add realm to user based on NAS-IP
Alexander Papenburg
freeradius at papenb.org
Tue Apr 10 20:30:51 CEST 2007
Hi Arran, hi Alexander and hi Freeradius-List,
I ran into problems regarding to the Proxy-to-realm thing... :(
My Setup:
10.0.0.1 A cisco Router
10.0.1.20 My Terminal
192.168.0.1 Radius (Home Server)
192.168.0.2 Radius (Proxy)
At first a successful login with username abc at realm:
--snip1--
User-Name = "abc at realm"
Reply-Message = "Password: "
User-Password = "testtest"
NAS-Port = 2
NAS-Port-Id = "tty2"
NAS-Port-Type = Virtual
Calling-Station-Id = "10.0.1.20"
NAS-IP-Address = 10.0.0.1
Tue Apr 10 19:41:10 2007 : Debug: Processing the authorize section of
radiusd.conf
Tue Apr 10 19:41:10 2007 : Debug: modcall: entering group authorize for
request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from
chap (rlm_chap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "chap"
returns noop for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "mschap"
returns noop for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Looking up realm
"realm" for User-Name = "abc at realm"
Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Found realm "realm"
Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Proxying request from
user abc to realm realm
Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Adding Realm = "realm"
Tue Apr 10 19:41:10 2007 : Debug: rlm_realm: Preparing to proxy
authentication request to realm "realm"
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "suffix"
returns updated for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "eap"
returns noop for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall[authorize]: module "files"
returns notfound for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall: leaving group authorize
(returns updated) for request 0
Tue Apr 10 19:41:10 2007 : Debug: proxy: creating 688187c3:1812
Tue Apr 10 19:41:10 2007 : Debug: proxy: allocating 688187c3:1812 0
Sending Access-Request of id 0 to 192.168.0.1 port 1812
User-Name = "abc at realm"
Reply-Message = "Password: "
User-Password = "testtest"
NAS-Port = 2
NAS-Port-Id = "tty2"
NAS-Port-Type = Virtual
Calling-Station-Id = "10.0.1.20"
NAS-IP-Address = 10.0.0.1
Proxy-State = 0x3836
Tue Apr 10 19:41:10 2007 : Debug: Thread 1 waiting to be assigned a request
rad_recv: Access-Accept packet from host 192.168.0.1:1812, id=0, length=24
Tue Apr 10 19:41:10 2007 : Debug: proxy: de-allocating 688187c3:1812 0
Tue Apr 10 19:41:10 2007 : Debug: rl_next: returning NULL
Tue Apr 10 19:41:10 2007 : Debug: Thread 2 got semaphore
Tue Apr 10 19:41:10 2007 : Debug: Thread 2 handling request 0, (1
handled so far)
Proxy-State = 0x3836
Tue Apr 10 19:41:10 2007 : Debug: Processing the post-proxy section of
radiusd.conf
Tue Apr 10 19:41:10 2007 : Debug: modcall: entering group post-proxy for
request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[post-proxy]: calling eap
(rlm_eap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modsingle[post-proxy]: returned from
eap (rlm_eap) for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall[post-proxy]: module "eap"
returns noop for request 0
Tue Apr 10 19:41:10 2007 : Debug: modcall: leaving group post-proxy
(returns noop) for request 0
Tue Apr 10 19:41:10 2007 : Debug: authorize: Skipping authorize in
post-proxy stage
Tue Apr 10 19:41:10 2007 : Debug: rad_check_password: Found Auth-Type
Tue Apr 10 19:41:10 2007 : Debug: rad_check_password: Auth-Type =
Accept, accepting the user
Sending Access-Accept of id 86 to 10.0.0.1 port 1645
Tue Apr 10 19:41:10 2007 : Debug: Finished request 0
Tue Apr 10 19:41:10 2007 : Debug: Going to the next request
Tue Apr 10 19:41:10 2007 : Debug: Thread 2 waiting to be assigned a request
Tue Apr 10 19:41:10 2007 : Debug: Waking up in 31 seconds...
--snip1--
Now trying Alexander's (Klepikov) hint with the following in "hints"
>DEFAULT Suffix !~ "@."
> Realm = "%{NAS-IP-Address:-unknown}"
--snip2--
User-Name = "abc"
Reply-Message = "Password: "
User-Password = "testtest"
NAS-Port = 2
NAS-Port-Id = "tty2"
NAS-Port-Type = Virtual
Calling-Station-Id = "10.0.1.20"
NAS-IP-Address = 10.0.0.1
Tue Apr 10 19:42:41 2007 : Debug: Processing the authorize section of
radiusd.conf
Tue Apr 10 19:42:41 2007 : Debug: modcall: entering group authorize for
request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Tue Apr 10 19:42:41 2007 : Debug: hints: Matched DEFAULT at 77
Tue Apr 10 19:42:41 2007 : Debug: radius_xlat: '10.0.0.1'
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from
chap (rlm_chap) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "chap"
returns noop for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "mschap"
returns noop for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Tue Apr 10 19:42:41 2007 : Debug: rlm_realm: Request already
proxied. Ignoring.
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "suffix"
returns noop for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Tue Apr 10 19:42:41 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "eap"
returns noop for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Tue Apr 10 19:42:41 2007 : Debug: modcall[authorize]: module "files"
returns notfound for request 0
Tue Apr 10 19:42:41 2007 : Debug: modcall: leaving group authorize
(returns ok) for request 0
Tue Apr 10 19:42:41 2007 : Debug: auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
Tue Apr 10 19:42:41 2007 : Debug: auth: Failed to validate the user.
Tue Apr 10 19:42:41 2007 : Debug: Delaying request 0 for 1 seconds
Tue Apr 10 19:42:41 2007 : Debug: Finished request 0
Tue Apr 10 19:42:41 2007 : Debug: Going to the next request
Tue Apr 10 19:42:41 2007 : Debug: Thread 1 waiting to be assigned a request
--snip2--
At last trying Arran's hint with the following in "users"
>DEFAULT
> NAS-IP-Address == 10.0.1.20, Proxy-To-Realm = "realm",
> User-Name = "%{User-Name}@realm"
--snip3--
User-Name = "abc"
Reply-Message = "Password: "
User-Password = "testtest"
NAS-Port = 2
NAS-Port-Id = "tty2"
NAS-Port-Type = Virtual
Calling-Station-Id = "10.0.1.20"
NAS-IP-Address = 10.0.0.1
Tue Apr 10 19:44:45 2007 : Debug: Processing the authorize section of
radiusd.conf
Tue Apr 10 19:44:45 2007 : Debug: modcall: entering group authorize for
request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from
chap (rlm_chap) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "chap"
returns noop for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "mschap"
returns noop for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 0
Tue Apr 10 19:44:45 2007 : Debug: rlm_realm: No '@' in User-Name =
"abc", looking up realm NULL
Tue Apr 10 19:44:45 2007 : Debug: rlm_realm: No such realm "NULL"
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from
suffix (rlm_realm) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "suffix"
returns noop for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Tue Apr 10 19:44:45 2007 : Debug: rlm_eap: No EAP-Message, not doing EAP
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "eap"
returns noop for request 0
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Tue Apr 10 19:44:45 2007 : Debug: users: Matched entry DEFAULT at
line 215
Tue Apr 10 19:44:45 2007 : Debug: radius_xlat: 'abc at realm'
Tue Apr 10 19:44:45 2007 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Tue Apr 10 19:44:45 2007 : Debug: modcall[authorize]: module "files"
returns ok for request 0
Tue Apr 10 19:44:45 2007 : Debug: modcall: leaving group authorize
(returns ok) for request 0
Tue Apr 10 19:44:45 2007 : Debug: auth: No authenticate method
(Auth-Type) configuration found for the request: Rejecting the user
Tue Apr 10 19:44:45 2007 : Debug: auth: Failed to validate the user.
Tue Apr 10 19:44:45 2007 : Debug: Delaying request 0 for 1 seconds
Tue Apr 10 19:44:45 2007 : Debug: Finished request 0
Tue Apr 10 19:44:45 2007 : Debug: Going to the next request
Tue Apr 10 19:44:45 2007 : Debug: Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 10.0.0.1:1645, id=89, length=93
Sending Access-Reject of id 89 to 10.0.0.1 port 1645
--snip3--
Where is my mistake? The Freeradius-package is the latest in debian
stable (4.0) branch (freeradius_1.1.3-3_i386)
Regards Alex
More information about the Freeradius-Users
mailing list