Hi, I have configuration file (huntgroup): LNS NAS-IP-Address =~ /^213\.151\.231\./ LNS NAS-IP-Address =~ /^213\.151\.232\./ LNS NAS-IP-Address == 213.151.235.230 Why freeradius does not set Huntgroup-Name to LNS (based on first regexp if NAS-IP-Address=213.151.231.112) ? If i use LNS NAS-IP-Address == 213.151.231.112, freeradius sets Huntgroup-Name correct. Debug output: Copyright (C) 1999-2015 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /app/radius/freeradius-3.0.7/share/freeradius/dictionary including dictionary file /app/radius/freeradius-3.0.7/share/freeradius/dictionary.dhcp including dictionary file /app/radius/freeradius-3.0.7/share/freeradius/dictionary.vqp including dictionary file ../../raddb/auth/dictionary including configuration file ../../raddb/auth/radiusd.conf including configuration file ../../raddb/auth/templates.conf including configuration file ../../raddb/auth/proxy.conf including configuration file ../../raddb/auth/clients.conf including files in directory ../../raddb/auth/mods-enabled/ including configuration file ../../raddb/auth/mods-enabled/realm including configuration file ../../raddb/auth/mods-enabled/files including configuration file ../../raddb/auth/mods-enabled/unpack including configuration file ../../raddb/auth/mods-enabled/attr_filter including configuration file ../../raddb/auth/mods-enabled/chap including configuration file ../../raddb/auth/mods-enabled/expr including configuration file ../../raddb/auth/mods-enabled/linelog including configuration file ../../raddb/auth/mods-enabled/pap including configuration file ../../raddb/auth/mods-enabled/detail including configuration file ../../raddb/auth/mods-enabled/preprocess including configuration file ../../raddb/auth/mods-enabled/always including files in directory ../../raddb/auth/policy.d/ including configuration file ../../raddb/auth/policy.d/nas including configuration file ../../raddb/auth/policy.d/operator-name including configuration file ../../raddb/auth/policy.d/username including configuration file ../../raddb/auth/policy.d/cui including configuration file ../../raddb/auth/policy.d/dhcp including configuration file ../../raddb/auth/policy.d/filter including configuration file ../../raddb/auth/policy.d/abfab-tr including configuration file ../../raddb/auth/policy.d/eap including configuration file ../../raddb/auth/policy.d/accounting including configuration file ../../raddb/auth/policy.d/control including configuration file ../../raddb/auth/policy.d/canonicalization including configuration file ../../raddb/auth/policy.d/debug including files in directory ../../raddb/auth/sites-enabled/ including configuration file ../../raddb/auth/sites-enabled/default main { name = "radiusd" prefix = "/app/radius/freeradius-3.0.7" localstatedir = "/app/radius/freeradius-3.0.7/var" sbindir = "/app/radius/freeradius-3.0.7/sbin" logdir = "/app/radius/freeradius-3.0.7/var/log/radius" run_dir = "/app/radius/freeradius-3.0.7/var/run/radiusd" libdir = "/app/radius/freeradius-3.0.7/lib" radacctdir = "/app/radius/freeradius-3.0.7/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/app/radius/freeradius-3.0.7/var/run/radiusd/radiusd.pid" checkrad = "/app/radius/freeradius-3.0.7/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes allow_vulnerable_openssl = "yes" } } radiusd: #### Loading Realms and Home Servers #### ... radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client localhost_ipv6 { ipv6addr = ::1 require_message_authenticator = no secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } ... Found debugger attached radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_realm # Instantiating module "IPASS" from file ../../raddb/auth/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Instantiating module "suffix" from file ../../raddb/auth/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Instantiating module "realmpercent" from file ../../raddb/auth/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Instantiating module "ntdomain" from file ../../raddb/auth/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\\" ignore_default = no ignore_null = no } # Loaded module rlm_files # Instantiating module "files" from file ../../raddb/auth/mods-enabled/files files { filename = "../../raddb/auth/mods-config/files/authorize" usersfile = "../../raddb/auth/mods-config/files/authorize" acctusersfile = "../../raddb/auth/mods-config/files/accounting" preproxy_usersfile = "../../raddb/auth/mods-config/files/pre-proxy" compat = "cistron" } reading pairlist file ../../raddb/auth/mods-config/files/authorize [../../raddb/auth/mods-config/files/authorize]:182 Cistron compatibility checks for entry DEFAULT ... [../../raddb/auth/mods-config/files/authorize]:189 Cistron compatibility checks for entry DEFAULT ... [../../raddb/auth/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ... reading pairlist file ../../raddb/auth/mods-config/files/authorize [../../raddb/auth/mods-config/files/authorize]:182 Cistron compatibility checks for entry DEFAULT ... [../../raddb/auth/mods-config/files/authorize]:189 Cistron compatibility checks for entry DEFAULT ... [../../raddb/auth/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ... reading pairlist file ../../raddb/auth/mods-config/files/accounting reading pairlist file ../../raddb/auth/mods-config/files/pre-proxy # Loaded module rlm_unpack # Instantiating module "unpack" from file ../../raddb/auth/mods-enabled/unpack # Loaded module rlm_attr_filter # Instantiating module "attr_filter.post-proxy" from file ../../raddb/auth/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "../../raddb/auth/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } reading pairlist file ../../raddb/auth/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file ../../raddb/auth/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "../../raddb/auth/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } reading pairlist file ../../raddb/auth/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file ../../raddb/auth/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "../../raddb/auth/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file ../../raddb/auth/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file ../../raddb/auth/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "../../raddb/auth/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } reading pairlist file ../../raddb/auth/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file ../../raddb/auth/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "../../raddb/auth/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file ../../raddb/auth/mods-config/attr_filter/accounting_response # Loaded module rlm_chap # Instantiating module "chap" from file ../../raddb/auth/mods-enabled/chap # Loaded module rlm_expr # Instantiating module "expr" from file ../../raddb/auth/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /��������������������������������������a����������������������������������������" } # Loaded module rlm_linelog # Instantiating module "linelog" from file ../../raddb/auth/mods-enabled/linelog linelog { filename = "/app/radius/freeradius-3.0.7/var/log/radius/linelog" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{Packet-Type}:-default}" } # Instantiating module "log_accounting" from file ../../raddb/auth/mods-enabled/linelog linelog log_accounting { filename = "/app/radius/freeradius-3.0.7/var/log/radius/linelog-accounting" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Instantiating module "log_acct_bras" from file ../../raddb/auth/mods-enabled/linelog linelog log_acct_bras { filename = "/app/radius/freeradius-3.0.7/var/log/radius/bdsl-%D.log" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Instantiating module "log_acct_common" from file ../../raddb/auth/mods-enabled/linelog linelog log_acct_common { filename = "/app/radius/freeradius-3.0.7/var/log/radius/common-%D.log" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_pap # Instantiating module "pap" from file ../../raddb/auth/mods-enabled/pap pap { normalise = yes } # Loaded module rlm_detail # Instantiating module "detail" from file ../../raddb/auth/mods-enabled/detail detail { filename = "/app/radius/freeradius-3.0.7/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loaded module rlm_preprocess # Instantiating module "preprocess" from file ../../raddb/auth/mods-enabled/preprocess preprocess { huntgroups = "../../raddb/auth/mods-config/preprocess/huntgroups" hints = "../../raddb/auth/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file ../../raddb/auth/mods-config/preprocess/huntgroups reading pairlist file ../../raddb/auth/mods-config/preprocess/hints # Loaded module rlm_always # Instantiating module "reject" from file ../../raddb/auth/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Instantiating module "fail" from file ../../raddb/auth/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Instantiating module "ok" from file ../../raddb/auth/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Instantiating module "handled" from file ../../raddb/auth/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Instantiating module "invalid" from file ../../raddb/auth/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Instantiating module "userlock" from file ../../raddb/auth/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Instantiating module "notfound" from file ../../raddb/auth/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Instantiating module "noop" from file ../../raddb/auth/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Instantiating module "updated" from file ../../raddb/auth/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } } # modules radiusd: #### Loading Virtual Servers #### server { # from file ../../raddb/auth/radiusd.conf } # server server default { # from file ../../raddb/auth/sites-enabled/default # Loading authenticate {...} # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading preacct {...} # Loading accounting {...} # Loading post-auth {...} } # server default radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 44433 Ready to process requests (0) Received Accounting-Request Id 230 from 127.0.0.1:42714 to 127.0.0.1:1813 length 278 (0) NAS-Port-Type = ISDN (0) Acct-Status-Type = Interim-Update (0) Connect-Info = '4294967295/0' (0) Acct-Output-Packets = 55646737 (0) NAS-IP-Address = 213.151.231.112 (0) Acct-Output-Octets = 2287091997 (0) Acct-Session-Time = 4044432 (0) User-Name = 'foo@orangenet.sk' (0) Acct-Input-Packets = 35210049 (0) Acct-Input-Octets = 2507619532 (0) Acct-Session-Id = '01F157C4' (0) Acct-Output-Gigawords = 17 (0) Service-Type = Framed-User (0) Acct-Authentic = RADIUS (0) NAS-Port-Id = 'Uniq-Sess-ID21041' (0) Calling-Station-Id = '#FINT_C210_01#90847724# Slot:205,Port:25,VPI:1,VCI:32' (0) Framed-Protocol = PPP (0) Acct-Input-Gigawords = 0 (0) NAS-Port = 41041 (0) Acct-Delay-Time = 0 (0) # Executing section preacct from file ../../raddb/auth/sites-enabled/default (0) preacct { (0) preprocess: EXPAND /^213\.151\.231\./ (0) preprocess: --> /^213\.151\.231\./ (0) preprocess: EXPAND /^213\.151\.232\./ (0) preprocess: --> /^213\.151\.232\./ (0) [preprocess] = ok .... (0) [detail] = ok (0) if (&Huntgroup-Name) { (0) if (&Huntgroup-Name) -> FALSE (0) if (&Huntgroup-Name) { ... Thank you
On Tue, Apr 14, 2015 at 04:12:52PM +0200, Peter Balsianok wrote:
I have configuration file (huntgroup):
LNS NAS-IP-Address =~ /^213\.151\.231\./ LNS NAS-IP-Address =~ /^213\.151\.232\./ LNS NAS-IP-Address == 213.151.235.230
Why freeradius does not set Huntgroup-Name to LNS (based on first regexp if NAS-IP-Address=213.151.231.112) ?
regexps in huntgroups are iffy at best, ISTR.
If i use LNS NAS-IP-Address == 213.151.231.112, freeradius sets Huntgroup-Name correct.
Try without the /.../ around the regexp, e.g. LNS NAS-IP-Address =~ ^213\.151\.231\. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
Not work On Tue, Apr 14, 2015 at 4:27 PM, Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Tue, Apr 14, 2015 at 04:12:52PM +0200, Peter Balsianok wrote:
I have configuration file (huntgroup):
LNS NAS-IP-Address =~ /^213\.151\.231\./ LNS NAS-IP-Address =~ /^213\.151\.232\./ LNS NAS-IP-Address == 213.151.235.230
Why freeradius does not set Huntgroup-Name to LNS (based on first regexp if NAS-IP-Address=213.151.231.112) ?
regexps in huntgroups are iffy at best, ISTR.
If i use LNS NAS-IP-Address == 213.151.231.112, freeradius sets Huntgroup-Name correct.
Try without the /.../ around the regexp, e.g.
LNS NAS-IP-Address =~ ^213\.151\.231\.
Matthew
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I have configuration file (huntgroup):
LNS NAS-IP-Address =~ /^213\.151\.231\./ LNS NAS-IP-Address =~ /^213\.151\.232\./ LNS NAS-IP-Address == 213.151.235.230
regex is huntgroups doesnt operate 100% like elsewhere.....and they are going. use unlang to define a policy instead...not only can you use all the usual regex but doing it that way is a lot lot fster than huntgroup method alan
On 14 Apr 2015, at 11:42, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
I have configuration file (huntgroup):
LNS NAS-IP-Address =~ /^213\.151\.231\./ LNS NAS-IP-Address =~ /^213\.151\.232\./ LNS NAS-IP-Address == 213.151.235.230
regex is huntgroups doesnt operate 100% like elsewhere.....and they are going.
use unlang to define a policy instead...not only can you use all the usual regex but doing it that way is a lot lot fster than huntgroup method
Support for regular expressions in users files and huntgroups, on non string attributes was removed in v3.0.x (it never worked properly). It may reappear in v3.1.x if they get converted to use the template and map APIs. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Arran Cudbard-Bell -
Matthew Newton -
Peter Balsianok