Freeradius realms and/or user issue
I'm currently running freeradius (on v2.1.22, don't shoot me) with sql backend. I need to accept *@randombroadband.co.uk<mailto:*@randombroadband.co.uk> and send an Access Accept. I have defined the realm in proxy.conf as below: realm randombroadband.co.uk { authhost = LOCAL nostrip } in my users file I have the following: DEFAULT User-Name =~ "@randombroadband.co.uk" Auth-Type := Accept In the logs we have the following rad_recv: Access-Request packet from host a.b.c.d port 61384, id=49, length=183 User-Name = moo@randombroadband.co.uk<mailto:moo@randombroadband.co.uk> User-Password = "moo" Service-Type = Framed-User Framed-Protocol = PPP Chargeable-User-Identity = "" Acct-Session-Id = "9277500" ERX-Dhcp-Mac-Addr = "abcd.0000.0001" NAS-Identifier = "LNS1" NAS-Port = 4095 NAS-Port-Id = "-0/0/0.0" NAS-Port-Type = Ethernet ERX-Pppoe-Description = "pppoe ab:cd:00:00:00:01" NAS-IP-Address = a.b.c.d # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "randombroadband.co.uk" for User-Name = moo@randombroadband.co.uk<mailto:moo@randombroadband.co.uk> [suffix] Found realm "randombroadband.co.uk" [suffix] Adding Realm = "randombroadband.co.uk" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] expand: %{User-Name} -> moo@randombroadband.co.uk<mailto:moo@randombroadband.co.uk> [files] users: Matched entry DEFAULT at line 165 [files] expand: %{User-Name} -> moo@randombroadband.co.uk<mailto:moo@randombroadband.co.uk> ++[files] returns ok [sql] expand: %{User-Name} -> moo@randombroadband.co.uk<mailto:moo@randombroadband.co.uk> [sql] sql_set_user escaped user --> 'moo@randombroadband.co.uk' rlm_sql (sql): Reserving sql socket id: 48 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'moo@randombroadband.co.uk' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'moo@randombroadband.co.uk' ORDER BY priority rlm_sql (sql): Released sql socket id: 48 [sql] User moo@randombroadband.co.uk<mailto:moo@randombroadband.co.uk> not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. So it finds the realm and the user in the user file then seems to ignore the accept and decides to lookup the SQL table. Is there any way to get it to stop that once it gets to the accept from the users file? Thanks
On Aug 28, 2024, at 9:56 AM, Nick Ryce <nick@njryce.net> wrote:
I'm currently running freeradius (on v2.1.22, don't shoot me) with sql backend.
Yea, upgrade. Even 2.2.10 is configuration compatible with 2.1, and has a number of issues fixed.
I need to accept *@randombroadband.co.uk<mailto:*@randombroadband.co.uk> and send an Access Accept. I have defined the realm in proxy.conf as below: realm randombroadband.co.uk { authhost = LOCAL nostrip } in my users file I have the following: DEFAULT User-Name =~ "@randombroadband.co.uk" Auth-Type := Accept
If you want to set a Auth-Type, you have to put it on the first line of the entry, not the second one. The second line is for reply items. See "man users", which describes the "users" file format and how it works. Alan DeKok.
participants (2)
-
Alan DeKok -
Nick Ryce