First - sorry for my English. OpenWrt Chaos Calmer 15.05.1 freeradius 2.2.8-2 Installed: freeradius2 freeradius2-common freeradius2-democerts freeradius2-mod-chap freeradius2-mod-eap freeradius2-mod-eap-mschapv2 freeradius2-mod-eap-peap freeradius2-mod-eap-tls freeradius2-mod-eap-ttls freeradius2-mod-exec freeradius2-mod-files freeradius2-mod-mschap freeradius2-mod-pap freeradius2-mod-radutmp freeradius2-mod-realm freeradius2-utils Problem: All working, but I want use MAC-address based authentication. I append "rewrite.calling_station_id" in "authorize {" section in "/etc/freeradius2/sites/default". That i get: authorize { rewrite.calling_station_id eap { ok = return } files pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } eap } accounting { exec } session { radutmp } But I get error: Module: Checking authorize {...} for more modules to load /etc/freeradius2/sites/default[92]: Failed to find "rewrite.calling_station_id" in the "modules" section. I solve this error. In /etc/freeradius2/radiusd.conf, I uncomment: #$INCLUDE policy.conf After it I get this errors: Module: Checking authorize {...} for more modules to load Module: Loading virtual module rewrite.calling_station_id /etc/freeradius2/policy.conf[250]: Failed to find "updated" in the "modules" section. /etc/freeradius2/policy.conf[250]: Failed to parse "updated" entry. /etc/freeradius2/policy.conf[246]: Failed to parse "if" subsection. /etc/freeradius2/sites/default[69]: Errors parsing authorize section. And now I dont know what can I do. -- ilya Gafarov
Hello Everybody, Is it possible to allow access to a different POOL for users who authenticate with invalid login or password? Users who connect with correct credentials would use the POOL according to their groups, and users with login and password invalids would be directed to another POOL? I hope I was clear. Thanks Aurélio
On Apr 13, 2016, at 8:51 AM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
Is it possible to allow access to a different POOL for users who authenticate with invalid login or password?
Only for people who aren't using EAP.
Users who connect with correct credentials would use the POOL according to their groups, and users with login and password invalids would be directed to another POOL? I hope I was clear.
Sure. In the "authenticate" section, do: authenticate { ... Auth-Type pap { pap { reject = 1 } if (reject) { update control { Pool-Name := "rejected_pool" } ok } } ... } You'll have to customize it for your system, but the general idea is there. Alan DeKok.
Alan, Thanks! It works, but I can Log "Invalid Login" before delivery IP? Aurelio Em 13/04/2016 10:09, Alan DeKok escreveu:
On Apr 13, 2016, at 8:51 AM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
Is it possible to allow access to a different POOL for users who authenticate with invalid login or password?
Only for people who aren't using EAP.
Users who connect with correct credentials would use the POOL according to their groups, and users with login and password invalids would be directed to another POOL? I hope I was clear.
Sure. In the "authenticate" section, do:
authenticate { ... Auth-Type pap { pap { reject = 1 }
if (reject) { update control { Pool-Name := "rejected_pool" }
ok }
}
... }
You'll have to customize it for your system, but the general idea is there.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan, Only complementing..... He catches and releases the IP Look my authenticate section: authenticate { Auth-Type PAP { pap { reject = 1 } if(reject) { update control { Pool-Name := "inadi_pool"; } ok } } Auth-Type CHAP { chap { reject = 1 } if(reject) { update control { Pool-Name := "iandi_pool"; } ok } } Auth-Type MS-CHAP { mschap { reject = 1 } if(reject) { update control { Pool-Name := "inadi_pool"; } ok } } digest unix eap } And my Log: Wed Apr 13 16:51:31 2016 : Auth: Login OK: [testepppoe] (from client ce-teste-rb port 15728721 cli F8:1A:67:58:42:E7) Wed Apr 13 16:51:31 2016 : Info: Allocated IP: 192.168.11.208 from inadi_pool (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 port 15728721 user testepppoe) Wed Apr 13 16:51:31 2016 : Info: Released IP 192.168.11.208 (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 user testepppoe) Could you help me? Aurelio Em 13/04/2016 16:48, Aurélio de Souza Ribeiro Neto escreveu:
Alan,
Thanks!
It works, but I can Log "Invalid Login" before delivery IP?
Aurelio
Em 13/04/2016 10:09, Alan DeKok escreveu:
On Apr 13, 2016, at 8:51 AM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
Is it possible to allow access to a different POOL for users who authenticate with invalid login or password?
Only for people who aren't using EAP.
Users who connect with correct credentials would use the POOL according to their groups, and users with login and password invalids would be directed to another POOL? I hope I was clear.
Sure. In the "authenticate" section, do:
authenticate { ... Auth-Type pap { pap { reject = 1 }
if (reject) { update control { Pool-Name := "rejected_pool" }
ok }
}
... }
You'll have to customize it for your system, but the general idea is there.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Apr 13, 2016, at 4:36 PM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
And my Log:
Wed Apr 13 16:51:31 2016 : Auth: Login OK: [testepppoe] (from client ce-teste-rb port 15728721 cli F8:1A:67:58:42:E7) Wed Apr 13 16:51:31 2016 : Info: Allocated IP: 192.168.11.208 from inadi_pool (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 port 15728721 user testepppoe) Wed Apr 13 16:51:31 2016 : Info: Released IP 192.168.11.208 (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 user testepppoe)
<sigh> Post the DEBUG LOG. I'm almost inclined to start banning people who repeatedly ask questions and fail to post the debug log. It's rude, and wastes everyones time. Alan DeKok.
Sorry Alan, No problem, you're right!! DEBUG LOG: radiusd: FreeRADIUS Version 2.2.9, for host amd64-portbld-freebsd10.2, built on Apr 10 2016 at 11:17:16 Copyright (C) 1999-2015 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/cache including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/dhcp_sqlippool including configuration file /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/radrelay including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/redis including configuration file /usr/local/etc/raddb/modules/rediswho including configuration file /usr/local/etc/raddb/modules/replicate including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/soh including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/teste_radius.log including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/sqlippool.conf including configuration file /usr/local/etc/raddb/sql/mysql/ippool.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/0 main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { name = "radiusd" prefix = "/usr/local" localstatedir = "/var" sbindir = "/usr/local/sbin" logdir = "/var/log" run_dir = "/var/run/radiusd" libdir = "/usr/local/lib/freeradius-2.2.9" radacctdir = "/var/log/radacct" hostname_lookups = no max_request_time = 45 cleanup_delay = 5 max_requests = 1280 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = no } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /usr/local/etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /usr/local/etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /usr/local/etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /usr/local/etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /usr/local/etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_always Module: Instantiating module "ok" from file /usr/local/etc/raddb/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /usr/local/etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /usr/local/etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /usr/local/etc/raddb/modules/unix unix { radwtmp = "/var/log/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1280 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/usr/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /usr/local/etc/raddb/huntgroups reading pairlist file /usr/local/etc/raddb/hints Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /usr/local/etc/raddb/sql.conf sql { driver = "rlm_sql_mysql" server = "*****.***.***.**" port = "" login = "**********" password = "****************" radius_db = "mpc_freeradius" read_groups = yes sqltrace = no sqltracefile = "/var/log/sqltrace.sql" readclients = yes deletestalesessions = yes num_sql_socks = 32 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT DISTINCT (R.id), R.username, R.attribute, R.value, R.op FROM mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist M WHERE R.username = '%{SQL-User-Name}' AND M.usuario_login = '%{SQL-User-Name}' AND N.nasname = '%{Nas-IP-Address}' AND N.gw_id = (SELECT gateway_id FROM mpc_lw.maclist WHERE usuario_login = '%{SQL-User-Name}' AND gateway_id = ( SELECT gw_id FROM mpc_freeradius.nas WHERE nasname = '%{Nas-IP-Address}' ) ORDER BY ID) " authorize_reply_query = "SELECT DISTINCT (R.id), R.username, R.attribute, R.value, R.op FROM mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist M WHERE R.username = '%{SQL-User-Name}' AND M.usuario_login = '%{SQL-User-Name}' AND N.nasname = '%{Nas-IP-Address}' AND N.gw_id = (SELECT gateway_id FROM mpc_lw.maclist WHERE usuario_login = '%{SQL-User-Name}' AND gateway_id = ( SELECT gw_id FROM mpc_freeradius.nas WHERE nasname = '%{Nas-IP-Address}' ) ORDER BY ID) " authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'" accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{%{Acct-Session-Time}:-0}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{%{Acct-Session-Time}:-0}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{%{Acct-Session-Time}:-0}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{%{Acct-Session-Time}:-0}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 60 simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to FREERADIUS@mysql.mpc.com.br:/mpc_freeradius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): starting 5 rlm_sql (sql): Attempting to connect rlm_sql_mysql #5 rlm_sql_mysql: Starting connect to MySQL server for #5 rlm_sql (sql): Connected new DB handle, #5 rlm_sql (sql): starting 6 rlm_sql (sql): Attempting to connect rlm_sql_mysql #6 rlm_sql_mysql: Starting connect to MySQL server for #6 rlm_sql (sql): Connected new DB handle, #6 rlm_sql (sql): starting 7 rlm_sql (sql): Attempting to connect rlm_sql_mysql #7 rlm_sql_mysql: Starting connect to MySQL server for #7 rlm_sql (sql): Connected new DB handle, #7 rlm_sql (sql): starting 8 rlm_sql (sql): Attempting to connect rlm_sql_mysql #8 rlm_sql_mysql: Starting connect to MySQL server for #8 rlm_sql (sql): Connected new DB handle, #8 rlm_sql (sql): starting 9 rlm_sql (sql): Attempting to connect rlm_sql_mysql #9 rlm_sql_mysql: Starting connect to MySQL server for #9 rlm_sql (sql): Connected new DB handle, #9 rlm_sql (sql): starting 10 rlm_sql (sql): Attempting to connect rlm_sql_mysql #10 rlm_sql_mysql: Starting connect to MySQL server for #10 rlm_sql (sql): Connected new DB handle, #10 rlm_sql (sql): starting 11 rlm_sql (sql): Attempting to connect rlm_sql_mysql #11 rlm_sql_mysql: Starting connect to MySQL server for #11 rlm_sql (sql): Connected new DB handle, #11 rlm_sql (sql): starting 12 rlm_sql (sql): Attempting to connect rlm_sql_mysql #12 rlm_sql_mysql: Starting connect to MySQL server for #12 rlm_sql (sql): Connected new DB handle, #12 rlm_sql (sql): starting 13 rlm_sql (sql): Attempting to connect rlm_sql_mysql #13 rlm_sql_mysql: Starting connect to MySQL server for #13 rlm_sql (sql): Connected new DB handle, #13 rlm_sql (sql): starting 14 rlm_sql (sql): Attempting to connect rlm_sql_mysql #14 rlm_sql_mysql: Starting connect to MySQL server for #14 rlm_sql (sql): Connected new DB handle, #14 rlm_sql (sql): starting 15 rlm_sql (sql): Attempting to connect rlm_sql_mysql #15 rlm_sql_mysql: Starting connect to MySQL server for #15 rlm_sql (sql): Connected new DB handle, #15 rlm_sql (sql): starting 16 rlm_sql (sql): Attempting to connect rlm_sql_mysql #16 rlm_sql_mysql: Starting connect to MySQL server for #16 rlm_sql (sql): Connected new DB handle, #16 rlm_sql (sql): starting 17 rlm_sql (sql): Attempting to connect rlm_sql_mysql #17 rlm_sql_mysql: Starting connect to MySQL server for #17 rlm_sql (sql): Connected new DB handle, #17 rlm_sql (sql): starting 18 rlm_sql (sql): Attempting to connect rlm_sql_mysql #18 rlm_sql_mysql: Starting connect to MySQL server for #18 rlm_sql (sql): Connected new DB handle, #18 rlm_sql (sql): starting 19 rlm_sql (sql): Attempting to connect rlm_sql_mysql #19 rlm_sql_mysql: Starting connect to MySQL server for #19 rlm_sql (sql): Connected new DB handle, #19 rlm_sql (sql): starting 20 rlm_sql (sql): Attempting to connect rlm_sql_mysql #20 rlm_sql_mysql: Starting connect to MySQL server for #20 rlm_sql (sql): Connected new DB handle, #20 rlm_sql (sql): starting 21 rlm_sql (sql): Attempting to connect rlm_sql_mysql #21 rlm_sql_mysql: Starting connect to MySQL server for #21 rlm_sql (sql): Connected new DB handle, #21 rlm_sql (sql): starting 22 rlm_sql (sql): Attempting to connect rlm_sql_mysql #22 rlm_sql_mysql: Starting connect to MySQL server for #22 rlm_sql (sql): Connected new DB handle, #22 rlm_sql (sql): starting 23 rlm_sql (sql): Attempting to connect rlm_sql_mysql #23 rlm_sql_mysql: Starting connect to MySQL server for #23 rlm_sql (sql): Connected new DB handle, #23 rlm_sql (sql): starting 24 rlm_sql (sql): Attempting to connect rlm_sql_mysql #24 rlm_sql_mysql: Starting connect to MySQL server for #24 rlm_sql (sql): Connected new DB handle, #24 rlm_sql (sql): starting 25 rlm_sql (sql): Attempting to connect rlm_sql_mysql #25 rlm_sql_mysql: Starting connect to MySQL server for #25 rlm_sql (sql): Connected new DB handle, #25 rlm_sql (sql): starting 26 rlm_sql (sql): Attempting to connect rlm_sql_mysql #26 rlm_sql_mysql: Starting connect to MySQL server for #26 rlm_sql (sql): Connected new DB handle, #26 rlm_sql (sql): starting 27 rlm_sql (sql): Attempting to connect rlm_sql_mysql #27 rlm_sql_mysql: Starting connect to MySQL server for #27 rlm_sql (sql): Connected new DB handle, #27 rlm_sql (sql): starting 28 rlm_sql (sql): Attempting to connect rlm_sql_mysql #28 rlm_sql_mysql: Starting connect to MySQL server for #28 rlm_sql (sql): Connected new DB handle, #28 rlm_sql (sql): starting 29 rlm_sql (sql): Attempting to connect rlm_sql_mysql #29 rlm_sql_mysql: Starting connect to MySQL server for #29 rlm_sql (sql): Connected new DB handle, #29 rlm_sql (sql): starting 30 rlm_sql (sql): Attempting to connect rlm_sql_mysql #30 rlm_sql_mysql: Starting connect to MySQL server for #30 rlm_sql (sql): Connected new DB handle, #30 rlm_sql (sql): starting 31 rlm_sql (sql): Attempting to connect rlm_sql_mysql #31 rlm_sql_mysql: Starting connect to MySQL server for #31 rlm_sql (sql): Connected new DB handle, #31 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql): Reserving sql socket id: 31 rlm_sql (sql): Read entry nasname=127.0.0.1,shortname=Local Host,secret=secret rlm_sql (sql): Adding client 127.0.0.1 (Local Host, server=<none>) to clients list rlm_sql (sql): Read entry nasname=172.20.30.2,shortname=ce-poppa-rb,secret=#banan@# rlm_sql (sql): Adding client 172.20.30.2 (ce-poppa-rb, server=<none>) to clients list rlm_sql (sql): Read entry nasname=172.20.200.2,shortname=ce-teste-rb,secret=#banan@# rlm_sql (sql): Adding client 172.20.200.2 (ce-teste-rb, server=<none>) to clients list rlm_sql (sql): Read entry nasname=172.20.8.2,shortname=ce-popfd-rb,secret=#banan@# rlm_sql (sql): Adding client 172.20.8.2 (ce-popfd-rb, server=<none>) to clients list rlm_sql (sql): Read entry nasname=172.20.6.2,shortname=ce-popitpm-rb,secret=#banan@# rlm_sql (sql): Adding client 172.20.6.2 (ce-popitpm-rb, server=<none>) to clients list rlm_sql (sql): Read entry nasname=172.20.43.2,shortname=ce-popsm-rb,secret=#banan@# rlm_sql (sql): Adding client 172.20.43.2 (ce-popsm-rb, server=<none>) to clients list rlm_sql (sql): Read entry nasname=172.20.72.2,shortname=ce-popeuropa-rb,secret=#banan@# rlm_sql (sql): Adding client 172.20.72.2 (ce-popeuropa-rb, server=<none>) to clients list rlm_sql (sql): Released sql socket id: 31 Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /usr/local/etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail detail { detailfile = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no escape_filenames = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/radiusd.conf radutmp { filename = "/var/log/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Instantiating module "sradutmp" from file /usr/local/etc/raddb/modules/sradutmp radutmp sradutmp { filename = "/var/log/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 420 callerid = no } Module: Linked to module rlm_sqlippool Module: Instantiating module "sqlippool" from file /usr/local/etc/raddb/sqlippool.conf sqlippool { sql-instance-name = "sql" lease-duration = 720 pool-name = "" allocate-begin = "START TRANSACTION" allocate-clear = "UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND pool_key = '%{NAS-Port}' AND nasipaddress = '%{Nas-IP-Address}'" allocate-find = "SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time = '0000-00-00 00:00:00' ORDER BY RAND() LIMIT 1 FOR UPDATE" allocate-update = "UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 720 SECOND WHERE framedipaddress = '%I' AND expiry_time = '0000-00-00 00:00:00'" allocate-commit = "COMMIT" allocate-rollback = "ROLLBACK" pool-check = "SELECT id FROM radippool WHERE pool_name='%{control:Pool-Name}' LIMIT 1" start-begin = "START TRANSACTION" start-update = "UPDATE radippool SET expiry_time = NOW() + INTERVAL 720 SECOND WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}'" start-commit = "COMMIT" start-rollback = "ROLLBACK" alive-begin = "START TRANSACTION" alive-update = "UPDATE radippool SET expiry_time = NOW() + INTERVAL 720 SECOND WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}'" alive-commit = "COMMIT" alive-rollback = "ROLLBACK" stop-begin = "START TRANSACTION" stop-clear = "UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}'" stop-commit = "COMMIT" stop-rollback = "ROLLBACK" on-begin = "START TRANSACTION" on-clear = "UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE nasipaddress = '%{Nas-IP-Address}'" on-commit = "COMMIT" on-rollback = "ROLLBACK" off-begin = "START TRANSACTION" off-clear = "UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE nasipaddress = '%{Nas-IP-Address}'" off-commit = "COMMIT" off-rollback = "ROLLBACK" sqlippool_log_exists = "Existing IP: %{reply:Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_success = "Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_clear = "Released IP %{Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name})" sqlippool_log_failed = "IP Allocation FAILED from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_nopool = "No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" defaultpool = "main_pool" } Module: Linked to module rlm_sql_log Module: Instantiating module "sql_log" from file /usr/local/etc/raddb/modules/sql_log sql_log { path = "/var/log/radacct/sql-relay" Post-Auth = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S');" sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = no safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /usr/local/etc/raddb/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Ready to process requests. rad_recv: Access-Request packet from host 172.20.200.2 port 47606, id=251, length=207 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 15728752 NAS-Port-Type = Ethernet User-Name = "testepppoe" Calling-Station-Id = "F8:1A:67:58:42:E7" Called-Station-Id = "CE - TESTE PPPoE" NAS-Port-Id = "ether2" MS-CHAP-Challenge = 0xa2679e2e3eda990b3c1154ad21869130 MS-CHAP2-Response = 0x01003768a76d49b3b35a91341a22ddb2930a000000000000000003c736cb201806f6a9100b319b13e9c893b2bd9d048a7541 NAS-Identifier = "CE - TESTE PPPoE" NAS-IP-Address = 172.20.200.2 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] = ok ++[digest] = noop [eap] No EAP-Message, not doing EAP ++[eap] = noop [sql] expand: %{User-Name} -> testepppoe [sql] sql_set_user escaped user --> 'testepppoe' rlm_sql (sql): Reserving sql socket id: 30 [sql] expand: SELECT DISTINCT (R.id), R.username, R.attribute, R.value, R.op FROM mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist M WHERE R.username = '%{SQL-User-Name}' AND M.usuario_login = '%{SQL-User-Name}' AND N.nasname = '%{Nas-IP-Address}' AND N.gw_id = (SELECT gateway_id FROM mpc_lw.maclist WHERE usuario_login = '%{SQL-User-Name}' AND gateway_id = ( SELECT gw_id FROM mpc_freeradius.nas WHERE nasname = '%{Nas-IP-Address}' ) ORDER BY ID) -> SELECT DISTINCT (R.id), R.username, R.att [sql] User found in radcheck table [sql] expand: SELECT DISTINCT (R.id), R.username, R.attribute, R.value, R.op FROM mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist M WHERE R.username = '%{SQL-User-Name}' AND M.usuario_login = '%{SQL-User-Name}' AND N.nasname = '%{Nas-IP-Address}' AND N.gw_id = (SELECT gateway_id FROM mpc_lw.maclist WHERE usuario_login = '%{SQL-User-Name}' AND gateway_id = ( SELECT gw_id FROM mpc_freeradius.nas WHERE nasname = '%{Nas-IP-Address}' ) [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'testepppoe' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '715' ORDER BY id [sql] User found in group 715 [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '715' ORDER BY id rlm_sql (sql): Released sql socket id: 30 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = ok Found Auth-Type = MSCHAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group MS-CHAP { [mschap] Creating challenge hash with username: testepppoe [mschap] Client is using MS-CHAPv2 for testepppoe, we need NT-Password [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] = reject ++? if (reject) ? Evaluating (reject) -> TRUE ++? if (reject) -> TRUE ++if (reject) { +++update control { +++} # update control = noop +++[ok] = ok ++} # if (reject) = ok +} # group MS-CHAP = ok # Executing section session from file /usr/local/etc/raddb/sites-enabled/default +group session { [sql] expand: %{User-Name} -> testepppoe [sql] sql_set_user escaped user --> 'testepppoe' [sql] expand: SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL -> SELECT COUNT(*) FROM radacct WHERE username = 'testepppoe' AND acctstoptime IS NULL rlm_sql (sql): Reserving sql socket id: 29 rlm_sql (sql): Released sql socket id: 29 ++[sql] = ok +} # group session = ok Login OK: [testepppoe] (from client ce-teste-rb port 15728752 cli F8:1A:67:58:42:E7) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default +group post-auth { rlm_sql (sql): Reserving sql socket id: 28 [sqlippool] expand: %{User-Name} -> testepppoe [sqlippool] sql_set_user escaped user --> 'testepppoe' [sqlippool] expand: START TRANSACTION -> START TRANSACTION [sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND pool_key = '%{NAS-Port}' AND nasipaddress = '%{Nas-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND pool_key = '15728752' AND nasipaddress = '172.20.200.2' [sqlippool] expand: COMMIT -> COMMIT [sqlippool] expand: START TRANSACTION -> START TRANSACTION [sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time = '0000-00-00 00:00:00' ORDER BY RAND() LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'inadi_pool' AND expiry_time = '0000-00-00 00:00:00' ORDER BY RAND() LIMIT 1 FOR UPDATE [sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 720 SECOND WHERE framedipaddress = '192.168.11.247' AND expiry_time = '0000-00-00 00:00:00' -> UPDATE radippool SET nasipaddress = '172.20.200.2', pool_key = '15728752', callingstationid = 'F8:1A:67:58:42:E7', username = 'testepppoe', expiry_time = NOW() + INTERVAL 720 SECOND WHERE framedipaddress = '192.168.11.247' AND expiry_time = '0000-00-00 00:00:00' [sqlippool] Allocated IP 192.168.11.247 [f70ba8c0] [sqlippool] expand: COMMIT -> COMMIT rlm_sql (sql): Released sql socket id: 28 [sqlippool] expand: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> Allocated IP: 192.168.11.247 from inadi_pool (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 port 15728752 user testepppoe) Allocated IP: 192.168.11.247 from inadi_pool (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 port 15728752 user testepppoe) ++[sqlippool] = ok +} # group post-auth = ok Sending Access-Accept of id 251 to 172.20.200.2 port 47606 User-Password := "test" Framed-Compression := Van-Jacobson-TCP-IP Framed-Protocol := PPP Framed-Routing := Broadcast-Listen Framed-MTU := 1500 Service-Type := Framed-User Mikrotik-Rate-Limit := "500K/5M 600K/5500K 450K/3750K 10/10" MS-CHAP-Error = "\001E=691 R=1" Framed-IP-Address = 192.168.11.247 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 172.20.200.2 port 40877, id=252, length=165 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 15728752 NAS-Port-Type = Ethernet User-Name = "testepppoe" Calling-Station-Id = "F8:1A:67:58:42:E7" Called-Station-Id = "CE - TESTE PPPoE" NAS-Port-Id = "ether2" Acct-Session-Id = "81e00070" Framed-IP-Address = 192.168.11.247 Acct-Authentic = RADIUS Event-Timestamp = "Apr 12 2016 14:02:50 BRT" Acct-Status-Type = Start NAS-Identifier = "CE - TESTE PPPoE" Acct-Delay-Time = 0 NAS-IP-Address = 172.20.200.2 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +group preacct { ++[preprocess] = ok [acct_unique] Hashing 'NAS-Port = 15728752,NAS-Identifier = "CE - TESTE PPPoE",NAS-IP-Address = 172.20.200.2,Acct-Session-Id = "81e00070",User-Name = "testepppoe"' [acct_unique] Acct-Unique-Session-ID = "9629c83490d4d44a". ++[acct_unique] = ok +} # group preacct = ok # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +group accounting { [detail] expand: %{Packet-Src-IP-Address} -> 172.20.200.2 [detail] expand: /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radacct/172.20.200.2/detail-20160413 [detail] /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radacct/172.20.200.2/detail-20160413 [detail] expand: %t -> Wed Apr 13 17:06:48 2016 ++[detail] = ok ++[unix] = ok [radutmp] expand: /var/log/radutmp -> /var/log/radutmp [radutmp] expand: %{User-Name} -> testepppoe ++[radutmp] = ok [sradutmp] expand: /var/log/sradutmp -> /var/log/sradutmp [sradutmp] expand: %{User-Name} -> testepppoe ++[sradutmp] = ok rlm_sql (sql): Reserving sql socket id: 27 [sqlippool] expand: %{User-Name} -> testepppoe [sqlippool] sql_set_user escaped user --> 'testepppoe' [sqlippool] expand: START TRANSACTION -> START TRANSACTION [sqlippool] expand: UPDATE radippool SET expiry_time = NOW() + INTERVAL 720 SECOND WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' -> UPDATE radippool SET expiry_time = NOW() + INTERVAL 720 SECOND WHERE nasipaddress = '172.20.200.2' AND pool_key = '15728752' AND username = 'testepppoe' AND callingstationid = 'F8:1A:67:58:42:E7' AND framedipaddress = '192.168.11.247' [sqlippool] expand: COMMIT -> COMMIT rlm_sql (sql): Released sql socket id: 27 ++[sqlippool] = ok [sql] expand: %{User-Name} -> testepppoe [sql] sql_set_user escaped user --> 'testepppoe' [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 26 rlm_sql (sql): Released sql socket id: 26 ++[sql] = ok ++? if (noop) ? Evaluating (noop) -> FALSE ++? if (noop) -> FALSE [sql_log] Processing sql_log_accounting [sql_log] expand: %{User-Name} -> testepppoe [sql_log] expand: %{%{User-Name}:-DEFAULT} -> testepppoe [sql_log] sql_set_user escaped user --> 'testepppoe' [sql_log] expand: INSERT INTO radacct (AcctSessionId, UserName, NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, AcctSessionTime, AcctTerminateCause) VALUES ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', '%{Framed-IP-Address}', '%S', '0', '0', ''); -> INSERT INTO radacct (AcctSessionId, UserName, NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, AcctSessionTime, AcctTerminateCause) VALUES ('81e00070', 'testepppoe', '172.20.200.2', '192.168.11.247', '2016-04-13 17:06:48', '0', '0', ''); [sql_log] expand: /var/log/radacct/sql-relay -> /var/log/radacct/sql-relay ++[sql_log] = ok [attr_filter.accounting_response] expand: %{User-Name} -> testepppoe attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] = updated +} # group accounting = updated Sending Accounting-Response of id 252 to 172.20.200.2 port 40877 Finished request 1. Cleaning up request 1 ID 252 with timestamp +15 Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 172.20.200.2 port 42851, id=253, length=213 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 15728752 NAS-Port-Type = Ethernet User-Name = "testepppoe" Calling-Station-Id = "F8:1A:67:58:42:E7" Called-Station-Id = "CE - TESTE PPPoE" NAS-Port-Id = "ether2" Acct-Session-Id = "81e00070" Framed-IP-Address = 192.168.11.247 Acct-Authentic = RADIUS Event-Timestamp = "Apr 12 2016 14:02:50 BRT" Acct-Session-Time = 0 Acct-Input-Octets = 0 Acct-Input-Gigawords = 0 Acct-Input-Packets = 0 Acct-Output-Octets = 14 Acct-Output-Gigawords = 0 Acct-Output-Packets = 2 Acct-Status-Type = Stop Acct-Terminate-Cause = User-Request NAS-Identifier = "CE - TESTE PPPoE" Acct-Delay-Time = 0 NAS-IP-Address = 172.20.200.2 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +group preacct { ++[preprocess] = ok [acct_unique] Hashing 'NAS-Port = 15728752,NAS-Identifier = "CE - TESTE PPPoE",NAS-IP-Address = 172.20.200.2,Acct-Session-Id = "81e00070",User-Name = "testepppoe"' [acct_unique] Acct-Unique-Session-ID = "9629c83490d4d44a". ++[acct_unique] = ok +} # group preacct = ok # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +group accounting { [detail] expand: %{Packet-Src-IP-Address} -> 172.20.200.2 [detail] expand: /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/radacct/172.20.200.2/detail-20160413 [detail] /var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radacct/172.20.200.2/detail-20160413 [detail] expand: %t -> Wed Apr 13 17:06:48 2016 ++[detail] = ok ++[unix] = ok [radutmp] expand: /var/log/radutmp -> /var/log/radutmp [radutmp] expand: %{User-Name} -> testepppoe ++[radutmp] = ok [sradutmp] expand: /var/log/sradutmp -> /var/log/sradutmp [sradutmp] expand: %{User-Name} -> testepppoe ++[sradutmp] = ok rlm_sql (sql): Reserving sql socket id: 25 [sqlippool] expand: %{User-Name} -> testepppoe [sqlippool] sql_set_user escaped user --> 'testepppoe' [sqlippool] expand: START TRANSACTION -> START TRANSACTION [sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = '0000-00-00 00:00:00' WHERE nasipaddress = '172.20.200.2' AND pool_key = '15728752' AND username = 'testepppoe' AND callingstationid = 'F8:1A:67:58:42:E7' AND framedipaddress = '192.168.11.247' [sqlippool] expand: COMMIT -> COMMIT [sqlippool] expand: Released IP %{Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name}) -> Released IP 192.168.11.247 (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 user testepppoe) Released IP 192.168.11.247 (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 user testepppoe) rlm_sql (sql): Released sql socket id: 25 ++[sqlippool] = ok [sql] expand: %{User-Name} -> testepppoe [sql] sql_set_user escaped user --> 'testepppoe' [sql] expand: %{Acct-Session-Time} -> 0 [sql] expand: %{Acct-Input-Gigawords} -> 0 [sql] expand: %{Acct-Input-Octets} -> 0 [sql] expand: %{Acct-Output-Gigawords} -> 0 [sql] expand: %{Acct-Output-Octets} -> 14 [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{%{Acct-Session-Time}:-0}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstoptime = '2016-04-13 17:06:48', acctsessiontime = '0', acctinputoctets = '0' << 32 | '0', acctoutputoctets = '0' << 32 | rlm_sql (sql): Reserving sql socket id: 24 rlm_sql (sql): Released sql socket id: 24 ++[sql] = ok ++? if (noop) ? Evaluating (noop) -> FALSE ++? if (noop) -> FALSE [sql_log] Processing sql_log_accounting [sql_log] expand: %{User-Name} -> testepppoe [sql_log] expand: %{%{User-Name}:-DEFAULT} -> testepppoe [sql_log] sql_set_user escaped user --> 'testepppoe' [sql_log] expand: INSERT INTO radacct (AcctSessionId, UserName, NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, AcctSessionTime, AcctTerminateCause) VALUES ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', '%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', '%{Acct-Terminate-Cause}'); -> INSERT INTO radacct (AcctSessionId, UserName, NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, AcctSessionTime, AcctTerminateCause) VALUES ('81e00070', 'testepppoe', '172.20.200.2', '192.168.11.247', '0', '2016-04-13 17:06:48', '0', 'User-Request'); [sql_log] expand: /var/log/radacct/sql-relay -> /var/log/radacct/sql-relay ++[sql_log] = ok [attr_filter.accounting_response] expand: %{User-Name} -> testepppoe attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] = updated +} # group accounting = updated Sending Accounting-Response of id 253 to 172.20.200.2 port 42851 Finished request 2. Cleaning up request 2 ID 253 with timestamp +15 Going to the next request Waking up in 4.8 seconds. Cleaning up request 0 ID 251 with timestamp +15 Ready to process requests. Thanks Aurélio Em 13/04/2016 17:41, Alan DeKok escreveu:
On Apr 13, 2016, at 4:36 PM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
And my Log:
Wed Apr 13 16:51:31 2016 : Auth: Login OK: [testepppoe] (from client ce-teste-rb port 15728721 cli F8:1A:67:58:42:E7) Wed Apr 13 16:51:31 2016 : Info: Allocated IP: 192.168.11.208 from inadi_pool (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 port 15728721 user testepppoe) Wed Apr 13 16:51:31 2016 : Info: Released IP 192.168.11.208 (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 user testepppoe)
<sigh>
Post the DEBUG LOG.
I'm almost inclined to start banning people who repeatedly ask questions and fail to post the debug log. It's rude, and wastes everyones time.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Apr 13, 2016, at 5:16 PM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
rad_recv: Access-Request packet from host 172.20.200.2 port 47606, id=251, length=207 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 15728752 NAS-Port-Type = Ethernet User-Name = "testepppoe" Calling-Station-Id = "F8:1A:67:58:42:E7" Called-Station-Id = "CE - TESTE PPPoE" NAS-Port-Id = "ether2" MS-CHAP-Challenge = 0xa2679e2e3eda990b3c1154ad21869130 MS-CHAP2-Response = 0x01003768a76d49b3b35a91341a22ddb2930a000000000000000003c736cb201806f6a9100b319b13e9c893b2bd9d048a7541
You can't force an Access-Accept in MS-CHAPv2. Alan DeKok.
Em 13/04/2016 19:41, Alan DeKok escreveu:
On Apr 13, 2016, at 5:16 PM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
rad_recv: Access-Request packet from host 172.20.200.2 port 47606, id=251, length=207 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 15728752 NAS-Port-Type = Ethernet User-Name = "testepppoe" Calling-Station-Id = "F8:1A:67:58:42:E7" Called-Station-Id = "CE - TESTE PPPoE" NAS-Port-Id = "ether2" MS-CHAP-Challenge = 0xa2679e2e3eda990b3c1154ad21869130 MS-CHAP2-Response = 0x01003768a76d49b3b35a91341a22ddb2930a000000000000000003c736cb201806f6a9100b319b13e9c893b2bd9d048a7541 You can't force an Access-Accept in MS-CHAPv2.
Sorry, I don't know why..... Aurelio
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> writes:
Em 13/04/2016 19:41, Alan DeKok escreveu:
On Apr 13, 2016, at 5:16 PM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
rad_recv: Access-Request packet from host 172.20.200.2 port 47606, id=251, length=207 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 15728752 NAS-Port-Type = Ethernet User-Name = "testepppoe" Calling-Station-Id = "F8:1A:67:58:42:E7" Called-Station-Id = "CE - TESTE PPPoE" NAS-Port-Id = "ether2" MS-CHAP-Challenge = 0xa2679e2e3eda990b3c1154ad21869130 MS-CHAP2-Response = 0x01003768a76d49b3b35a91341a22ddb2930a000000000000000003c736cb201806f6a9100b319b13e9c893b2bd9d048a7541 You can't force an Access-Accept in MS-CHAPv2.
Sorry, I don't know why.....
See the "Note" on https://technet.microsoft.com/en-us/library/cc787927%28v=ws.10%29.aspx The easiest way to "fix" this is usually turning off chap support on the NAS, allowing only pap. Bjørn
Alan, Thanks! It works, but I can Log "Invalid Login" before delivery IP? Aurelio Em 13/04/2016 16:48, Aurélio de Souza Ribeiro Neto escreveu:
Em 13/04/2016 10:09, Alan DeKok escreveu:
On Apr 13, 2016, at 8:51 AM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
Is it possible to allow access to a different POOL for users who authenticate with invalid login or password?
Only for people who aren't using EAP.
Users who connect with correct credentials would use the POOL according to their groups, and users with login and password invalids would be directed to another POOL? I hope I was clear.
Sure. In the "authenticate" section, do:
authenticate { ... Auth-Type pap { pap { reject = 1 }
if (reject) { update control { Pool-Name := "rejected_pool" }
ok }
}
... }
You'll have to customize it for your system, but the general idea is there.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, This solution works for me. How can I set Group-Name or Mikrotik-Rate-Limit in this case? Thanks again Aurelio Em 13/04/2016 10:09, Alan DeKok escreveu:
On Apr 13, 2016, at 8:51 AM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
Is it possible to allow access to a different POOL for users who authenticate with invalid login or password?
Only for people who aren't using EAP.
Users who connect with correct credentials would use the POOL according to their groups, and users with login and password invalids would be directed to another POOL? I hope I was clear.
Sure. In the "authenticate" section, do:
authenticate { ... Auth-Type pap { pap { reject = 1 }
if (reject) { update control { Pool-Name := "rejected_pool" }
ok }
}
... }
You'll have to customize it for your system, but the general idea is there.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Function rewrite.calling_station_id has in the /etc/freeradius2/policy.conf: rewrite.calling_station_id { if((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) { update request { Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" } updated } else { noop } } "updated", if I correctly understand has in dictionary /usr/share/freeradius2/dictionary.freeradius.internal: ATTRIBUTE Module-Return-Code 1108 integer VALUE Module-Return-Code reject 0 VALUE Module-Return-Code fail 1 VALUE Module-Return-Code ok 2 VALUE Module-Return-Code handled 3 VALUE Module-Return-Code invalid 4 VALUE Module-Return-Code userlock 5 VALUE Module-Return-Code notfound 6 VALUE Module-Return-Code noop 7 VALUE Module-Return-Code updated 8 So... why I get error:
Module: Checking authorize {...} for more modules to load Module: Loading virtual module rewrite.calling_station_id /etc/freeradius2/policy.conf[250]: Failed to find "updated" in the "modules" section.
I misunderstand something.. sorry...
Mildok <mildok@mail.ru> writes:
Function rewrite.calling_station_id has in the /etc/freeradius2/policy.conf: rewrite.calling_station_id { if((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) { update request { Calling-Station-Id := "%{tolower:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}" } updated } else { noop } }
"updated", if I correctly understand has in dictionary /usr/share/freeradius2/dictionary.freeradius.internal:
ATTRIBUTE Module-Return-Code 1108 integer
VALUE Module-Return-Code reject 0 VALUE Module-Return-Code fail 1 VALUE Module-Return-Code ok 2 VALUE Module-Return-Code handled 3 VALUE Module-Return-Code invalid 4 VALUE Module-Return-Code userlock 5 VALUE Module-Return-Code notfound 6 VALUE Module-Return-Code noop 7 VALUE Module-Return-Code updated 8
Yes, they are all valid return codes. But that is really irrelevant for your usage above. What you do there is calling modules with the names "noop" and "updated". Which usually works fine ,and does what you expect, because of something like this somewhere in the server config: # # The "always" module is here for debugging purposes. Each # instance simply returns the same result, always, without # doing anything. always fail { rcode = fail } always reject { rcode = reject } always noop { rcode = noop } always handled { rcode = handled } always updated { rcode = updated } always notfound { rcode = notfound } always ok { rcode = ok simulcount = 0 mpp = no }
So... why I get error:
Module: Checking authorize {...} for more modules to load Module: Loading virtual module rewrite.calling_station_id /etc/freeradius2/policy.conf[250]: Failed to find "updated" in the "modules" section.
I misunderstand something.. sorry...
So the reason is most likely exactly what it says (as usual with FreeRadius): You are missing the "updated" module. Locate the file where your "noop" module is defined and the problem should be obvious. Bjørn
On Thu, Apr 14, 2016 at 07:36:57AM +0300, Mildok wrote:
Module: Checking authorize {...} for more modules to load Module: Loading virtual module rewrite.calling_station_id /etc/freeradius2/policy.conf[250]: Failed to find "updated" in the "modules" section.
I misunderstand something.. sorry...
Most likely you have broken or deleted the configuration file /etc/freeradius2/modules/always. This is nothing to do with dictionaries. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
Bjørn Mork, Matthew Newton, A.L.M.Buxey at lboro.ac.uk thank you very much! Yes, problem was in disappear /etc/freeradius2/modules/always. Today openwrt make and place at downloads.openwrt.org freeradius2-mod-always. I install it, and problem solved. By the way for work MAC-based authorization need download and install freeradius2-mod-expr too. And in /etc/freeradius2/radiusd.conf add or uncomment "expr" in section "instantiate {". Sorry for waste your time. Thank you again! Freeradius and openwrt - AWESOME! =)
On Thu, Apr 14, 2016 at 02:19:04PM +0300, Mildok wrote:
Today openwrt make and place at downloads.openwrt.org freeradius2-mod-always. I install it, and problem solved.
By the way for work MAC-based authorization need download and install freeradius2-mod-expr too. And in /etc/freeradius2/radiusd.conf add or uncomment "expr" in section "instantiate {".
Eugh, they split each module into a separate package. :( I can understand it from a size perspective, but there are certain 'core' modules that pretty much everybody needs, as you've just found out. Putting them in separate packages doesn't really help anyone. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
participants (5)
-
Alan DeKok -
Aurélio de Souza Ribeiro Neto -
Bjørn Mork -
Matthew Newton -
Mildok