I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and Nomadix-BW-Down. They are included in the dictionary.nomadix that shipped with my installed version, 2.1.8 running on CentOS. I am using a MySQL backend and have tried adding the attributes in radgroupreply (for user group) and radreply (for user), both without success. I have tried +=, ==, and := as operators, also without success. raddiusd -X does not complain about any of these, and the user authenticates but has a full pipe for BW, rather than the designated 768/256 Down/Up. Any help would be hugely appreciated as I'm working under a deadline. Thank you, Andrew Long EscapeWire Solutions
I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and Nomadix-BW-Down. They are included in the dictionary.nomadix that shipped with my installed version, 2.1.8 running on CentOS.
I am using a MySQL backend and have tried adding the attributes in radgroupreply (for user group) and radreply (for user), both without success. I have tried +=, ==, and := as operators, also without success.
raddiusd -X does not complain about any of these, and the user authenticates but has a full pipe for BW, rather than the designated 768/256 Down/Up.
I've got this working now when assigning the attributes to a user profile (radreply), but when when passed from a group profile (radgroupreply) the attributes are not being sent. radiusd -X shows that freeradius is not performing the same queries as it does with other users/groups; the query for radgroupreply items is not being done. rad_recv: Access-Request packet from host xx.xx.xx.xx port 41155, id=155, length=51 User-Password = "password" User-Name = "memwg140412" Wed Apr 4 22:18:50 2012 : Info: +- entering group authorize {...} Wed Apr 4 22:18:50 2012 : Info: ++[preprocess] returns ok Wed Apr 4 22:18:50 2012 : Info: ++[chap] returns noop Wed Apr 4 22:18:50 2012 : Info: ++[mschap] returns noop Wed Apr 4 22:18:50 2012 : Info: [suffix] No '@' in User-Name = "memwg140412", looking up realm NULL Wed Apr 4 22:18:50 2012 : Info: [suffix] No such realm "NULL" Wed Apr 4 22:18:50 2012 : Info: ++[suffix] returns noop Wed Apr 4 22:18:50 2012 : Info: [sql] expand: %{User-Name} -> memwg140412 Wed Apr 4 22:18:50 2012 : Info: [sql] sql_set_user escaped user --> 'memwg140412' Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 1 Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'memwg140412' ORDER BY id Wed Apr 4 22:18:50 2012 : Info: [sql] User found in radcheck table Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'memwg140412' ORDER BY id Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}'ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'memwg140412' ORDER BY priority Wed Apr 4 22:18:50 2012 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'password-group' ORDER BY id Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Released sql socket id: 1 Wed Apr 4 22:18:50 2012 : Info: ++[sql] returns ok Wed Apr 4 22:18:50 2012 : Info: ++[expiration] returns noop Wed Apr 4 22:18:50 2012 : Info: ++[logintime] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[noresetcounter] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[dailycounter] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[monthlycounter] returns noop Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Entering module authorize code Wed Apr 4 22:18:50 2012 : Debug: rlm_sqlcounter: Could not find Check item value pair Wed Apr 4 22:18:50 2012 : Info: ++[daypasscounter] returns noop Wed Apr 4 22:18:50 2012 : Info: ++[pap] returns updated Wed Apr 4 22:18:50 2012 : Info: Found Auth-Type = PAP Wed Apr 4 22:18:50 2012 : Info: +- entering group PAP {...} Wed Apr 4 22:18:50 2012 : Info: [pap] login attempt with password "password" Wed Apr 4 22:18:50 2012 : Info: [pap] Using clear text password "password" Wed Apr 4 22:18:50 2012 : Info: [pap] User authenticated successfully Wed Apr 4 22:18:50 2012 : Info: ++[pap] returns ok Wed Apr 4 22:18:50 2012 : Auth: Login OK: [memwg140412] (from client wolfchase-gateway port 0) Wed Apr 4 22:18:50 2012 : Info: +- entering group post-auth {...} Wed Apr 4 22:18:50 2012 : Info: [sql] expand: %{User-Name} -> memwg140412 Wed Apr 4 22:18:50 2012 : Info: [sql] sql_set_user escaped user --> 'memwg140412' Wed Apr 4 22:18:50 2012 : Info: [sql] expand: %{User-Password} -> password Wed Apr 4 22:18:50 2012 : Info: [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}','%{%{User-Password}:-%{Chap-Password}}','%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('memwg140412', 'password', 'Access-Accept', '2012-04-04 22:18:50') Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('memwg140412','password','Access-Accept', '2012-04-04 22:18:50') Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 0 Wed Apr 4 22:18:50 2012 : Debug: rlm_sql (sql): Released sql socket id: 0 Wed Apr 4 22:18:50 2012 : Info: ++[sql] returns ok Wed Apr 4 22:18:50 2012 : Info: ++[exec] returns noop Sending Access-Accept of id 155 to xx.xx.xx.xx port 41155
So, to try and re-phrase my question at this point: Why would freeradius stop processing after radusergroup and radgroupcheck, without ever doing the query on radgroupreply to see if there are items there? The user is a member of only one group, and this is the only user/group relationship I see the failure on. SELECT * FROM radusergroup; 1046 memwg140412 wolfchase-guest-group 1 HI Wolfchase guest-account SELECT * FROM radgroupreply; 84 wolfchase-guest-group Nomadix-Bw-Down := 768 HI Wolfchase guest-group 85 wolfchase-guest-group Nomadix-Bw-Up := 256 HI Wolfchase guest-group
Andrew Long wrote:
I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and Nomadix-BW-Down. They are included in the dictionary.nomadix that shipped with my installed version, 2.1.8 running on CentOS.
OK.
I am using a MySQL backend and have tried adding the attributes in radgroupreply (for user group) and radreply (for user), both without success. I have tried +=, ==, and := as operators, also without success.
Trying random operators won't help. You need to understand the problem in order to solve it.
raddiusd -X does not complain about any of these, and the user authenticates but has a full pipe for BW, rather than the designated 768/256 Down/Up.
Did you *read* the debug output? Saying "it doesn't complain" is a start, but what's in the Access-Accept? Do you know *why* reading the Access-Accept is important?
Any help would be hugely appreciated as I'm working under a deadline.
No one here cares about your deadline. This isn't a paid support list, where you can demand a service level. Alan DeKok.
I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and Nomadix-BW-Down. They are included in the dictionary.nomadix that shipped with my installed version, 2.1.8 running on CentOS.
OK.
I am using a MySQL backend and have tried adding the attributes in radgroupreply (for user group) and radreply (for user), both without success. I have tried +=, ==, and := as operators, also without success.
Trying random operators won't help. You need to understand the problem in order to solve it.
raddiusd -X does not complain about any of these, and the user authenticates but has a full pipe for BW, rather than the designated 768/256 Down/Up.
Did you *read* the debug output? Saying "it doesn't complain" is a start, but what's in the Access-Accept? Do you know *why* reading the Access-Accept is important?
Any help would be hugely appreciated as I'm working under a deadline.
No one here cares about your deadline. This isn't a paid support list, where you can demand a service level.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan, I certainly did not mean to demand anything. I am immensely grateful for the time you and others spend to help others. I did indeed read the dubug, but did not include it yet because I felt my question might get a bit like a novel. I spent all night trying to understand this, and, since the question has changed a bit, I will start a new thread which I think contains all the relevent data.
participants (2)
-
Alan DeKok -
Andrew Long