Re: Virtual server can't set reply attributes
Alan wrote:
That's wrong. Why are you using Cisco-AVPair twice? It should be: Cisco-AVPair += "ip:inacl=ACL_VIRT_SECURE_IN" I just badly pasted. The SQL table is fine.
OK... and what does the debug log look like for 2.2.5? Are you using the same SQL tables? Or different ones? The same tables. 2.2.5 output:
rad_recv: Access-Request packet from host 193.151.53.4 port 1645, id=59, length=121 Framed-Protocol = PPP User-Name = "test1" CHAP-Password = 0x0123554ba1746f7fd30486bd0bd46c39de Calling-Station-Id = "0024.c435.f7e4" NAS-Port-Type = Ethernet NAS-Port = 33554632 NAS-Port-Id = "0/0/2/200" Connect-Info = "POL_Vlan200_500M" Service-Type = Framed-User NAS-IP-Address = 193.151.53.4 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/srv_default +group authorize { ++[preprocess] = ok [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Stripped-User-Name = "test1" [suffix] Adding Realm = "NULL" [suffix] Proxying request from user test1 to realm NULL [suffix] Preparing to proxy authentication request to realm "NULL" ++[suffix] = updated +} # group authorize = updated WARNING: Empty pre-proxy section. Using default return values.
Sending proxied request internally to virtual server. server srv_null { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/srv_null +group authorize { ++[preprocess] = ok [chap] Setting 'Auth-Type := CHAP' ++[chap] = ok [files] users: Matched entry DEFAULT at line 172 ++[files] = ok [sql] expand: %{Stripped-User-Name} -> test1 [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> test1 [sql] sql_set_user escaped user --> 'test1' rlm_sql (sql): Reserving sql socket id: 26 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = BINARY 'test1' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = BINARY 'test1' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = BINARY 'test1' ORDER BY priority rlm_sql (sql): Released sql socket id: 26 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop +} # group authorize = ok Found Auth-Type = CHAP # Executing group from file /usr/local/etc/raddb/sites-enabled/srv_null +group CHAP { [chap] login attempt by "test1" with CHAP password [chap] Using clear text password "test121" for user test1 authentication. [chap] chap user test1 authenticated succesfully ++[chap] = ok +} # group CHAP = ok WARNING: Empty post-auth section. Using default return values. } # server srv_null Going to the next request <<< Received proxied response code 2 from internal virtual server. WARNING: Empty post-proxy section. Using default return values. Found Auth-Type = Accept Auth-Type = Accept, accepting the user WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/srv_default WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/srv_default Sending Access-Accept of id 59 to 193.151.53.4 port 1645 Framed-Protocol = PPP Cisco-AVPair += "ip:inacl=ACL_VIRT_SECURE_IN" Finished request 5. Going to the next request Waking up in 4.9 seconds.
-- Regards, Paul
I've pushed a fix. Please try the "release_3_0_4" branch from git. Alan DeKok.
participants (2)
-
Alan DeKok -
Paul