no group matching - we set read group = yes - but no group attributes is checked or taken :-(

Krystof Klima - WIFIPROFI.CZ klima at wifiprofi.cz
Mon Mar 17 21:09:46 CET 2014 

Hello,

 

We are using Freeradius from 1.x version, after new release of Fedora 20, we
reinstalled.all we connected well, but only group items is not checked /I am
sending all my config in this mail/ and radiusd doesnt write log "raddact"

 

We stop our old database for sure, for sure we install new blind original
Freeradius 3.0.1 "schema.sql" without success /user in database works - we
are accepted with user - only no log/

 

Can You help me ?? we solved this three weeks and we are unhappy from our
work.

 

List of debug :

 

  driver = "rlm_sql_mysql"

Mon Mar 17 20:26:44 2014 : Debug:       server = "localhost"

Mon Mar 17 20:26:44 2014 : Debug:       port = "3306"

Mon Mar 17 20:26:44 2014 : Debug:       login = "radius"

Mon Mar 17 20:26:44 2014 : Debug:       password = "radius"

Mon Mar 17 20:26:44 2014 : Debug:       radius_db = "radius_test"

Mon Mar 17 20:26:44 2014 : Debug:       read_groups = yes

Mon Mar 17 20:26:44 2014 : Debug:       read_clients = yes

Mon Mar 17 20:26:44 2014 : Debug:       delete_stale_sessions = yes

Mon Mar 17 20:26:44 2014 : Debug:       sql_user_name = "%{User-Name}"

Mon Mar 17 20:26:44 2014 : Debug:       default_user_profile = ""

Mon Mar 17 20:26:44 2014 : Debug:       client_query = "SELECT id, nasname,
shortname, type, secret, server FROM nas"

Mon Mar 17 20:26:44 2014 : Debug:       authorize_check_query = "SELECT id,
username, attribute, value, op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id"

Mon Mar 17 20:26:44 2014 : Debug:       authorize_reply_query = "SELECT id,
username, attribute, value, op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id"

Mon Mar 17 20:26:44 2014 : Debug:       authorize_group_check_query =
"SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE
groupname = '%{Sql-Group}' ORDER BY id

"

Mon Mar 17 20:26:44 2014 : Debug:       authorize_group_reply_query =
"SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE
groupname = '%{Sql-Group}' ORDER BY id

"

Mon Mar 17 20:26:44 2014 : Debug:       group_membership_query = "SELECT
groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY
priority"

Mon Mar 17 20:26:44 2014 : Debug:       simul_count_query = ""

Mon Mar 17 20:26:45 2014 : Debug:       simul_verify_query = "SELECT
radacctid, acctsessionid, username, nasipaddress, nasportid,
framedipaddress, callingstationid, framedprotoc

ol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS
NULL"

Mon Mar 17 20:26:45 2014 : Debug:       safe_characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

 

And important part with authorinizg.looks like group is empty, but executing
query on SSH will show DATA

 

Mon Mar 17 20:26:50 2014 : Debug: (0) sql :     expand: "SELECT id,
username, attribute, value, op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id" -> 'SELECT id,

username, attribute, value, op FROM radcheck WHERE username = 'tester' ORDER
BY id'

Mon Mar 17 20:26:50 2014 : Debug: rlm_sql (sql): Executing query: 'SELECT
id, username, attribute, value, op FROM radcheck WHERE username = 'tester'
ORDER BY id'

Mon Mar 17 20:26:50 2014 : Debug: (0) sql : User found in radcheck table

Mon Mar 17 20:26:50 2014 : Debug: (0) sql : Check items matched

Mon Mar 17 20:26:50 2014 : Debug: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id

Mon Mar 17 20:26:50 2014 : Debug: Parsed xlat tree:

Mon Mar 17 20:26:50 2014 : Debug: literal: 'SELECT id, username, attribute,
value, op FROM radreply WHERE username = ''

Mon Mar 17 20:26:50 2014 : Debug: attribute: SQL-User-Name

Mon Mar 17 20:26:50 2014 : Debug: {

Mon Mar 17 20:26:50 2014 : Debug:       ref  2

Mon Mar 17 20:26:50 2014 : Debug:       list 1

Mon Mar 17 20:26:50 2014 : Debug:       tag -128

Mon Mar 17 20:26:50 2014 : Debug: }

Mon Mar 17 20:26:50 2014 : Debug: literal: '' ORDER BY id'

Mon Mar 17 20:26:50 2014 : Debug: (0) sql :     expand: "SELECT id,
username, attribute, value, op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id" -> 'SELECT id,

username, attribute, value, op FROM radreply WHERE username = 'tester' ORDER
BY id'

Mon Mar 17 20:26:50 2014 : Debug: rlm_sql (sql): Executing query: 'SELECT
id, username, attribute, value, op FROM radreply WHERE username = 'tester'
ORDER BY id'

Mon Mar 17 20:26:50 2014 : Debug: (0) sql : ... falling-through to group
processing

Mon Mar 17 20:26:50 2014 : Debug: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority

Mon Mar 17 20:26:50 2014 : Debug: Parsed xlat tree:

Mon Mar 17 20:26:50 2014 : Debug: literal: 'SELECT groupname FROM
radusergroup WHERE username = ''

Mon Mar 17 20:26:50 2014 : Debug: attribute: SQL-User-Name

Mon Mar 17 20:26:50 2014 : Debug: {

Mon Mar 17 20:26:50 2014 : Debug:       ref  2

Mon Mar 17 20:26:50 2014 : Debug:       list 1

Mon Mar 17 20:26:50 2014 : Debug:       tag -128

Mon Mar 17 20:26:50 2014 : Debug: }

Mon Mar 17 20:26:50 2014 : Debug: literal: '' ORDER BY priority'

Mon Mar 17 20:26:50 2014 : Debug: (0) sql :     expand: "SELECT groupname
FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" ->
'SELECT groupname FROM radu

sergroup WHERE username = 'tester' ORDER BY priority'

Mon Mar 17 20:26:50 2014 : Debug: rlm_sql (sql): Executing query: 'SELECT
groupname FROM radusergroup WHERE username = 'tester' ORDER BY priority'

Mon Mar 17 20:26:50 2014 : Debug: (0) sql : ... falling-through to profile
processing

Mon Mar 17 20:26:50 2014 : Debug: rlm_sql (sql): Released connection (1)

Mon Mar 17 20:26:50 2014 : Info: rlm_sql (sql): Closing connection (0): Too
many free connections (2 > 0)

Mon Mar 17 20:26:50 2014 : Debug: rlm_sql_mysql: Socket destructor called,
closing socket

Mon Mar 17 20:26:50 2014 : Debug: (0)   modsingle[authorize]: returned from
sql (rlm_sql) for request 0

Mon Mar 17 20:26:50 2014 : Debug: (0)   [sql] = ok

Mon Mar 17 20:26:50 2014 : Debug: (0)   modsingle[authorize]: calling
expiration (rlm_expiration) for request

 

Regards,

 

Kryštof Klíma  ****

poskytování poradenství v oblasti sítí Lan a Wan, servis a prodej výpočetní
techniky

Mobil:    +420 774 331 774        E-mail:    <mailto:klima at wifiprofi.cz>
klima at wifiprofi.cz

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-devel/attachments/20140317/113eef1c/attachment.html>

More information about the Freeradius-Devel mailing list