Calling-Station-ID not sent by pam_radius_auth.

Christiaan Ehlers Christiaan.Ehlers at inclarity.co.uk
Fri Jun 3 15:39:54 CEST 2005


Hi
 
I currently running the following system:
Server: FreeRadius, MySQL
Client: pam_radius_auth, libnss_mysql.so
 
I use the freeradius to auth and account ssh logins, here is my pam.d/sshd
file on the client.
#%PAM-1.0
 
auth       sufficient   /lib/security/pam_radius_auth.so debug
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_radius_auth.so debug
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session    sufficient   /lib/security/pam_radius_auth.so debug
conf=/etc/radiusclient/servers
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so
 
Now when I authenticate I can see that the Calling-Station-ID gets passed,
but when I do authentication that field seems to be missing.
 
Here is the output of radiusd -X
 
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.1:3698, id=220, length=89
        User-Name = "test"
        User-Password = "123pass"
        NAS-IP-Address = 10.0.0.1
        NAS-Identifier = "sshd"
        NAS-Port = 2673
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only
        Calling-Station-Id = "10.1.1.1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'test'
rlm_sql (sql): sql_set_user escaped user --> 'test'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 7
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'test' ORDER BY id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = 'test' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 7
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type pap
auth: type "PAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_pap: login attempt by "test" with password 123pass
rlm_pap: Using password "$1$n/uxpq.r$FBKqAEC8KvsK13QVHRwAf/" for user test
authentication.
rlm_pap: Using CRYPT encryption.
rlm_pap: User authenticated succesfully
  modcall[authenticate]: module "pap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Sending Access-Accept of id 220 to 10.0.0.1:3698
        Framed-IP-Address := 10.1.1.1
        Framed-Protocol := PPP
        Service-Type := Framed-User
        Framed-Compression := Van-Jacobson-TCP-IP
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 10.0.0.1:3698, id=66,
length=72
        User-Name = "test"
        NAS-IP-Address = 10.0.0.1
        NAS-Identifier = "sshd"
        NAS-Port = 2673
        NAS-Port-Type = Virtual
        Acct-Status-Type = Start
        Acct-Session-Id = "00002673"
        Acct-Authentic = RADIUS
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
  modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 2673,Client-IP-Address =
10.0.0.1,NAS-IP-Address = 10.0.0.1,Acct-Session-Id = "00002673",User-Name =
"test"'
rlm_acct_unique: Acct-Unique-Session-ID = "a0ec8ab13c262f56".
  modcall[preacct]: module "acct_unique" returns ok for request 1
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[preacct]: module "suffix" returns noop for request 1
  modcall[preacct]: module "files" returns noop for request 1
modcall: group preacct returns ok for request 1
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat:  '/usr/local/var/log/radius/radacct/10.0.0.1/detail-20050603'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/radacct/10.0.0.1/detail-20050603
  modcall[accounting]: module "detail" returns ok for request 1
  modcall[accounting]: module "unix" returns ok for request 1
radius_xlat:  '/usr/local/var/log/radius/radutmp'
radius_xlat:  'test'
  modcall[accounting]: module "radutmp" returns ok for request 1
radius_xlat:  'test'
rlm_sql (sql): sql_set_user escaped user --> 'test'
radius_xlat:  'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName,
Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay) values('00002673', 'a0ec8ab13c262f56',
'test', '', '10.0.0.1', '2673', 'Virtual', '2005-06-03 14:20:01', '0', '0',
'RADIUS', '', '', '0', '0', '', '', '', '', '', '', '', '0')'
rlm_sql (sql): Reserving sql socket id: 6
rlm_sql (sql): Released sql socket id: 6
  modcall[accounting]: module "sql" returns ok for request 1
modcall: group accounting returns ok for request 1
Sending Accounting-Response of id 66 to 10.0.0.1:3698
Finished request 1
Going to the next request
Cleaning up request 1 ID 66 with timestamp 42a05901
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 220 with timestamp 42a05901
Nothing to do.  Sleeping until we see a request.
 
As you can see the CallingStationId is empty, also there is no mention of it
in the Accounting request packet.
 
If this is not supported by the accounting, is there a way to get it from
the authentication section?  Would also like to say that I know this is more
related to the PAM module and I assume this makes this mail a bit out of
context in this mail group, but any help would be most appreciated.
 
Kind Regards
Christiaan Ehlers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050603/10c5cdac/attachment.html>


More information about the Freeradius-Users mailing list