-Name}"<br> relaxed = no<br> }<br>reading pairlist file /usr/local/etc/raddb/filter/accounting_response<br>
# Loaded module rlm_sqlippool<br> # Instantiating module "dhcp_sqlippool" from file /usr/local/etc/raddb/mods-enabled/dhcp_sqlippool<br> sqlippool dhcp_sqlippool {<br> sql-instance-name = "sql"<br>
lease-duration = 7200<br> pool-name = ""<br> defaultpool = "main_pool"<br> allocate-begin = ""<br> allocate-clear = "UPDATE radippool SET nasipaddress = 'this sql statement' WHERE nasipaddress = 'is not in use'"<br>
allocate-find = "SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < current_timestamp AND rownum <= 1 ORDER BY CASE WHEN pool_key = '%{pool-key}' THEN 0 ELSE 1 END, expiry_time FOR UPDATE"<br>
allocate-update = "UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{DHCP-Client-Hardware-Address}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = current_timestamp + INTERVAL '7200' SECOND(1) WHERE framedipaddress = '%I' AND pool_name = '%{control:Pool-Name}'"<br>
allocate-commit = "COMMIT"<br> pool-check = "SELECT id FROM (SELECT id FROM radippool WHERE pool_name = '%{control:Pool-Name}') WHERE ROWNUM = 1"<br> start-begin = ""<br>
start-update = "UPDATE radippool SET expiry_time = current_timestamp + INTERVAL '7200' SECOND(1) WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '%{DHCP-Client-Hardware-Address}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}'"<br>
start-commit = "COMMIT"<br> alive-begin = ""<br> alive-update = "UPDATE radippool SET expiry_time = current_timestamp + INTERVAL '7200' SECOND(1) WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{DHCP-Client-Hardware-Address}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' AND pool_name = '%{control:Pool-Name}'"<br>
alive-commit = "COMMIT"<br> stop-begin = ""<br> stop-clear = "UPDATE radippool SET nasipaddress = '', pool_key = '0', callingstationid = '', username = '', expiry_time = current_timestamp - INTERVAL '1' second(1) WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{DHCP-Client-Hardware-Address}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}'"<br>
stop-commit = "COMMIT"<br> on-begin = ""<br> on-clear = "UPDATE radippool SET nasipaddress = '', pool_key = '0', callingstationid = '', username = '', expiry_time = current_timestamp - INTERVAL '1' second(1) WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_name = '%{control:Pool-Name}'"<br>
on-commit = "COMMIT"<br> off-begin = ""<br> off-clear = "UPDATE radippool SET nasipaddress = '', pool_key = '0', callingstationid = '', username = '', expiry_time = current_timestamp - INTERVAL '1' second(1) WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_name = '%{control:Pool-Name}'"<br>
off-commit = "COMMIT"<br> messages {<br> }<br> }<br> # Loaded module rlm_sql<br> # Instantiating module "sql" from file /usr/local/etc/raddb/mods-enabled/sql<br> sql {<br> driver = "rlm_sql_oracle"<br>
server = "localhost"<br> port = "1521"<br> login = "xxxxxx"<br> password = "xxxxxx"<br> radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=xxxxxx)))"<br>
read_groups = yes<br> readclients = no<br> deletestalesessions = yes<br> sql_user_name = "%{User-Name}"<br> default_user_profile = ""<br> nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"<br>
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"<br> authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"<br>
authorize_group_check_query = "SELECT <a href="http://radgroupcheck.id">radgroupcheck.id</a>,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,radusergroup WHERE radusergroup.Username = '%{SQL-User-Name}' AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY <a href="http://radgroupcheck.id">radgroupcheck.id</a>"<br>
authorize_group_reply_query = "SELECT <a href="http://radgroupreply.id">radgroupreply.id</a>,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,radusergroup WHERE radusergroup.Username = '%{SQL-User-Name}' AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY <a href="http://radgroupreply.id">radgroupreply.id</a>"<br>
group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}'"<br> simul_count_query = ""<br> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"<br>
safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"<br> }<br> accounting {<br> reference = "%{tolower:type.%{Acct-Status-Type}.query}"<br> }<br> post-auth {<br>
reference = ".query"<br> }<br>rlm_sql (sql): Driver rlm_sql_oracle (module rlm_sql_oracle) loaded and linked<br>rlm_sql (sql): Attempting to connect to database "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=xxxxxx)))"<br>
rlm_sql (sql): Initialising connection pool<br> pool {<br> start = 2<br> min = 1<br> max = 2<br> spare = 1<br> uses = 0<br> lifetime = 0<br> cleanup_delay = 5<br> idle_timeout = 60<br>
spread = no<br> }<br>rlm_sql (sql): Opening additional connection (0)<br>rlm_sql (sql): Opening additional connection (1)<br> # Loaded module rlm_linelog<br> # Instantiating module "linelog" from file /usr/local/etc/raddb/mods-enabled/linelog<br>
linelog {<br> filename = "/usr/local/var/log/radius/linelog"<br> permissions = 384<br> format = "This is a log message for %{User-Name}"<br> reference = "%{%{Packet-Type}:-format}"<br>
}<br> # Loaded module rlm_radutmp<br> # Instantiating module "sradutmp" from file /usr/local/etc/raddb/mods-enabled/sradutmp<br> radutmp sradutmp {<br> filename = "/usr/local/var/log/radius/sradutmp"<br>
username = "%{User-Name}"<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 420<br> callerid = no<br> }<br> # Loaded module rlm_detail<br> # Instantiating module "detail" from file /usr/local/etc/raddb/mods-enabled/detail<br>
detail {<br> detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"<br> header = "%t"<br> detailperm = 384<br> dirperm = 493<br>
locking = no<br> log_packet_header = no<br> }<br> # Loaded module rlm_mschap<br> # Instantiating module "mschap" from file /usr/local/etc/raddb/mods-enabled/mschap<br> mschap {<br> use_mppe = yes<br>
require_encryption = no<br> require_strong = no<br> with_ntdomain_hack = yes<br> passchange {<br> }<br> allow_retry = yes<br> }<br> # Loaded module rlm_expiration<br> # Instantiating module "expiration" from file /usr/local/etc/raddb/mods-enabled/expiration<br>
expiration {<br> reply-message = "Password Has Expired "<br> }<br> # Loaded module rlm_always<br> # Instantiating module "fail" from file /usr/local/etc/raddb/mods-enabled/always<br> always fail {<br>
rcode = "fail"<br> simulcount = 0<br> mpp = no<br> }<br> # Instantiating module "reject" from file /usr/local/etc/raddb/mods-enabled/always<br> always reject {<br> rcode = "reject"<br>
simulcount = 0<br> mpp = no<br> }<br> # Instantiating module "noop" from file /usr/local/etc/raddb/mods-enabled/always<br> always noop {<br> rcode = "noop"<br> simulcount = 0<br>
mpp = no<br> }<br> # Instantiating module "handled" from file /usr/local/etc/raddb/mods-enabled/always<br> always handled {<br> rcode = "handled"<br> simulcount = 0<br> mpp = no<br>
}<br> # Instantiating module "updated" from file /usr/local/etc/raddb/mods-enabled/always<br> always updated {<br> rcode = "updated"<br> simulcount = 0<br> mpp = no<br> }<br> # Instantiating module "notfound" from file /usr/local/etc/raddb/mods-enabled/always<br>
always notfound {<br> rcode = "notfound"<br> simulcount = 0<br> mpp = no<br> }<br> # Instantiating module "ok" from file /usr/local/etc/raddb/mods-enabled/always<br> always ok {<br>
rcode = "ok"<br> simulcount = 0<br> mpp = no<br> }<br> # Loaded module rlm_passwd<br> # Instantiating module "etc_passwd" from file /usr/local/etc/raddb/mods-enabled/passwd<br> passwd etc_passwd {<br>
filename = "/etc/passwd"<br> format = "*User-Name:Crypt-Password:"<br> delimiter = ":"<br> ignorenislike = no<br> ignoreempty = yes<br> allowmultiplekeys = no<br>
hashsize = 100<br> }<br>rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no<br> # Loaded module rlm_logintime<br> # Instantiating module "logintime" from file /usr/local/etc/raddb/mods-enabled/logintime<br>
logintime {<br> minimum-timeout = 60<br> }<br> # Loaded module rlm_pap<br> # Instantiating module "pap" from file /usr/local/etc/raddb/mods-enabled/pap<br> pap {<br> auto_header = no<br> }<br> # Loaded module rlm_exec<br>
# Instantiating module "ntlm_auth" from file /usr/local/etc/raddb/mods-enabled/ntlm_auth<br> exec ntlm_auth {<br> wait = yes<br> program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"<br>
input_pairs = "request"<br> shell_escape = yes<br> }<br> # Instantiating module "echo" from file /usr/local/etc/raddb/mods-enabled/echo<br> exec echo {<br> wait = yes<br> program = "/bin/echo %{User-Name}"<br>
input_pairs = "request"<br> output_pairs = "reply"<br> shell_escape = yes<br> }<br> # Loaded module rlm_utf8<br> # Instantiating module "utf8" from file /usr/local/etc/raddb/mods-enabled/utf8<br>
# Loaded module rlm_files<br> # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/files<br> files {<br> usersfile = "/usr/local/etc/raddb/users"<br> acctusersfile = "/usr/local/etc/raddb/acct_users"<br>
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"<br> compat = "no"<br> }<br>reading pairlist file /usr/local/etc/raddb/users<br>reading pairlist file /usr/local/etc/raddb/acct_users<br>
reading pairlist file /usr/local/etc/raddb/preproxy_users<br> # Loaded module rlm_unix<br> # Instantiating module "unix" from file /usr/local/etc/raddb/mods-enabled/unix<br> unix {<br> radwtmp = "/usr/local/var/log/radius/radwtmp"<br>
}<br> # Loaded module rlm_cache<br> # Instantiating module "cache_eap" from file /usr/local/etc/raddb/mods-enabled/cache_eap<br> cache cache_eap {<br> key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"<br>
ttl = 15<br> max_entries = 16384<br> epoch = 0<br> add_stats = no<br> }<br> # Loaded module rlm_chap<br> # Instantiating module "chap" from file /usr/local/etc/raddb/mods-enabled/chap<br>
# Loaded module rlm_realm<br> # Instantiating module "IPASS" from file /usr/local/etc/raddb/mods-enabled/realm<br> realm IPASS {<br> format = "prefix"<br> delimiter = "/"<br> ignore_default = no<br>
ignore_null = no<br> }<br> # Instantiating module "suffix" from file /usr/local/etc/raddb/mods-enabled/realm<br> realm suffix {<br> format = "suffix"<br> delimiter = "@"<br>
ignore_default = no<br> ignore_null = no<br> }<br> # Instantiating module "realmpercent" from file /usr/local/etc/raddb/mods-enabled/realm<br> realm realmpercent {<br> format = "suffix"<br>
delimiter = "%"<br> ignore_default = no<br> ignore_null = no<br> }<br> # Instantiating module "ntdomain" from file /usr/local/etc/raddb/mods-enabled/realm<br> realm ntdomain {<br> format = "prefix"<br>
delimiter = "\"<br> ignore_default = no<br> ignore_null = no<br> }<br> # Loaded module rlm_replicate<br> # Instantiating module "replicate" from file /usr/local/etc/raddb/mods-enabled/replicate<br>
# Loaded module rlm_preprocess<br> # Instantiating module "preprocess" from file /usr/local/etc/raddb/mods-enabled/preprocess<br> preprocess {<br> huntgroups = "/usr/local/etc/raddb/huntgroups"<br>
hints = "/usr/local/etc/raddb/hints"<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack = no<br> with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br> }<br>reading pairlist file /usr/local/etc/raddb/huntgroups<br>reading pairlist file /usr/local/etc/raddb/hints<br> # Instantiating module "radutmp" from file /usr/local/etc/raddb/mods-enabled/radutmp<br>
radutmp {<br> filename = "/usr/local/var/log/radius/radutmp"<br> username = "%{User-Name}"<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 384<br> callerid = yes<br>
}<br> # Loaded module rlm_eap<br> # Instantiating module "eap" from file /usr/local/etc/raddb/mods-enabled/eap<br> eap {<br> default_eap_type = "md5"<br> timer_expire = 60<br> ignore_unknown_eap_types = no<br>
mod_accounting_username_bug = no<br> max_sessions = 4096<br> }<br> # Linked to sub-module rlm_eap_md5<br> # Linked to sub-module rlm_eap_leap<br> # Linked to sub-module rlm_eap_gtc<br> gtc {<br> challenge = "Password: "<br>
auth_type = "PAP"<br> }<br> # Linked to sub-module rlm_eap_tls<br> tls {<br> tls = "tls-common"<br> }<br> tls-config tls-common {<br> rsa_key_exchange = no<br> dh_key_exchange = yes<br>
rsa_key_length = 512<br> dh_key_length = 512<br> verify_depth = 0<br> CA_path = "/usr/local/etc/raddb/certs"<br> pem_file_type = yes<br> private_key_file = "/usr/local/etc/raddb/certs/server.pem"<br>
certificate_file = "/usr/local/etc/raddb/certs/server.pem"<br> CA_file = "/usr/local/etc/raddb/certs/ca.pem"<br> private_key_password = "whatever"<br> dh_file = "/usr/local/etc/raddb/certs/dh"<br>
fragment_size = 1024<br> include_length = yes<br> check_crl = no<br> cipher_list = "DEFAULT"<br> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"<br> ecdh_curve = "prime256v1"<br>
cache {<br> enable = yes<br> lifetime = 24<br> max_entries = 255<br> }<br> verify {<br> }<br> ocsp {<br> enable = no<br> override_cert_url = yes<br> url = "<a href="http://127.0.0.1/ocsp/">http://127.0.0.1/ocsp/</a>"<br>
use_nonce = yes<br> timeout = 0<br> softfail = yes<br> }<br> }<br> # Linked to sub-module rlm_eap_ttls<br> ttls {<br> tls = "tls-common"<br> default_eap_type = "md5"<br>
copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> virtual_server = "inner-tunnel"<br> include_length = yes<br> require_client_cert = no<br> }<br>Using cached TLS configuration from previous invocation<br>
# Linked to sub-module rlm_eap_peap<br> peap {<br> tls = "tls-common"<br> default_method = "mschapv2"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> proxy_tunneled_request_as_eap = yes<br>
virtual_server = "inner-tunnel"<br> soh = no<br> require_client_cert = no<br> }<br>Using cached TLS configuration from previous invocation<br> # Linked to sub-module rlm_eap_mschapv2<br> mschapv2 {<br>
with_ntdomain_hack = no<br> send_error = no<br> }<br> # Loaded module rlm_dynamic_clients<br> # Instantiating module "dynamic_clients" from file /usr/local/etc/raddb/mods-enabled/dynamic_clients<br>
# Loaded module rlm_soh<br> # Instantiating module "soh" from file /usr/local/etc/raddb/mods-enabled/soh<br> soh {<br> dhcp = yes<br> }<br> # Loaded module rlm_expr<br> # Instantiating module "expr" from file /usr/local/etc/raddb/mods-enabled/expr<br>
expr {<br> safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"<br> }<br> # Instantiating module "auth_log" from file /usr/local/etc/raddb/mods-enabled/detail.log<br>
detail auth_log {<br> detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"<br> header = "%t"<br> detailperm = 384<br>
dirperm = 493<br> locking = no<br> log_packet_header = no<br> }<br> # Instantiating module "reply_log" from file /usr/local/etc/raddb/mods-enabled/detail.log<br> detail reply_log {<br> detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"<br>
header = "%t"<br> detailperm = 384<br> dirperm = 493<br> locking = no<br> log_packet_header = no<br> }<br> # Instantiating module "pre_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log<br>
detail pre_proxy_log {<br> detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"<br> header = "%t"<br> detailperm = 384<br>
dirperm = 493<br> locking = no<br> log_packet_header = no<br> }<br> # Instantiating module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/detail.log<br> detail post_proxy_log {<br>
detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"<br> header = "%t"<br> detailperm = 384<br> dirperm = 493<br>
locking = no<br> log_packet_header = no<br> }<br> # Loaded module rlm_dhcp<br> # Instantiating module "dhcp" from file /usr/local/etc/raddb/mods-enabled/dhcp<br> # Loaded module rlm_digest<br> # Instantiating module "digest" from file /usr/local/etc/raddb/mods-enabled/digest<br>
# Instantiating module "exec" from file /usr/local/etc/raddb/mods-enabled/exec<br> exec {<br> wait = no<br> input_pairs = "request"<br> shell_escape = yes<br> }<br>} # modules<br>radiusd: #### Loading Virtual Servers ####<br>
server { # from file /usr/local/etc/raddb/radiusd.conf<br>} # server<br>server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp<br>Module: Checking dhcp DHCP-Discover {...} for more modules to load<br># Loading virtual module dhcp_sqlippool<br>
Module: Checking dhcp DHCP-Request {...} for more modules to load<br># Loading virtual module dhcp_sqlippool<br>Module: Checking dhcp (null) {...} for more modules to load<br>/usr/local/etc/raddb/sites-enabled/dhcp[112]: No name specified for Post-Auth-Type block<br>
} # server<br>radiusd: #### Opening IP addresses and Ports ####<br>listen {<br> type = "dhcp"<br> ipaddr = 127.0.0.1<br> port = 67<br>}<br>Listening on dhcp interface lo address 127.0.0.1 port 67 as server dhcp<br>
Opening new proxy address * port 0<br>Listening on proxy address * port 52846<br>Ready to process requests.<br><br>Received DHCP-Request of id 3d6ab451 from <a href="http://127.0.0.1:68">127.0.0.1:68</a> to <a href="http://127.0.0.1:67">127.0.0.1:67</a><br>
DHCP-Opcode = Client-Message<br> DHCP-Hardware-Type = Ethernet<br> DHCP-Hardware-Address-Length = 6<br> DHCP-Hop-Count = 0<br> DHCP-Transaction-Id = 1030403153<br> DHCP-Number-of-Seconds = 0<br> DHCP-Flags = 0<br>
DHCP-Client-IP-Address = 127.0.0.1<br> DHCP-Your-IP-Address = 0.0.0.0<br> DHCP-Server-IP-Address = 0.0.0.0<br> DHCP-Gateway-IP-Address = 0.0.0.0<br> DHCP-Client-Hardware-Address = c0:ff:ee:c0:ff:ee<br> DHCP-Message-Type += DHCP-Request<br>
Trying sub-section dhcp DHCP-Request {...}<br>(0) group DHCP-Request {<br>(0) - entering group DHCP-Request {...}<br>(0) update reply {<br>(0) DHCP-Message-Type = DHCP-Ack<br>(0) } # update reply = noop<br>
(0) update reply {<br>(0) DHCP-Domain-Name-Server = 8.8.8.8<br>(0) DHCP-Domain-Name-Server = 8.8.4.4<br>(0) DHCP-Subnet-Mask = 255.255.255.0<br>(0) DHCP-Router-Address = 127.0.0.1<br>(0) DHCP-IP-Address-Lease-Time = 300<br>
(0) DHCP-DHCP-Server-Identifier = 127.0.0.1<br>(0) } # update reply = noop<br>(0) update control {<br>(0) Pool-Name := "test_ip_pool"<br>(0) } # update control = noop<br>(0) policy dhcp_sqlippool.post-auth {<br>
(0) - entering policy dhcp_sqlippool.post-auth {...}<br>(0) update request {<br>(0) expand: 'DHCP-%{DHCP-Client-Hardware-Address}' -> 'DHCP-c0:ff:ee:c0:ff:ee'<br>(0) User-Name = "DHCP-c0:ff:ee:c0:ff:ee"<br>
(0) expand: '%{DHCP-Client-Hardware-Address}' -> 'c0:ff:ee:c0:ff:ee'<br>(0) Calling-Station-Id = "c0:ff:ee:c0:ff:ee"<br>(0) expand: '%{%{DHCP-Gateway-IP-Address}:-127.0.0.1}' -> '0.0.0.0'<br>
(0) NAS-IP-Address = 0.0.0.0<br>(0) Acct-Status-Type = Start<br>(0) } # update request = noop<br>rlm_sql (sql): Reserved connection (1)<br>(0) dhcp_sqlippool : expand: '%{User-Name}' -> 'DHCP-c0:ff:ee:c0:ff:ee'<br>
(0) dhcp_sqlippool : SQL-User-Name updated<br>(0) dhcp_sqlippool : expand: 'UPDATE radippool SET nasipaddress = 'this sql statement' WHERE nasipaddress = 'is not in use'' -> 'UPDATE radippool SET nasipaddress = 'this sql statement' WHERE nasipaddress = 'is not in use''<br>
rlm_sql (sql): Executing query: 'UPDATE radippool SET nasipaddress = 'this sql statement' WHERE nasipaddress = 'is not in use''<br>(0) ERROR: dhcp_sqlippool : database query error in: 'UPDATE radippool SET nasipaddress = 'this sql statement' WHERE nasipaddress = 'is not in use''<br>
(0) ERROR: dhcp_sqlippool : SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < current_timestamp AND rownum <= 1 ORDER BY CASE WHEN pool_key = '%{pool-key}' THEN 0 ELSE 1 END, expiry_time FOR UPDATE<br>
(0) ERROR: dhcp_sqlippool : ^ Unknown attribute<br>(0) dhcp_sqlippool : expand: 'COMMIT' -> 'COMMIT'<br>
rlm_sql (sql): Executing query: 'COMMIT'<br>(0) ERROR: dhcp_sqlippool : database query error in: 'COMMIT'<br>(0) dhcp_sqlippool : expand: 'SELECT id FROM (SELECT id FROM radippool WHERE pool_name = '%{control:Pool-Name}') WHERE ROWNUM = 1' -> 'SELECT id FROM (SELECT id FROM radippool WHERE pool_name = 'test_ip_pool') WHERE ROWNUM = 1'<br>
rlm_sql (sql): Executing query: 'SELECT id FROM (SELECT id FROM radippool WHERE pool_name = 'test_ip_pool') WHERE ROWNUM = 1'<br>rlm_sql (sql): Released connection (1)<br>rlm_sql (sql): Closing connection (0): Too many free connections (2 > 1)<br>
(0) dhcp_sqlippool : pool appears to be full<br>(0) [dhcp_sqlippool] = notfound<br>(0) ? if (ok) <br>(0) ? if (ok) -> FALSE<br>(0) - policy dhcp_sqlippool.post-auth returns notfound<br>(0) [ok] = ok<br>(0) DHCP: Reply will be sent unicast to client-ip-address<br>
Sending DHCP-Ack of id 3d6ab451 to <a href="http://127.0.0.1:68">127.0.0.1:68</a><br>(0) Finished request 0.<br>Waking up in 0.3 seconds.<br>Received DHCP-Release of id 3d6ab451 from <a href="http://127.0.0.1:68">127.0.0.1:68</a> to <a href="http://127.0.0.1:67">127.0.0.1:67</a><br>
(0) Cleaning up request packet ID 1030403153 with timestamp +20<br> DHCP-Opcode = Client-Message<br> DHCP-Hardware-Type = Ethernet<br> DHCP-Hardware-Address-Length = 6<br> DHCP-Hop-Count = 0<br> DHCP-Transaction-Id = 1030403153<br>
DHCP-Number-of-Seconds = 0<br> DHCP-Flags = 0<br> DHCP-Client-IP-Address = 127.0.0.1<br> DHCP-Your-IP-Address = 0.0.0.0<br> DHCP-Server-IP-Address = 0.0.0.0<br> DHCP-Gateway-IP-Address = 0.0.0.0<br> DHCP-Client-Hardware-Address = c0:ff:ee:c0:ff:ee<br>
DHCP-Message-Type += DHCP-Release<br>Trying sub-section dhcp DHCP-Release {...}<br>(1) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.<br>(1) Finished request 1.<br>Waking up in 0.3 seconds.<br>
Waking up in 4.6 seconds.<br><br><br></div><div><br><div><br><div><br><br></div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/3/31 Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">βΕΞ τΟΝΠΣΟΞ wrote:<br>
> Firstly the ippool table for the oracle ippool schema contains various<br>
> columns which are defined as NOT NULL:<br>
<br>
</div> That is probably too strong a requirement.<br>
<div class="im"><br>
> CREATE TABLE radippool (<br>
> id INT PRIMARY KEY,<br>
> pool_name VARCHAR(30) NOT NULL,<br>
> framedipaddress VARCHAR(30) NOT NULL,<br>
> nasipaddress VARCHAR(30) NOT NULL,<br>
> pool_key INT NOT NULL,<br>
> CalledStationId VARCHAR(64),<br>
> CallingStationId VARCHAR(64) NOT NULL,<br>
> expiry_time timestamp(0) NOT NULL,<br>
> username VARCHAR(100)<br>
> );<br>
><br>
> The problem is that we also have insert and update staements which try<br>
> to insert empty strings e.g. (taken from the standard ippol<br>
> queries.conf):<br>
<br>
</div> Yes. Those queries try to clear the entries... i.e. set them to NULL.<br>
<div class="im"><br>
> As I understand it, and empty string and NULL are the same thing in<br>
> Oracle so this update statement will not work as is. I suppose we need<br>
> to change the schema and this is what i have done for testing, but I<br>
> want to understand why it is like this. I don't understand how the<br>
> standard ippool queries.conf ever worked as it is trying to insert<br>
> empty strings into NOT NULL columns.<br>
<br>
</div> I think no one ever tested it on Oracle.<br>
<div class="im"><br>
> I can create a new schema and send a patch, but I just wanted to<br>
> double check that this is the right thing to do.<br>
<br>
</div> It's the right thing to do.<br>
<span class="HOEnZb"><font color="#888888"><br>
Alan DeKok.<br>
</font></span><div class="HOEnZb"><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a></div></div></blockquote></div><br></div>