On Thu, 2010-01-07 at 11:32 +0100, Bjørn Mork wrote:
Michel Bulgado <michel@casa.co.cu> writes:
Try this way, remember the operator.
|312|test@internet.quimefa.cu|Calling-Station-Id | += | "72061490" |298|test@internet.quimefa.cu|MD5-Password | := | password |313|test@internet.quimefa.cu|Calling-Station-Id | += | "72061490"
Please read the manual. In this case, that's users(5):
Attribute += Value Always matches as a check item, and adds the current attribute with value to the list of configuration items. As a reply item, it has an identical meaning, but the attribute is added to the reply items.
This means that the 3 lines
|312|test@internet.quimefa.cu|Calling-Station-Id | += | "72061490" |298|test@internet.quimefa.cu|MD5-Password | := | password |313|test@internet.quimefa.cu|Calling-Station-Id | += | "72061490"
are identical to the single line
|298|test@internet.quimefa.cu|MD5-Password | := | password
and the user will be accepted regardless of Calling-Station-Id.
suffix] Looking up realm "internet.quimefa.cu" for User-Name = "test@internet.quimefa.cu" [suffix] No such realm "internet.quimefa.cu"
This is normal, and no problem. You may define a realm using LOCAL authentication to avoid it, but it won't change anything except remove the debug message.
sql] User test@internet.quimefa.cu not found ++[sql] returns notfound
The sql module returns notfound if the check items don't match. This is expected in this case as I explained: Two different equality tests on a single attribute will never match.
But in the end because it connects the user's which is declared in the file "users". apparently you have stated that locate the user in the database and also in this file, you must define where you will store your users and then put the phone number.
This time I used: |298|test@internet.quimefa.cu|MD5-Password | := | password |313|test@internet.quimefa.cu|Calling-Station-Id | =~ | 6480342|555555 and it still accepts the user from regardless of the phone number it's using. this is what comes up in the debug. rad_recv: Access-Request packet from host 192.168.25.10 port 17968, id=239, length=148 User-Name = "test@internet.quimefa.cu" User-Password = "password" NAS-IP-Address = 192.168.25.10 NAS-Port = 98 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "60110" Calling-Station-Id = "72061490" NAS-Identifier = "BVISTA" NAS-Port-Type = Async Connect-Info = "41333/31200 V90/V42bis/LAPM" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "internet.quimefa.cu" for User-Name = "test@internet.quimefa.cu" [suffix] No such realm "internet.quimefa.cu" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok expand: %{User-Name} -> test@internet.quimefa.cu [sql] sql_set_user escaped user --> 'test@internet.quimefa.cu' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test@internet.quimefa.cu' ORDER BY id expand: %{Calling-Station-Id} -> 72061490 [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test@internet.quimefa.cu' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'test@internet.quimefa.cu' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing MD5-Password from hex encoding ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "password" [pap] Using MD5 encryption. [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} expand: %{User-Name} -> test@internet.quimefa.cu [sql] sql_set_user escaped user --> 'test@internet.quimefa.cu' as you can see the phone number that user test is using is different from the ones I have specified in the radcheck table and it comes up with the sql module returning ok and accepts the user in. I notice that the pap module also works and returns ok, but I read that this is mandatory, otherwise no user will be accepted no matter what.