Hi, I upgraded our test server from 2.0.4 to 2.0.5 today and proxy setup we use stopped working. Currently (2.0.4) we have following entries in the users.conf: DEFAULT User-Name =~ '@bitstream.dsl.xxxx$', Proxy-To-Realm := quik-dsl Cisco-AVpair += "ip:dns-servers=x.y.129.67 x.y.129.68", Framed-Pool += "ubs-1", Huawei-Primary-DNS += "x.y.129.67", Huawei-Secondary-DNS += "x.y.129.68" And as expected after the home server said 'accept' I could see the following reply: Framed-Protocol = PPP Service-Type = Framed-User Framed-Pool = "ubs-1" Huawei-Primary-DNS = x.y.129.67 Huawei-Secondary-DNS = x.y.129.68 (a combination of reply from the home server and proxy, plus some filtering). On the 2.0.5 - i only get the attributes from the home servers, stuff doesn't get appended by proxies. Should that continue to work? kind regards Pshem
Hi, Freeradius 2.0.4: FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Apr 28 2008 at 04:41:52 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/proxy-generated.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/sql-perhost.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/local_logger including configuration file /etc/freeradius/sites-enabled/proxy including configuration file /etc/freeradius/post-proxy.conf including configuration file /etc/freeradius/post-proxy-ipcheck.conf including configuration file /etc/freeradius/sites-enabled/sproxy including configuration file /etc/freeradius/sites-enabled/backend including configuration file /etc/freeradius/sites-enabled/remote_logger including configuration file /etc/freeradius/sites-enabled/billing_logger including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = yes pidfile = "/var/run/freeradius/freeradius.pid" user = "freerad" group = "freerad" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes security { max_attributes = 200 reject_delay = 1 status_server = yes } } client 10.119.10.20/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-slb1" } client 10.119.2.150/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-slb1-ext" } client 10.119.10.0/24 { require_message_authenticator = no secret = "secret" shortname = "grafton-proxies" } client 10.119.10.241/32 { require_message_authenticator = no secret = "secret" shortname = "radslb1" } client 10.119.10.242/32 { require_message_authenticator = no secret = "secret" shortname = "radslb2" } client 10.119.10.243/32 { require_message_authenticator = no secret = "secret" shortname = "radslb3" } client 10.119.10.244/32 { require_message_authenticator = no secret = "secret" shortname = "radslb4" } client 10.119.2.43/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-lns3" } client 10.119.2.49/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-lns4" } client 10.119.255.242/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bba1" } client 10.119.255.90/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras1" } client 10.119.255.92/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras1" } client 10.119.2.180/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-testbras1" } client 10.119.255.91/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras2" } client 10.119.255.93/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras2" } client 10.119.255.244/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras3" } client 10.119.255.54/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bba2" } client 10.119.2.147/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-lns5" } client 10.176.0.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts1" } client 10.176.0.225/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts2" } client 10.176.0.226/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts3" } client 10.176.0.227/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts4" } client 10.176.0.228/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts5" } client 10.176.5.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mab-lts1" } client 10.176.4.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-ell-lts1" } client 10.176.3.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-glf-lts1" } client 10.176.2.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-oh-lts1" } client 10.176.1.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-pop-lts1" } client 10.176.1.225/32 { require_message_authenticator = no secret = "secret" shortname = "akl-pop-lts2" } client 10.176.1.226/32 { require_message_authenticator = no secret = "secret" shortname = "akl-pop-lts3" } client 10.119.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas1" } client 10.119.9.2/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas2" } client 10.119.9.3/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas3" } client 10.119.9.4/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas4" } client 10.119.9.5/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas5" } client 10.119.9.6/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas6" } client 10.119.9.7/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas7" } client 10.119.9.8/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas8" } client 10.119.9.9/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas9" } client 10.119.9.10/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas10" } client 10.119.9.11/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas11" } client 10.119.9.12/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas12" } client 10.119.9.13/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas13" } client 10.119.9.14/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas14" } client 10.119.9.15/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas15" } client 10.119.9.16/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas16" } client 10.119.9.17/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas17" } client 10.119.9.18/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas18" } client 10.119.9.64/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-diallns3" } client 10.119.9.66/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-diallns4" } client 10.203.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "chc-bcl-nas1" } client 10.203.9.2/32 { require_message_authenticator = no secret = "secret" shortname = "chc-bcl-nas2" } client 10.204.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "dun-bcl-nas1" } client 10.205.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "ham-tcl-nas1" } client 10.205.9.2/32 { require_message_authenticator = no secret = "secret" shortname = "ham-tcl-nas2" } client 10.206.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "inv-bcl-nas1" } client 10.207.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "nap-bcl-nas1" } client 10.208.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "npl-tcl-nas1" } client 10.209.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "pmr-tcl-nas1" } client 10.210.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "qtn-bcl-nas1" } client 10.211.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "rot-tcl-nas1" } client 10.212.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "tuo-tcl-nas1" } client 10.213.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "tga-bcl-nas1" } client 10.214.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "tim-bcl-nas1" } client 10.215.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "whn-bcl-nas1" } client 10.216.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "whk-bcl-nas1" } client 10.229.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "chc-bcl-nas1" } client 10.117.2.122/32 { require_message_authenticator = no secret = "testing123" shortname = "test-bras-dslam" } client 127.0.0.1 { require_message_authenticator = no secret = "secret" shortname = "localhost" nastype = "other" } radiusd: #### Loading Realms and Home Servers #### home_server remote_logger { ipaddr = 10.119.10.63 port = 1822 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool remote_logger_pool { type = fail-over home_server = remote_logger } realm remote_acct { acct_pool = remote_logger_pool nostrip } home_server billing_logger1 { ipaddr = 10.119.10.51 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server billing_logger2 { ipaddr = 10.119.10.52 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server billing_logger3 { ipaddr = 10.119.10.53 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server billing_logger4 { ipaddr = 10.119.10.54 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool billing_logger_pool { type = load-balance home_server = billing_logger1 home_server = billing_logger2 home_server = billing_logger3 home_server = billing_logger4 } realm billing_acct { acct_pool = billing_logger_pool nostrip } home_server hs07-auth { ipaddr = 127.0.0.1 port = 1815 type = "auth" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp08-auth { type = load-balance home_server = hs07-auth } home_server hs07-acct { ipaddr = 127.0.0.1 port = 1816 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp08-acct { type = load-balance home_server = hs07-acct } realm catch-all { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dial { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dial-globalroam { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dial-ipnet { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dsl { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dsl-pooled { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dsl-premium { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-pppoe-dsl { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-pppoe-dsl-pooled { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-wc { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } home_server hs01-auth { ipaddr = w.v.110.1 port = 1812 type = "auth" secret = "wignlpb!" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp02-auth { type = fail-over home_server = hs01-auth home_server = hs01-auth } home_server hs01-acct { ipaddr = w.v.110.1 port = 1813 type = "acct" secret = "wignlpb!" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp02-acct { type = fail-over home_server = hs01-acct home_server = hs01-acct } realm qkr-dial-callnz { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-callnz-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } home_server hs03-auth { ipaddr = w.v.110.7 port = 1812 type = "auth" secret = "ak41nrx" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp04-auth { type = fail-over home_server = hs03-auth home_server = hs03-auth } home_server hs03-acct { ipaddr = w.v.110.7 port = 1813 type = "acct" secret = "ak41nrx" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp04-acct { type = fail-over home_server = hs03-acct home_server = hs03-acct } realm qkr-dial-econs { auth_pool = hsp04-auth acct_pool = hsp04-acct nostrip } realm qkr-dial-econs-ipnet { auth_pool = hsp04-auth acct_pool = hsp04-acct nostrip } realm qkr-dial-eznet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-eznet-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-kwrec { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-kwrec-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-main { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-main-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-raglan { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-raglan-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-reconx { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-reconx-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-test { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-test2 { auth_pool = hsp04-auth acct_pool = hsp04-acct nostrip } realm qkr-dial-thenet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-thenet-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-thnet2 { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-thnet2-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vip { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vip-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vsurf { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vsurf-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-webnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-webnet-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } home_server hs05-auth { ipaddr = 127.0.0.1 port = 1818 type = "auth" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp06-auth { type = fail-over home_server = hs05-auth } home_server hs05-acct { ipaddr = 127.0.0.1 port = 1819 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp06-acct { type = fail-over home_server = hs05-acct } realm quik-dial { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm quik-dial-ipnet { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm quik-dsl { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial-ipnet { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial-pccon { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial-pccon-ipnet { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dsl { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-homepages { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_expr Module: Instantiating expr } radiusd: #### Loading Virtual Servers #### server local_logger { modules { Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_sql Module: Instantiating sql_localhost sql sql_localhost { driver = "rlm_sql_postgresql" server = "127.0.0.1" port = "" login = "raduser" password = "raduser" radius_db = "radbackend" read_groups = yes sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 200 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret FROM nas" authorize_check_query = "SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = "DELETE FROM radsession WHERE nas_ip = '%{NAS-IP-Address}' OR client_ip = '%{Client-IP-Address}'" accounting_update_query = " UPDATE radsession SET ip_address = NULLIF('%{Framed-IP-Address}', '')::inet, keepalive = extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, accounting_session_id = '%{Acct-Session-Id}' WHERE session_id = substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'),0,250)" accounting_update_query_alt = " INSERT INTO radsession (session_id, accounting_session_id, ip_address, username, radiusrealm, nas_ip, client_ip, device_name, calling_station_id, called_station_id, keepalive, created) VALUES (substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'), 0, 250), '%{Acct-Session-Id}', NULLIF('%{Framed-IP-Address}', '')::inet, '%{SQL-User-Name}', '%{IHUG-Domain}', '%{NAS-IP-Address}', '%{Client-IP-Address}', '%{NAS-Identifier}', '%{Calling-Station-Id}', '%{Called-Station-Id}', extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, extract(EPOCH from CURRENT_TIMESTAMP(0))::integer)" accounting_start_query = " INSERT INTO radsession (session_id, accounting_session_id, ip_address, username, radiusrealm, nas_ip, client_ip, device_name, calling_station_id, called_station_id, keepalive, created) VALUES (substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'), 0, 250), '%{Acct-Session-Id}', NULLIF('%{Framed-IP-Address}', '')::inet, '%{SQL-User-Name}', '%{IHUG-Domain}', '%{NAS-IP-Address}', '%{Client-IP-Address}', '%{NAS-Identifier}', '%{Calling-Station-Id}', '%{Called-Station-Id}', extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, extract(EPOCH from CURRENT_TIMESTAMP(0))::integer)" accounting_start_query_alt = " UPDATE radsession SET ip_address = NULLIF('%{Framed-IP-Address}', '')::inet, keepalive = extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, accounting_session_id = '%{Acct-Session-Id}' WHERE session_id = substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'),0,250)" accounting_stop_query = " SELECT DELETE FROM radsession WHERE session_id = substr ('%{SQL-User-Name}'::varchar || '-'::varchar || '%{Acct-Session-Id}'::varchar || '-'::varchar || '%{NAS-IP-Address}'::varchar,0,250)" accounting_stop_query_alt = "" group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 20 simul_count_query = "" simul_verify_query = "" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql_localhost): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked rlm_sql (sql_localhost): Attempting to connect to raduser@127.0.0.1:/radbackend rlm_sql (sql_localhost): starting 0 rlm_sql (sql_localhost): Attempting to connect rlm_sql_postgresql #0 rlm_sql (sql_localhost): Connected new DB handle, #0 rlm_sql (sql_localhost): starting 1 {cut} rlm_sql (sql_localhost): starting 199 rlm_sql (sql_localhost): Attempting to connect rlm_sql_postgresql #199 rlm_sql (sql_localhost): Connected new DB handle, #199 } } server proxy { modules { Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = yes with_alvarion_vsa_hack = no } Module: Linked to module rlm_files Module: Instantiating proxy_files files proxy_files { usersfile = "/etc/freeradius/proxy-users" acctusersfile = "/etc/freeradius/proxy-users" preproxy_usersfile = "/etc/freeradius/preproxy-users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.strip-ip attr_filter attr_filter.strip-ip { attrsfile = "/etc/freeradius/attrs.strip-ip" key = "%{Realm}" } Module: Instantiating attr_filter.post-proxy attr_filter attr_filter.post-proxy { attrsfile = "/etc/freeradius/attrs.post-proxy" key = "%{Realm}" } Module: Checking post-auth {...} for more modules to load } } server sproxy { modules { Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_attr_rewrite Module: Instantiating removePccoIPNET attr_rewrite removePccoIPNET { attribute = "Called-Station-Id" searchfor = "0870[34679]06600" searchin = "packet" replacewith = "pcco_ipnet" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformPccoToIhug attr_rewrite transformPccoToIhug { attribute = "User-Name" searchfor = "@pcconnect.abc" searchin = "packet" replacewith = "_pcco@abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformPccoDialupToIhug attr_rewrite transformPccoDialupToIhug { attribute = "User-Name" searchfor = "^([abcdefghijklmnopqrstuvwxyz0123456789-]+)$" searchin = "packet" replacewith = "%{1}_pcco" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating removeWaveIPNET attr_rewrite removeWaveIPNET { attribute = "Called-Station-Id" searchfor = "0870[34679]06600" searchin = "packet" replacewith = "wave_ipnet" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformAtWaveToIhug attr_rewrite transformAtWaveToIhug { attribute = "User-Name" searchfor = "@wave.abc" searchin = "packet" replacewith = "_wave" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDslToIhug attr_rewrite transformWaveDslToIhug { attribute = "User-Name" searchfor = "@dsl.wave.abc" searchin = "packet" replacewith = "_wave@adsl.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDslToIhug2 attr_rewrite transformWaveDslToIhug2 { attribute = "User-Name" searchfor = "@turbo.wave.abc" searchin = "packet" replacewith = "_wave@adsl.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDialupToIhug attr_rewrite transformWaveDialupToIhug { attribute = "User-Name" searchfor = "^([-_abcdefghijklmnopqrstuvwxyz0123456789\.]+)$" searchin = "packet" replacewith = "%{1}_wave" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDialupToIhug2 attr_rewrite transformWaveDialupToIhug2 { attribute = "User-Name" searchfor = "@wave.abc" searchin = "packet" replacewith = "_wave@abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveHomepagesToIhug attr_rewrite transformWaveHomepagesToIhug { attribute = "User-Name" searchfor = "@homepages.wave.abc" searchin = "packet" replacewith = "_wave@homepages.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating removeQuikIPNET attr_rewrite removeQuikIPNET { attribute = "Called-Station-Id" searchfor = "0870[34679]02222" searchin = "packet" replacewith = "quik_ipnet" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformQuikDialupToIhug attr_rewrite transformQuikDialupToIhug { attribute = "User-Name" searchfor = "^(\w+)$" searchin = "packet" replacewith = "%{1}_quik" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformQuikDslToIhug attr_rewrite transformQuikDslToIhug { attribute = "User-Name" searchfor = "@bitstream.quik.abc" searchin = "packet" replacewith = "_quik@adsl.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating sproxy_files files sproxy_files { usersfile = "/etc/freeradius/sproxy-users" acctusersfile = "/etc/freeradius/sproxy-users" compat = "no" } Module: Checking preacct {...} for more modules to load } } server backend { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Checking authorize {...} for more modules to load Module: Instantiating trim_password attr_rewrite trim_password { attribute = "User-Password" searchfor = "^([@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:/]{8})(.*)" searchin = "packet" replacewith = "%{1}" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating strip_domain attr_rewrite strip_domain { attribute = "User-Name" searchfor = "@(.*)" searchin = "packet" replacewith = "" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail_local detail detail_local { detailfile = "/var/log/freeradius/radacct/detail_local" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating detail_remote detail detail_remote { detailfile = "/var/log/freeradius/radacct/detail_remote" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating detail_billing detail detail_billing { detailfile = "/var/log/freeradius/radacct/detail_billing" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } } server remote_logger { modules { Module: Checking preacct {...} for more modules to load Module: Instantiating remote_files files remote_files { usersfile = "/etc/freeradius/remote_acct_proxy.conf" acctusersfile = "/etc/freeradius/remote_acct_proxy.conf" compat = "cistron" } [/etc/freeradius/remote_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... [/etc/freeradius/remote_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating ok always ok { rcode = "ok" simulcount = 0 mpp = no } } } server billing_logger { modules { Module: Checking preacct {...} for more modules to load Module: Instantiating billing_files files billing_files { usersfile = "/etc/freeradius/billing_acct_proxy.conf" acctusersfile = "/etc/freeradius/billing_acct_proxy.conf" compat = "cistron" } [/etc/freeradius/billing_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... [/etc/freeradius/billing_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... Module: Checking accounting {...} for more modules to load } } server { modules { } } radiusd: #### Opening IP addresses and Ports #### listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail_local" load_factor = 20 } } listen { type = "acct" ipaddr = * port = 1822 } listen { type = "auth" ipaddr = * port = 1812 } listen { type = "acct" ipaddr = * port = 1813 } listen { type = "auth" ipaddr = 127.0.0.1 port = 1818 client 127.0.0.1 { require_message_authenticator = no secret = "secret" nastype = "other" } } listen { type = "acct" ipaddr = 127.0.0.1 port = 1819 } listen { type = "auth" ipaddr = 127.0.0.1 port = 1815 } listen { type = "acct" ipaddr = 127.0.0.1 port = 1816 } listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail_remote" load_factor = 20 } } listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail_billing" load_factor = 20 } } Listening on detail file /var/log/freeradius/radacct/detail_local as server local_logger Listening on accounting address * port 1822 as server local_logger Listening on authentication address * port 1812 as server proxy Listening on accounting address * port 1813 as server proxy Listening on authentication address 127.0.0.1 port 1818 as server sproxy Listening on accounting address 127.0.0.1 port 1819 as server sproxy Listening on authentication address 127.0.0.1 port 1815 as server backend Listening on accounting address 127.0.0.1 port 1816 as server backend Listening on detail file /var/log/freeradius/radacct/detail_remote as server remote_logger Listening on detail file /var/log/freeradius/radacct/detail_billing as server billing_logger Listening on proxy address * port 1814 Polling for detail file /var/log/freeradius/radacct/detail_local Polling for detail file /var/log/freeradius/radacct/detail_remote Polling for detail file /var/log/freeradius/radacct/detail_billing rad_recv: Access-Request packet from host 127.0.0.1 port 32843, id=120, length=477 User-Name = "erikastrata@adsl.abc.xyz" User-Password = "userpass" NAS-Port = 134217728 NAS-IP-Address = 10.119.255.90 Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#" NAS-Identifier = "akl-grafton-bras2" NAS-Port-Type = Virtual NAS-Port-Id = "slot=8;subslot=0;port=0;vlanid=0;" Acct-Session-Id = "akl-gra080000000000004ebf9c118198" Connect-Info = "1000000000" Tunnel-Type:0 = L2TP Tunnel-Client-Endpoint:0 = "10.176.1.224" Tunnel-Server-Endpoint:0 = "10.119.255.92" Tunnel-Client-Auth-Id:0 = "akl-pop-lts1" Huawei-Startup-Stamp = 1210252897 Huawei-IPHost-Addr = "255.255.255.255 ff:ff:ff:ff:ff:ff" Huawei-Connect-ID = 118198 Huawei-Version = "Huawei ME60" Huawei-Product-ID = "ME60" Huawei-Domain-Name = "ihug-ubs" server proxy { +- entering group authorize ++[preprocess] returns ok expand: %{User-Name} -> erikastrata@adsl.abc.xyz expand: %{User-Name} -> erikastrata@adsl.abc.xyz expand: %{User-Name} -> erikastrata@adsl.abc.xyz users: Matched entry DEFAULT at line 79 ++[proxy_files] returns ok } # server proxy +- entering group pre-proxy expand: %{control:Proxy-To-Realm} -> ihug-dsl-pooled ++[proxy-request] returns noop Sending Access-Request of id 68 to 127.0.0.1 port 1815 User-Name = "erikastrata@adsl.abc.xyz" User-Password = "userpass" NAS-Port = 134217728 NAS-IP-Address = 10.119.255.90 Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#" NAS-Identifier = "akl-grafton-bras2" NAS-Port-Type = Virtual NAS-Port-Id = "slot=8;subslot=0;port=0;vlanid=0;" Acct-Session-Id = "akl-gra080000000000004ebf9c118198" Connect-Info = "1000000000" Tunnel-Type:0 = L2TP Tunnel-Client-Endpoint:0 = "10.176.1.224" Tunnel-Server-Endpoint:0 = "10.119.255.92" Tunnel-Client-Auth-Id:0 = "akl-pop-lts1" Huawei-Startup-Stamp = 1210252897 Huawei-IPHost-Addr = "255.255.255.255 ff:ff:ff:ff:ff:ff" Huawei-Connect-ID = 118198 Huawei-Version = "Huawei ME60" Huawei-Product-ID = "ME60" Huawei-Domain-Name = "ihug-ubs" Proxy-State = 0x313230 IHUG-Domain = "ihug-dsl-pooled" Proxying request 0 to home server 127.0.0.1 port 1815 Sending Access-Request of id 68 to 127.0.0.1 port 1815 User-Name = "erikastrata@adsl.abc.xyz" User-Password = "userpass" NAS-Port = 134217728 NAS-IP-Address = 10.119.255.90 Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#" NAS-Identifier = "akl-grafton-bras2" NAS-Port-Type = Virtual NAS-Port-Id = "slot=8;subslot=0;port=0;vlanid=0;" Acct-Session-Id = "akl-gra080000000000004ebf9c118198" Connect-Info = "1000000000" Tunnel-Type:0 = L2TP Tunnel-Client-Endpoint:0 = "10.176.1.224" Tunnel-Server-Endpoint:0 = "10.119.255.92" Tunnel-Client-Auth-Id:0 = "akl-pop-lts1" Huawei-Startup-Stamp = 1210252897 Huawei-IPHost-Addr = "255.255.255.255 ff:ff:ff:ff:ff:ff" Huawei-Connect-ID = 118198 Huawei-Version = "Huawei ME60" Huawei-Product-ID = "ME60" Huawei-Domain-Name = "ihug-ubs" Proxy-State = 0x313230 IHUG-Domain = "ihug-dsl-pooled" Going to the next request Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 1814, id=68, length=505 User-Name = "erikastrata@adsl.abc.xyz" User-Password = "userpass" NAS-Port = 134217728 NAS-IP-Address = 10.119.255.90 Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#" NAS-Identifier = "akl-grafton-bras2" NAS-Port-Type = Virtual NAS-Port-Id = "slot=8;subslot=0;port=0;vlanid=0;" Acct-Session-Id = "akl-gra080000000000004ebf9c118198" Connect-Info = "1000000000" Tunnel-Type:0 = L2TP Tunnel-Client-Endpoint:0 = "10.176.1.224" Tunnel-Server-Endpoint:0 = "10.119.255.92" Tunnel-Client-Auth-Id:0 = "akl-pop-lts1" Huawei-Startup-Stamp = 1210252897 Huawei-IPHost-Addr = "255.255.255.255 ff:ff:ff:ff:ff:ff" Huawei-Connect-ID = 118198 Huawei-Version = "Huawei ME60" Huawei-Product-ID = "ME60" Huawei-Domain-Name = "ihug-ubs" Proxy-State = 0x313230 IHUG-Domain = "ihug-dsl-pooled" server backend { +- entering group authorize ++[preprocess] returns ok expand: ^([@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:/]{8})(.*) -> ^([@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:/]{8})(.*) trim_password: Does not match: User-Password = userpass ++[trim_password] returns ok expand: @(.*) -> @(.*) strip_domain: Changed value for attribute User-Name from 'erikastrata@adsl.abc.xyz' to 'erikastrata' ++[strip_domain] returns ok ++[chap] returns noop expand: %{User-Name} -> erikastrata rlm_sql (sql_localhost): sql_set_user escaped user --> 'erikastrata' rlm_sql (sql_localhost): Reserving sql socket id: 199 expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'erikastrata' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql_localhost): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'erikastrata' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 5 expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='erikastrata' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 3 , fields = 1 expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'ADSL' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql_localhost): User found in group ADSL expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'ADSL' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 2 , fields = 5 rlm_sql (sql_localhost): Released sql socket id: 199 ++[sql_localhost] returns ok ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "userpass" rlm_pap: Using clear text password "userpass" rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [erikastrata/userpass] (from client localhost port 134217728 cli GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#) } # server backend Sending Access-Accept of id 68 to 127.0.0.1 port 1814 Framed-Protocol := PPP Service-Type := Framed-User Proxy-State = 0x313230 Finished request 1. Going to the next request Waking up in 0.6 seconds. rad_recv: Access-Accept packet from host 127.0.0.1 port 1815, id=68, length=37 Framed-Protocol = PPP Service-Type = Framed-User Proxy-State = 0x313230 +- entering group post-proxy ++? if ("%{Packet-Type}" == Access-Request) expand: %{Packet-Type} -> Access-Request ? Evaluating ("%{Packet-Type}" == Access-Request) -> TRUE ++? if ("%{Packet-Type}" == Access-Request) -> TRUE ++- entering if ("%{Packet-Type}" == Access-Request) +++? if ("%{proxy-reply:Framed-IP-Address}" =~ /^10\.20.*$/) expand: %{proxy-reply:Framed-IP-Address} -> ? Evaluating ("%{proxy-reply:Framed-IP-Address}" =~ /^10\.20.*$/) -> FALSE +++? if ("%{proxy-reply:Framed-IP-Address}" =~ /^10\.20.*$/) -> FALSE ++- if ("%{Packet-Type}" == Access-Request) returns noop ++? if ("%{Packet-Type}" == Access-Request) expand: %{Packet-Type} -> Access-Request ? Evaluating ("%{Packet-Type}" == Access-Request) -> TRUE ++? if ("%{Packet-Type}" == Access-Request) -> TRUE ++- entering if ("%{Packet-Type}" == Access-Request) +++? if ("%{proxy-reply:IHUG-Speed-Down}") expand: %{proxy-reply:IHUG-Speed-Down} -> ? Evaluating ("%{proxy-reply:IHUG-Speed-Down}") -> FALSE +++? if ("%{proxy-reply:IHUG-Speed-Down}") -> FALSE ++- if ("%{Packet-Type}" == Access-Request) returns noop ++? if (("%{Packet-Type}" == Access-Request) && ("%{proxy-reply:Framed-IP-Address}" )) expand: %{Packet-Type} -> Access-Request ?? Evaluating ("%{Packet-Type}" == Access-Request) -> TRUE expand: %{proxy-reply:Framed-IP-Address} -> ?? Evaluating ("%{proxy-reply:Framed-IP-Address}" ) -> FALSE ++? if (("%{Packet-Type}" == Access-Request) && ("%{proxy-reply:Framed-IP-Address}" )) -> FALSE expand: %{Realm} -> ihug-dsl-pooled attr_filter: Matched entry DEFAULT at line 1 ++[attr_filter.post-proxy] returns updated server proxy { +- entering group authorize ++[preprocess] returns ok expand: %{User-Name} -> erikastrata@adsl.abc.xyz expand: %{User-Name} -> erikastrata@adsl.abc.xyz expand: %{User-Name} -> erikastrata@adsl.abc.xyz users: Matched entry DEFAULT at line 79 ++[proxy_files] returns ok rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Login OK: [erikastrata@adsl.abc.xyz/userpass] (from client localhost port 134217728 cli GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#) +- entering group post-auth ++[proxy_files] returns noop } # server proxy Sending Access-Accept of id 120 to 127.0.0.1 port 32843 Framed-Protocol = PPP Service-Type = Framed-User Framed-Pool += "ihug-ubs-1" Framed-Pool += "ihug-ubs-2" Framed-Pool += "ihug-ubs-3" Framed-Pool += "ihug-ubs-4" Framed-Pool += "ihug-ubs-5" Framed-Pool += "ihug-ubs-6" Huawei-Primary-DNS += x.y.129.67 Huawei-Secondary-DNS += x.y.129.68 Finished request 0. Going to the next request Waking up in 0.6 seconds. Polling for detail file /var/log/freeradius/radacct/detail_local Polling for detail file /var/log/freeradius/radacct/detail_remote Polling for detail file /var/log/freeradius/radacct/detail_billing Waking up in 0.9 seconds. Freeradius 2.0.5: FreeRADIUS Version 2.0.5, for host i486-pc-linux-gnu, built on Jun 9 2008 at 11:56:15 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/proxy-generated.conf including configuration file /etc/freeradius/clients.conf including configuration file /etc/freeradius/sql-perhost.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/local_logger including configuration file /etc/freeradius/sites-enabled/remote_logger including configuration file /etc/freeradius/sites-enabled/proxy including configuration file /etc/freeradius/post-proxy.conf including configuration file /etc/freeradius/post-proxy-ipcheck.conf including configuration file /etc/freeradius/sites-enabled/sproxy including configuration file /etc/freeradius/sites-enabled/billing_logger including configuration file /etc/freeradius/sites-enabled/backend group = freerad user = freerad including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = yes pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } } client 10.119.10.20/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-slb1" } client 10.119.2.150/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-slb1-ext" } client 10.119.10.0/24 { require_message_authenticator = no secret = "secret" shortname = "grafton-proxies" } client 10.119.10.241/32 { require_message_authenticator = no secret = "secret" shortname = "radslb1" } client 10.119.10.242/32 { require_message_authenticator = no secret = "secret" shortname = "radslb2" } client 10.119.10.243/32 { require_message_authenticator = no secret = "secret" shortname = "radslb3" } client 10.119.10.244/32 { require_message_authenticator = no secret = "secret" shortname = "radslb4" } client 10.119.2.43/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-lns3" } client 10.119.2.49/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-lns4" } client 10.119.255.242/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bba1" } client 10.119.255.90/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras1" } client 10.119.255.92/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras1" } client 10.119.2.180/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-testbras1" } client 10.119.255.91/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras2" } client 10.119.255.93/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras2" } client 10.119.255.244/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bras3" } client 10.119.255.54/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-bba2" } client 10.119.2.147/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-lns5" } client 10.176.0.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts1" } client 10.176.0.225/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts2" } client 10.176.0.226/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts3" } client 10.176.0.227/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts4" } client 10.176.0.228/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mdr-lts5" } client 10.176.5.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-mab-lts1" } client 10.176.4.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-ell-lts1" } client 10.176.3.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-glf-lts1" } client 10.176.2.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-oh-lts1" } client 10.176.1.224/32 { require_message_authenticator = no secret = "secret" shortname = "akl-pop-lts1" } client 10.176.1.225/32 { require_message_authenticator = no secret = "secret" shortname = "akl-pop-lts2" } client 10.176.1.226/32 { require_message_authenticator = no secret = "secret" shortname = "akl-pop-lts3" } client 10.119.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas1" } client 10.119.9.2/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas2" } client 10.119.9.3/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas3" } client 10.119.9.4/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas4" } client 10.119.9.5/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas5" } client 10.119.9.6/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas6" } client 10.119.9.7/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas7" } client 10.119.9.8/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas8" } client 10.119.9.9/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas9" } client 10.119.9.10/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas10" } client 10.119.9.11/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas11" } client 10.119.9.12/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas12" } client 10.119.9.13/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas13" } client 10.119.9.14/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas14" } client 10.119.9.15/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas15" } client 10.119.9.16/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas16" } client 10.119.9.17/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas17" } client 10.119.9.18/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-nas18" } client 10.119.9.64/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-diallns3" } client 10.119.9.66/32 { require_message_authenticator = no secret = "secret" shortname = "akl-grafton-diallns4" } client 10.203.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "chc-bcl-nas1" } client 10.203.9.2/32 { require_message_authenticator = no secret = "secret" shortname = "chc-bcl-nas2" } client 10.204.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "dun-bcl-nas1" } client 10.205.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "ham-tcl-nas1" } client 10.205.9.2/32 { require_message_authenticator = no secret = "secret" shortname = "ham-tcl-nas2" } client 10.206.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "inv-bcl-nas1" } client 10.207.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "nap-bcl-nas1" } client 10.208.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "npl-tcl-nas1" } client 10.209.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "pmr-tcl-nas1" } client 10.210.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "qtn-bcl-nas1" } client 10.211.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "rot-tcl-nas1" } client 10.212.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "tuo-tcl-nas1" } client 10.213.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "tga-bcl-nas1" } client 10.214.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "tim-bcl-nas1" } client 10.215.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "whn-bcl-nas1" } client 10.216.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "whk-bcl-nas1" } client 10.229.9.1/32 { require_message_authenticator = no secret = "secret" shortname = "chc-bcl-nas1" } client 10.117.2.122/32 { require_message_authenticator = no secret = "testing123" shortname = "test-bras-dslam" } client 127.0.0.1 { require_message_authenticator = no secret = "secret" shortname = "localhost" nastype = "other" } radiusd: #### Loading Realms and Home Servers #### home_server remote_logger { ipaddr = 10.119.10.64 port = 1822 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool remote_logger_pool { type = fail-over home_server = remote_logger } realm remote_acct { acct_pool = remote_logger_pool nostrip } home_server billing_logger1 { ipaddr = 10.119.10.51 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server billing_logger2 { ipaddr = 10.119.10.52 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server billing_logger3 { ipaddr = 10.119.10.53 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server billing_logger4 { ipaddr = 10.119.10.54 port = 1812 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool billing_logger_pool { type = load-balance home_server = billing_logger1 home_server = billing_logger2 home_server = billing_logger3 home_server = billing_logger4 } realm billing_acct { acct_pool = billing_logger_pool nostrip } home_server hs07-auth { ipaddr = 127.0.0.1 port = 1815 type = "auth" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp08-auth { type = load-balance home_server = hs07-auth } home_server hs07-acct { ipaddr = 127.0.0.1 port = 1816 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp08-acct { type = load-balance home_server = hs07-acct } realm catch-all { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dial { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dial-globalroam { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dial-ipnet { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dsl { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dsl-pooled { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-dsl-premium { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-pppoe-dsl { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-pppoe-dsl-pooled { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } realm ihug-wc { auth_pool = hsp08-auth acct_pool = hsp08-acct nostrip } home_server hs01-auth { ipaddr = w.v.110.1 port = 1812 type = "auth" secret = "wignlpb!" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp02-auth { type = fail-over home_server = hs01-auth home_server = hs01-auth } home_server hs01-acct { ipaddr = w.v.110.1 port = 1813 type = "acct" secret = "wignlpb!" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp02-acct { type = fail-over home_server = hs01-acct home_server = hs01-acct } realm qkr-dial-callnz { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-callnz-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } home_server hs03-auth { ipaddr = w.v.110.7 port = 1812 type = "auth" secret = "ak41nrx" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp04-auth { type = fail-over home_server = hs03-auth home_server = hs03-auth } home_server hs03-acct { ipaddr = w.v.110.7 port = 1813 type = "acct" secret = "ak41nrx" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp04-acct { type = fail-over home_server = hs03-acct home_server = hs03-acct } realm qkr-dial-econs { auth_pool = hsp04-auth acct_pool = hsp04-acct nostrip } realm qkr-dial-econs-ipnet { auth_pool = hsp04-auth acct_pool = hsp04-acct nostrip } realm qkr-dial-eznet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-eznet-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-kwrec { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-kwrec-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-main { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-main-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-raglan { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-raglan-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-reconx { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-reconx-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-test { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-test2 { auth_pool = hsp04-auth acct_pool = hsp04-acct nostrip } realm qkr-dial-thenet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-thenet-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-thnet2 { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-thnet2-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vip { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vip-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vsurf { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-vsurf-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-webnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } realm qkr-dial-webnet-ipnet { auth_pool = hsp02-auth acct_pool = hsp02-acct nostrip } home_server hs05-auth { ipaddr = 127.0.0.1 port = 1818 type = "auth" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp06-auth { type = fail-over home_server = hs05-auth } home_server hs05-acct { ipaddr = 127.0.0.1 port = 1819 type = "acct" secret = "secret" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool hsp06-acct { type = fail-over home_server = hs05-acct } realm quik-dial { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm quik-dial-ipnet { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm quik-dsl { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial-ipnet { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial-pccon { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dial-pccon-ipnet { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-dsl { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } realm wave-homepages { auth_pool = hsp06-auth acct_pool = hsp06-acct nostrip } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_expr Module: Instantiating expr } radiusd: #### Loading Virtual Servers #### server local_logger { modules { Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_sql Module: Instantiating sql_localhost sql sql_localhost { driver = "rlm_sql_postgresql" server = "127.0.0.1" port = "" login = "raduser" password = "raduser" radius_db = "radbackend" read_groups = yes sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 200 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret FROM nas" authorize_check_query = "SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = "DELETE FROM radsession WHERE nas_ip = '%{NAS-IP-Address}' OR client_ip = '%{Client-IP-Address}'" accounting_update_query = " UPDATE radsession SET ip_address = NULLIF('%{Framed-IP-Address}', '')::inet, keepalive = extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, accounting_session_id = '%{Acct-Session-Id}' WHERE session_id = substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'),0,250)" accounting_update_query_alt = " INSERT INTO radsession (session_id, accounting_session_id, ip_address, username, radiusrealm, nas_ip, client_ip, device_name, calling_station_id, called_station_id, keepalive, created) VALUES (substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'), 0, 250), '%{Acct-Session-Id}', NULLIF('%{Framed-IP-Address}', '')::inet, '%{SQL-User-Name}', '%{IHUG-Domain}', '%{NAS-IP-Address}', '%{Client-IP-Address}', '%{NAS-Identifier}', '%{Calling-Station-Id}', '%{Called-Station-Id}', extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, extract(EPOCH from CURRENT_TIMESTAMP(0))::integer)" accounting_start_query = " INSERT INTO radsession (session_id, accounting_session_id, ip_address, username, radiusrealm, nas_ip, client_ip, device_name, calling_station_id, called_station_id, keepalive, created) VALUES (substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'), 0, 250), '%{Acct-Session-Id}', NULLIF('%{Framed-IP-Address}', '')::inet, '%{SQL-User-Name}', '%{IHUG-Domain}', '%{NAS-IP-Address}', '%{Client-IP-Address}', '%{NAS-Identifier}', '%{Calling-Station-Id}', '%{Called-Station-Id}', extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, extract(EPOCH from CURRENT_TIMESTAMP(0))::integer)" accounting_start_query_alt = " UPDATE radsession SET ip_address = NULLIF('%{Framed-IP-Address}', '')::inet, keepalive = extract(EPOCH from CURRENT_TIMESTAMP(0))::integer, accounting_session_id = '%{Acct-Session-Id}' WHERE session_id = substr ('%{SQL-User-Name}'::varchar || '-' || '%{Acct-Session-Id}'::varchar || '-' || host('%{NAS-IP-Address}'),0,250)" accounting_stop_query = " SELECT DELETE FROM radsession WHERE session_id = substr ('%{SQL-User-Name}'::varchar || '-'::varchar || '%{Acct-Session-Id}'::varchar || '-'::varchar || '%{NAS-IP-Address}'::varchar,0,250)" accounting_stop_query_alt = "" group_membership_query = "SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority" connect_failure_retry_delay = 20 simul_count_query = "" simul_verify_query = "" postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql_localhost): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked rlm_sql (sql_localhost): Attempting to connect to raduser@127.0.0.1:/radbackend rlm_sql (sql_localhost): starting 0 rlm_sql (sql_localhost): Attempting to connect rlm_sql_postgresql #0 rlm_sql (sql_localhost): Connected new DB handle, #0 rlm_sql (sql_localhost): starting 1 {cut} rlm_sql (sql_localhost): starting 199 rlm_sql (sql_localhost): Attempting to connect rlm_sql_postgresql #199 rlm_sql (sql_localhost): Connected new DB handle, #199 } } server remote_logger { modules { Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_files Module: Instantiating remote_files files remote_files { usersfile = "/etc/freeradius/remote_acct_proxy.conf" acctusersfile = "/etc/freeradius/remote_acct_proxy.conf" compat = "cistron" } [/etc/freeradius/remote_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... [/etc/freeradius/remote_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating ok always ok { rcode = "ok" simulcount = 0 mpp = no } } } server proxy { modules { Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = yes with_alvarion_vsa_hack = no } Module: Instantiating proxy_files files proxy_files { usersfile = "/etc/freeradius/proxy-users" acctusersfile = "/etc/freeradius/proxy-users" preproxy_usersfile = "/etc/freeradius/preproxy-users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.strip-ip attr_filter attr_filter.strip-ip { attrsfile = "/etc/freeradius/attrs.strip-ip" key = "%{Realm}" } Module: Instantiating attr_filter.post-proxy attr_filter attr_filter.post-proxy { attrsfile = "/etc/freeradius/attrs.post-proxy" key = "%{Realm}" } Module: Checking post-auth {...} for more modules to load } } server sproxy { modules { Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_attr_rewrite Module: Instantiating removePccoIPNET attr_rewrite removePccoIPNET { attribute = "Called-Station-Id" searchfor = "0870[34679]06600" searchin = "packet" replacewith = "pcco_ipnet" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformPccoToIhug attr_rewrite transformPccoToIhug { attribute = "User-Name" searchfor = "@pcconnect.abc" searchin = "packet" replacewith = "_pcco@abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformPccoDialupToIhug attr_rewrite transformPccoDialupToIhug { attribute = "User-Name" searchfor = "^([abcdefghijklmnopqrstuvwxyz0123456789-]+)$" searchin = "packet" replacewith = "%{1}_pcco" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating removeWaveIPNET attr_rewrite removeWaveIPNET { attribute = "Called-Station-Id" searchfor = "0870[34679]06600" searchin = "packet" replacewith = "wave_ipnet" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformAtWaveToIhug attr_rewrite transformAtWaveToIhug { attribute = "User-Name" searchfor = "@wave.abc" searchin = "packet" replacewith = "_wave" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDslToIhug attr_rewrite transformWaveDslToIhug { attribute = "User-Name" searchfor = "@dsl.wave.abc" searchin = "packet" replacewith = "_wave@adsl.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDslToIhug2 attr_rewrite transformWaveDslToIhug2 { attribute = "User-Name" searchfor = "@turbo.wave.abc" searchin = "packet" replacewith = "_wave@adsl.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDialupToIhug attr_rewrite transformWaveDialupToIhug { attribute = "User-Name" searchfor = "^([-_abcdefghijklmnopqrstuvwxyz0123456789\.]+)$" searchin = "packet" replacewith = "%{1}_wave" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveDialupToIhug2 attr_rewrite transformWaveDialupToIhug2 { attribute = "User-Name" searchfor = "@wave.abc" searchin = "packet" replacewith = "_wave@abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformWaveHomepagesToIhug attr_rewrite transformWaveHomepagesToIhug { attribute = "User-Name" searchfor = "@homepages.wave.abc" searchin = "packet" replacewith = "_wave@homepages.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating removeQuikIPNET attr_rewrite removeQuikIPNET { attribute = "Called-Station-Id" searchfor = "0870[34679]02222" searchin = "packet" replacewith = "quik_ipnet" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformQuikDialupToIhug attr_rewrite transformQuikDialupToIhug { attribute = "User-Name" searchfor = "^(\w+)$" searchin = "packet" replacewith = "%{1}_quik" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating transformQuikDslToIhug attr_rewrite transformQuikDslToIhug { attribute = "User-Name" searchfor = "@bitstream.quik.abc" searchin = "packet" replacewith = "_quik@adsl.abc.xyz" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating sproxy_files files sproxy_files { usersfile = "/etc/freeradius/sproxy-users" acctusersfile = "/etc/freeradius/sproxy-users" compat = "no" } Module: Checking preacct {...} for more modules to load } } server billing_logger { modules { Module: Checking preacct {...} for more modules to load Module: Instantiating billing_files files billing_files { usersfile = "/etc/freeradius/billing_acct_proxy.conf" acctusersfile = "/etc/freeradius/billing_acct_proxy.conf" compat = "cistron" } [/etc/freeradius/billing_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... [/etc/freeradius/billing_acct_proxy.conf]:1 Cistron compatibility checks for entry DEFAULT ... Module: Checking accounting {...} for more modules to load } } server backend { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Checking authorize {...} for more modules to load Module: Instantiating trim_password attr_rewrite trim_password { attribute = "User-Password" searchfor = "^([@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:/]{8})(.*)" searchin = "packet" replacewith = "%{1}" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Instantiating strip_domain attr_rewrite strip_domain { attribute = "User-Name" searchfor = "@(.*)" searchin = "packet" replacewith = "" append = no ignore_case = yes new_attribute = no max_matches = 1 } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail_local detail detail_local { detailfile = "/var/log/freeradius/radacct/detail_local" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating detail_remote detail detail_remote { detailfile = "/var/log/freeradius/radacct/detail_remote" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating detail_billing detail detail_billing { detailfile = "/var/log/freeradius/radacct/detail_billing" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } } server { modules { } } radiusd: #### Opening IP addresses and Ports #### listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail_local" load_factor = 20 } } listen { type = "acct" ipaddr = * port = 1822 } listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail_remote" load_factor = 20 } } listen { type = "auth" ipaddr = * port = 1812 } listen { type = "acct" ipaddr = * port = 1813 } listen { type = "auth" ipaddr = 127.0.0.1 port = 1818 client 127.0.0.1 { require_message_authenticator = no secret = "secret" nastype = "other" } } listen { type = "acct" ipaddr = 127.0.0.1 port = 1819 } listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail_billing" load_factor = 20 } } listen { type = "auth" ipaddr = 127.0.0.1 port = 1815 } listen { type = "acct" ipaddr = 127.0.0.1 port = 1816 } Listening on detail file /var/log/freeradius/radacct/detail_local as server local_logger Listening on accounting address * port 1822 as server local_logger Listening on detail file /var/log/freeradius/radacct/detail_remote as server remote_logger Listening on authentication address * port 1812 as server proxy Listening on accounting address * port 1813 as server proxy Listening on authentication address 127.0.0.1 port 1818 as server sproxy Listening on accounting address 127.0.0.1 port 1819 as server sproxy Listening on detail file /var/log/freeradius/radacct/detail_billing as server billing_logger Listening on authentication address 127.0.0.1 port 1815 as server backend Listening on accounting address 127.0.0.1 port 1816 as server backend Listening on proxy address * port 1814 Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/detail_local Polling for detail file /var/log/freeradius/radacct/detail_remote rad_recv: Access-Request packet from host 127.0.0.1 port 1814, id=80, length=505 User-Name = "erikastrata@adsl.abc.xyz" User-Password = "userpass" NAS-Port = 134217728 NAS-IP-Address = 10.119.255.90 Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#" NAS-Identifier = "akl-grafton-bras2" NAS-Port-Type = Virtual NAS-Port-Id = "slot=8;subslot=0;port=0;vlanid=0;" Acct-Session-Id = "akl-gra080000000000004ebf9c118198" Connect-Info = "1000000000" Tunnel-Type:0 = L2TP Tunnel-Client-Endpoint:0 = "10.176.1.224" Tunnel-Server-Endpoint:0 = "10.119.255.92" Tunnel-Client-Auth-Id:0 = "akl-pop-lts1" Huawei-Startup-Stamp = 1210252897 Huawei-IPHost-Addr = "255.255.255.255 ff:ff:ff:ff:ff:ff" Huawei-Connect-ID = 118198 Huawei-Version = "Huawei ME60" Huawei-Product-ID = "ME60" Huawei-Domain-Name = "ihug-ubs" Proxy-State = 0x323135 IHUG-Domain = "ihug-dsl-pooled" server backend { +- entering group authorize ++[preprocess] returns ok expand: ^([@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:/]{8})(.*) -> ^([@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:/]{8})(.*) trim_password: Does not match: User-Password = userpass ++[trim_password] returns ok expand: @(.*) -> @(.*) strip_domain: Changed value for attribute User-Name from 'erikastrata@adsl.abc.xyz' to 'erikastrata' ++[strip_domain] returns ok ++[chap] returns noop expand: %{User-Name} -> erikastrata rlm_sql (sql_localhost): sql_set_user escaped user --> 'erikastrata' rlm_sql (sql_localhost): Reserving sql socket id: 199 expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = 'erikastrata' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql_localhost): User found in radcheck table expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = 'erikastrata' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 0 , fields = 5 expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='erikastrata' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 3 , fields = 1 expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'ADSL' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 rlm_sql (sql_localhost): User found in group ADSL expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'ADSL' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 2 , fields = 5 rlm_sql (sql_localhost): Released sql socket id: 199 ++[sql_localhost] returns ok ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "userpass" rlm_pap: Using clear text password "userpass" rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [erikastrata/userpass] (from client localhost port 134217728 cli GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#) } # server backend Sending Access-Accept of id 80 to 127.0.0.1 port 1814 Framed-Protocol := PPP Service-Type := Framed-User Proxy-State = 0x323135 Finished request 3. Going to the next request Waking up in 0.7 seconds. rad_recv: Access-Accept packet from host 127.0.0.1 port 1815, id=80, length=37 Framed-Protocol = PPP Service-Type = Framed-User Proxy-State = 0x323135 +- entering group post-proxy ++? if ("%{Packet-Type}" == Access-Request) expand: %{Packet-Type} -> Access-Request ? Evaluating ("%{Packet-Type}" == Access-Request) -> TRUE ++? if ("%{Packet-Type}" == Access-Request) -> TRUE ++- entering if ("%{Packet-Type}" == Access-Request) +++? if ("%{proxy-reply:Framed-IP-Address}" =~ /^10\.20.*$/) expand: %{proxy-reply:Framed-IP-Address} -> ? Evaluating ("%{proxy-reply:Framed-IP-Address}" =~ /^10\.20.*$/) -> FALSE +++? if ("%{proxy-reply:Framed-IP-Address}" =~ /^10\.20.*$/) -> FALSE ++- if ("%{Packet-Type}" == Access-Request) returns noop ++? if ("%{Packet-Type}" == Access-Request) expand: %{Packet-Type} -> Access-Request ? Evaluating ("%{Packet-Type}" == Access-Request) -> TRUE ++? if ("%{Packet-Type}" == Access-Request) -> TRUE ++- entering if ("%{Packet-Type}" == Access-Request) +++? if ("%{proxy-reply:IHUG-Speed-Down}") expand: %{proxy-reply:IHUG-Speed-Down} -> ? Evaluating ("%{proxy-reply:IHUG-Speed-Down}") -> FALSE +++? if ("%{proxy-reply:IHUG-Speed-Down}") -> FALSE ++- if ("%{Packet-Type}" == Access-Request) returns noop ++? if (("%{Packet-Type}" == Access-Request) && ("%{proxy-reply:Framed-IP-Address}" )) expand: %{Packet-Type} -> Access-Request ?? Evaluating ("%{Packet-Type}" == Access-Request) -> TRUE expand: %{proxy-reply:Framed-IP-Address} -> ?? Evaluating ("%{proxy-reply:Framed-IP-Address}" ) -> FALSE ++? if (("%{Packet-Type}" == Access-Request) && ("%{proxy-reply:Framed-IP-Address}" )) -> FALSE expand: %{Realm} -> ihug-dsl-pooled attr_filter: Matched entry DEFAULT at line 1 ++[attr_filter.post-proxy] returns updated server proxy { rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Login OK: [erikastrata@adsl.abc.xyz/userpass] (from client localhost port 134217728 cli GigabitEthernet 12/0.160124:16-124#587211994#INFA290660:MAB-RAN-21 to MAB-ETH51 port 2/2/1##pppoe 00:07:72:0d:bd:2b#) +- entering group post-auth ++[proxy_files] returns noop } # server proxy Sending Access-Accept of id 215 to 127.0.0.1 port 32862 Framed-Protocol = PPP Service-Type = Framed-User Finished request 2. Going to the next request Waking up in 0.7 seconds. Polling for detail file /var/log/freeradius/radacct/detail_local Polling for detail file /var/log/freeradius/radacct/detail_remote Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/detail_local Polling for detail file /var/log/freeradius/radacct/detail_remote Waking up in 0.9 seconds. kind regards Pshem
Ah You're relying on the "authorize" section being run after the proxy reply is received. Don't do that. That feature was removed before 2.0, and seems to have accidentally been enabled again. It was removed in 2.0.5 because it's wrong. The "post-proxy" section is meant to process proxy replies. Use it, not the "authorize" section. If you need to run some *specific* module in the post-proxy section, you can migrate your configuration by doing: post-proxy { ... files.authorize sql.authorize ... } Which will run the "authorize" sections of the "files" and "sql" modules. Alan DeKok.
Hi, For some reason the module returns noop ;-( I tried the following: I created new 'files' instance: files post_proxy_files { usersfile = ${confdir}/post-proxy-users acctusersfile = ${confdir}/post-proxy-users auth_usersfile = ${confdir}/post-proxy-users postproxy_usersfile = ${confdir}/post-proxy-users postauth_usersfile = ${confdir}/post-proxy-users } (yes it's an overkill, I just tried to figure out which file is the one to be read during that phase) The post-proxy-users has the following syntax: DEFAULT NAS-IP-Address == '10.119.255.244' Cisco-AVpair += "ip:dns-servers=x.y.129.67 x.y.129.68", Framed-Pool += "wc-1", Huawei-Primary-DNS += "x.y.129.67", Huawei-Secondary-DNS += "x.y.129.68" (which is the same as the 'auth' section, without the Proxy-To-Realm statement). and the post-proxy section: post-proxy { post_proxy_files $INCLUDE post-proxy.conf attr_filter.post-proxy # reply_log } During the debug I get the following: Going to the next request rad_recv: Access-Accept packet from host 127.0.0.1 port 1815, id=175, length=57 IHUG-Speed-Down = "64" IHUG-Speed-Up = "64" Framed-Protocol = PPP Service-Type = Framed-User Proxy-State = 0x323339 +- entering group post-proxy ++[post_proxy_files] returns noop Which suggests that the module didn't find anything worth dwelling on. So I made a small experiment - replaced the entry in the users file with: DEFAULT Framed-Protocol == PPP Cisco-AVpair += "ip:dns-servers=x.y.129.67 x.y.129.68", Framed-Pool += "ihug-wc-1", Huawei-Primary-DNS += "x.y.129.67", Huawei-Secondary-DNS += "x.y.129.68" (to match the reply from the home server) and I got exactly what I wanted: +- entering group post-proxy postproxy_users: Matched entry DEFAULT at line 4 ++[post_proxy_files] returns ok and it returned the whole answer. Reading rlm_files.c I found the following: static int file_postproxy(void *instance, REQUEST *request) { struct file_instance *inst = instance; return file_common(inst, request, "postproxy_users", inst->postproxy_users, request->proxy_reply->vps, &request->reply->vps); } does that mean that in fact looks for the match only in the 'proxy-reply' packet? I guess the easiest way to fix this is to use unlang to update the reply packet based on information from either control or request attributes. kind regards Pshem
Pshem Kowalczyk wrote:
For some reason the module returns noop ;-( I tried the following:
Which is not what I suggested. Why?
I guess the easiest way to fix this is to use unlang to update the reply packet based on information from either control or request attributes.
That's what unlang is for. Alan DeKok.
participants (2)
-
Alan DeKok -
Pshem Kowalczyk