UserName, Password + MAC authentication using Cisco's BBSM 5.3
Hello, I'm using Freeradius 1.1.17 version with Cisco's BBSM. With MySqL database too. I've storing username, passwords in mysql db. For now, authentication is OK. I want to check MAC address of users while they are authenticating. Inmy radcheck table: | id | UserName | Attribute | op | Value | +----+-------------+--------------------+----+-------------------+ | 3 | java | Password | == | password | | 18 | java | Calling-Station-Id | == | aa-bb-cc-dd-ee-ff | Also, BBSM's snmp is enabled. So I can get users' MAC addresses. I want Radius server checks username, password and MAC addresses at the same time when the user authenticate. Without Calling-Station-Id, authentication is OK. When I add Calling-Station-Id, the user cannot authenticate. In which table, do I enter this attribute? Also i cannot close or deactivate user session when I want to. When i removing from BBSM Mysql db, session is still open. Or can I put expiration time at every 03 o'clock? Could someone help me abt these?
1. Use Cleartext-Password with =: as stated in the server documentation. 2. Post the output of radiusd -X. It's likely that the format for the MAC address is wrong. It can have : for delimiters or no delimiters at all. 3. That's not how you end user sessions on any device, Cisco or otherwise. Putting your head in the sand will not make it go away. 4. You use Login-Time not Expiration for that. Ivan Kalik Kalik Informatika ISP Dana 25/1/2008, "javkhlanbaatar@newcomsystems.mn" <javkhlanbaatar@newcomsystems.mn> piše:
Hello,
I'm using Freeradius 1.1.17 version with Cisco's BBSM. With MySqL database too. I've storing username, passwords in mysql db. For now, authentication is OK. I want to check MAC address of users while they are authenticating. Inmy radcheck table:
| id | UserName | Attribute | op | Value | +----+-------------+--------------------+----+-------------------+ | 3 | java | Password | == | password | | 18 | java | Calling-Station-Id | == | aa-bb-cc-dd-ee-ff |
Also, BBSM's snmp is enabled. So I can get users' MAC addresses. I want Radius server checks username, password and MAC addresses at the same time when the user authenticate. Without Calling-Station-Id, authentication is OK. When I add Calling-Station-Id, the user cannot authenticate. In which table, do I enter this attribute?
Also i cannot close or deactivate user session when I want to. When i removing from BBSM Mysql db, session is still open. Or can I put expiration time at every 03 o'clock?
Could someone help me abt these?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, I've just installed new version 2.0.1 and it was some kind of different. But now it's OK. Still I didn't find any clues of MAC authentication with username and password. Could you give some advices? Also I used to enter Login-Time to my radreply table but there isn't anything changed. Due to the lack of FreeRadius books and still continues to introduce newer versions, I have to ask about these, apologize for that. Still waiting for the book. Also don't say "READ THE DOCS". You know, all the books are older. And all the mailers aren't PRO as like you. Thanks for paying attention.
1. Use Cleartext-Password with =: as stated in the server documentation.
2. Post the output of radiusd -X. It's likely that the format for the MAC address is wrong. It can have : for delimiters or no delimiters at all.
3. That's not how you end user sessions on any device, Cisco or otherwise. Putting your head in the sand will not make it go away.
4. You use Login-Time not Expiration for that.
Ivan Kalik Kalik Informatika ISP
Dana 25/1/2008, "javkhlanbaatar@newcomsystems.mn" <javkhlanbaatar@newcomsystems.mn> pi¹e:
Hello,
I'm using Freeradius 1.1.17 version with Cisco's BBSM. With MySqL database too. I've storing username, passwords in mysql db. For now, authentication is OK. I want to check MAC address of users while they are authenticating. Inmy radcheck table:
| id | UserName | Attribute | op | Value | +----+-------------+--------------------+----+-------------------+ | 3 | java | Password | == | password | | 18 | java | Calling-Station-Id | == | aa-bb-cc-dd-ee-ff |
Also, BBSM's snmp is enabled. So I can get users' MAC addresses. I want Radius server checks username, password and MAC addresses at the same time when the user authenticate. Without Calling-Station-Id, authentication is OK. When I add Calling-Station-Id, the user cannot authenticate. In which table, do I enter this attribute?
Also i cannot close or deactivate user session when I want to. When i removing from BBSM Mysql db, session is still open. Or can I put expiration time at every 03 o'clock?
Could someone help me abt these?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
javkhlanbaatar@newcomsystems.mn wrote:
Thanks, I've just installed new version 2.0.1 and it was some kind of different. But now it's OK. Still I didn't find any clues of MAC authentication with username and password. Could you give some advices?
Run the server in debugging mode, and see what the NAS sends in an Access-Request. Different NAS vendors (and models) send different packets as "MAC authentication". There is NO common method.
Also I used to enter Login-Time to my radreply table but there isn't anything changed.
As always, run the server in debugging mode.
Due to the lack of FreeRadius books and still continues to introduce newer versions, I have to ask about these, apologize for that. Still waiting for the book. Also don't say "READ THE DOCS". You know, all the books are older. And all the mailers aren't PRO as like you.
Of course. But the docs *do* explain what we need for us to be able to help you: run the server in debugging mode, and post the output here. The documentation says this in about 5 places. The message you are responding to told you to do this. You still haven't done it. You have a choice: follow the instructions and maybe get the problem solved, OR ignore the instructions, and have everyone on this list ignore you as a result. Alan DeKok.
Hi, I have a question. When the user logs using own username and password into Radius server (ie, using 192.168.160.5), it is OK. When someone change IP address statically into logged IP (to 192.168.160.5), he can use the logged account. I mean he can use another one's account. How can I block another PC? And I don't want the user logs often in one day. User must logs once in a day. That's why I don't want to put Idle-Timeout attribute. I'm using FreeRadius 2.0.1 with Cisco'BBSM 5.3. Could you give some clarfication for this? Thanks
Hey, On Jan 29, 2008 9:45 AM, <javkhlanbaatar@newcomsystems.mn> wrote:
Hi,
I have a question. When the user logs using own username and password into Radius server (ie, using 192.168.160.5), it is OK. When someone change IP address statically into logged IP (to 192.168.160.5), he can use the logged account. I mean he can use another one's account.
This is something that the NAS controls. FreeRADIUS only receives authentication requests upon which it can Accept or Reject the user. You might also want to look at the Simultaneous-Use attribute.
How can I block another PC? And I don't want the user logs often in one day.
You can set a check attribute for the Calling-Station-Id MAC Address and so the user will be granted access only if he logs in from a specific machine.
User must logs once in a day. That's why I don't want to put Idle-Timeout attribute.
Explain better please. Regards, Liran Tal.
Yes. Use VLANs and port based authentication and they won't be able to do that. If they manually change IP address to a different VLAN connection will become unusable. Ivan Kalik Kaliki Informatika ISP Dana 29/1/2008, "javkhlanbaatar@newcomsystems.mn" <javkhlanbaatar@newcomsystems.mn> piše:
Hi,
I have a question. When the user logs using own username and password into Radius server (ie, using 192.168.160.5), it is OK. When someone change IP address statically into logged IP (to 192.168.160.5), he can use the logged account. I mean he can use another one's account. How can I block another PC? And I don't want the user logs often in one day. User must logs once in a day. That's why I don't want to put Idle-Timeout attribute.
I'm using FreeRadius 2.0.1 with Cisco'BBSM 5.3. Could you give some clarfication for this?
Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hmm. That sounds great. I have Port-based VLANs on the switches but still no affects. Am I using wrong type VLANs? Port-based authentication, could you explain some? Thanks.
Yes. Use VLANs and port based authentication and they won't be able to do that. If they manually change IP address to a different VLAN connection will become unusable.
Ivan Kalik Kaliki Informatika ISP
Dana 29/1/2008, "javkhlanbaatar@newcomsystems.mn" <javkhlanbaatar@newcomsystems.mn> pi¹e:
Hi,
I have a question. When the user logs using own username and password into Radius server (ie, using 192.168.160.5), it is OK. When someone change IP address statically into logged IP (to 192.168.160.5), he can use the logged account. I mean he can use another one's account. How can I block another PC? And I don't want the user logs often in one day. User must logs once in a day. That's why I don't want to put Idle-Timeout attribute.
I'm using FreeRadius 2.0.1 with Cisco'BBSM 5.3. Could you give some clarfication for this?
Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1. Switch has to support dynamic VLAN assignment by radius. Then you pass Tunnel set of attributes (type, medium and id) to it and place a user in a desired VLAN. If you can only configure VLANs manually, than this is not going to work. 2. How does someone change his IP address to a different subnet and VLAN connection through the switch still works??? That should not be possible. Your VLAN configuration is suspect. If someone is placed on a VLAN with a private address and then changes the address to a public one (trying to get onto Internet, for instance) - he should not be able to connect to anything because he is on one subnet and gateway on another. Same applies if all addresses are private but you are doing NAT for one (subnet) and not for another etc. Ivan Kalik Kalik Informatika ISP Dana 31/1/2008, "javkhlanbaatar@newcomsystems.mn" <javkhlanbaatar@newcomsystems.mn> piše:
Hmm. That sounds great. I have Port-based VLANs on the switches but still no affects. Am I using wrong type VLANs? Port-based authentication, could you explain some? Thanks.
Yes. Use VLANs and port based authentication and they won't be able to do that. If they manually change IP address to a different VLAN connection will become unusable.
Ivan Kalik Kaliki Informatika ISP
Dana 29/1/2008, "javkhlanbaatar@newcomsystems.mn" <javkhlanbaatar@newcomsystems.mn> piše:
Hi,
I have a question. When the user logs using own username and password into Radius server (ie, using 192.168.160.5), it is OK. When someone change IP address statically into logged IP (to 192.168.160.5), he can use the logged account. I mean he can use another one's account. How can I block another PC? And I don't want the user logs often in one day. User must logs once in a day. That's why I don't want to put Idle-Timeout attribute.
I'm using FreeRadius 2.0.1 with Cisco'BBSM 5.3. Could you give some clarfication for this?
Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, Everything with the Authentication is OK. But Accounting is not working. I've added dialupadmin tables (such as badusers.sql, userinfo.sql .... ) to my radius table. Do I have to insert some data to them? These tables are empty. And in dialupadmin, there isn't any RADIUSClients menu on the web. When I tried to add new user by dialupadmin, "Could not open encryption library file" error. I've uncommented most of parts in the conf files. I think, Accounting Packet is not sending and sending back Reply packet. How can I manage these? Also give me brief description of unlang function, please. Here is the logging with debugging mode: Ready to process requests. rad_recv: Access-Request packet from host 203.34.37.40 port 1060, id=2, length=124 User-Name = "testuser" User-Password = "test" NAS-IP-Address = 203.34.37.40 NAS-Port = 10101001 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.160.111 Called-Station-Id = "001B2109D9EC" Calling-Station-Id = "ff-ff-ff-ff-ff-ff" Acct-Session-Id = "143" NAS-Port-Type = Virtual +- entering group authorize ++[preprocess] returns ok expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/203.34.37.40/auth-detail-20080204 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/203.34.37.40/auth-detail-20080204 expand: %t -> Mon Feb 4 12:27:56 2008 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound users: Matched entry DEFAULT at line 172 ++[files] returns ok expand: %{User-Name} -> testuser rlm_sql (sql): sql_set_user escaped user --> 'testuser' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser' ORDER BY id expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'testuser' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM usergroup WHERE username = 'testuser' ORDER BYpriority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname= '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id rlm_sql (sql): User found in group static expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname= '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair ++[daily] returns noop rlm_checkval: Item Name: Calling-Station-Id, Value: ff-ff-ff-ff-ff-ff rlm_checkval: Value Name: Calling-Station-Id, Value: ff-ff-ff-ff-ff-ff ++[checkval] returns ok ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] returns noop rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [testuser/test] (from client radiusbbsm port 10101001 cli ff-ff-ff-ff-ff-ff) +- entering group post-auth expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/203.34.37.40/reply-detail-20080204 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/203.34.37.40/reply-detail-20080204 expand: %t -> Mon Feb 4 12:27:56 2008 ++[reply_log] returns ok rlm_sql (sql): Processing sql_postauth expand: %{User-Name} -> borluulalt rlm_sql (sql): sql_set_user escaped user --> 'testuser' expand: %{User-Password} -> test expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56') expand: /usr/local/var/log/radius/sqltrace.sql -> /usr/local/var/log/radius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56') rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56') rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok rlm_sql_log (sql_log): Processing sql_log_postauth expand: %{User-Name} -> testuser expand: %{%{User-Name}:-DEFAULT} -> testuser rlm_sql_log (sql_log): sql_set_user escaped user --> 'testuser' WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56'); expand: /usr/local/var/log/radius/radacct/sql-relay -> /usr/local/var/log/radius/radacct/sql-relay ++[sql_log] returns ok Sending Access-Accept of id 2 to 203.34.37.40 port 1060 Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Service-Type := Framed-User Finished request 1.
Those are access-request and access-accept packets. No accounting request is being received ! Your NAS isn't sending any accounting messages ? Maybe you should disable all those modules that you don't need ! Regards, E:S -----Original Message----- From: freeradius-users-bounces+edvin.seferovic=kolp.at@lists.freeradius.org [mailto:freeradius-users-bounces+edvin.seferovic=kolp.at@lists.freeradius.or g] On Behalf Of javkhlanbaatar@newcomsystems.mn Sent: Montag, 04. Februar 2008 07:14 To: FreeRadius users mailing list Subject: not Accountint Hi, Everything with the Authentication is OK. But Accounting is not working. I've added dialupadmin tables (such as badusers.sql, userinfo.sql .... ) to my radius table. Do I have to insert some data to them? These tables are empty. And in dialupadmin, there isn't any RADIUSClients menu on the web. When I tried to add new user by dialupadmin, "Could not open encryption library file" error. I've uncommented most of parts in the conf files. I think, Accounting Packet is not sending and sending back Reply packet. How can I manage these? Also give me brief description of unlang function, please. Here is the logging with debugging mode: Ready to process requests. rad_recv: Access-Request packet from host 203.34.37.40 port 1060, id=2, length=124 User-Name = "testuser" User-Password = "test" NAS-IP-Address = 203.34.37.40 NAS-Port = 10101001 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.160.111 Called-Station-Id = "001B2109D9EC" Calling-Station-Id = "ff-ff-ff-ff-ff-ff" Acct-Session-Id = "143" NAS-Port-Type = Virtual +- entering group authorize ++[preprocess] returns ok expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/203.34.37.40/auth-detail-20080204 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/203.34.37.40/auth-detail-20080204 expand: %t -> Mon Feb 4 12:27:56 2008 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound users: Matched entry DEFAULT at line 172 ++[files] returns ok expand: %{User-Name} -> testuser rlm_sql (sql): sql_set_user escaped user --> 'testuser' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser' ORDER BY id expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'testuser' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM usergroup WHERE username = 'testuser' ORDER BYpriority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname= '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id rlm_sql (sql): User found in group static expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname= '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair ++[daily] returns noop rlm_checkval: Item Name: Calling-Station-Id, Value: ff-ff-ff-ff-ff-ff rlm_checkval: Value Name: Calling-Station-Id, Value: ff-ff-ff-ff-ff-ff ++[checkval] returns ok ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] returns noop rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [testuser/test] (from client radiusbbsm port 10101001 cli ff-ff-ff-ff-ff-ff) +- entering group post-auth expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/203.34.37.40/reply-detail-20080204 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/203.34.37.40/reply-detail-20080204 expand: %t -> Mon Feb 4 12:27:56 2008 ++[reply_log] returns ok rlm_sql (sql): Processing sql_postauth expand: %{User-Name} -> borluulalt rlm_sql (sql): sql_set_user escaped user --> 'testuser' expand: %{User-Password} -> test expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56') expand: /usr/local/var/log/radius/sqltrace.sql -> /usr/local/var/log/radius/sqltrace.sql rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56') rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56') rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok rlm_sql_log (sql_log): Processing sql_log_postauth expand: %{User-Name} -> testuser expand: %{%{User-Name}:-DEFAULT} -> testuser rlm_sql_log (sql_log): sql_set_user escaped user --> 'testuser' WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('testuser', 'test', 'Access-Accept', '2008-02-04 12:27:56'); expand: /usr/local/var/log/radius/radacct/sql-relay -> /usr/local/var/log/radius/radacct/sql-relay ++[sql_log] returns ok Sending Access-Accept of id 2 to 203.34.37.40 port 1060 Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Service-Type := Framed-User Finished request 1. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (6)
-
Alan DeKok -
Edvin Seferovic -
Ivan Kalik -
javkhlanbaatar@newcomsystems.mn -
Liran Tal -
tnt@kalik.co.yu