no logging => reject?

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Tue Dec 18 15:56:19 CET 2007


Norbert Wegener wrote:
> I am using a recent pre-2, authentication via a mysql database.
> In post-auth I have a  sql module, that reports accept/reject to a 
> another mysql database.
> When this database is not available, the user is rejected, although  I 
> get Auth-Type = Accept before.
> Is this a desired behaviour, bug or feature?
>
> ...
>  rad_check_password: Auth-Type = Accept, accepting the user
> Login OK: [000000007989] (from client 149.246.185.169 port 1812)
> +- entering group post-auth
> ++? if ("%{User-Name}" =~ /.net/i || "%{User-Name}" =~ /@/ )
>        expand: %{User-Name} -> 000000007989
> ? Evaluating ("%{User-Name}" =~ /.net/i) -> FALSE
>        expand: %{User-Name} -> 000000007989
> Evaluating ("%{User-Name}" =~ /@/) -> FALSE
> ++? if ("%{User-Name}" =~ /.net/i || "%{User-Name}" =~ /@/ ) -> FALSE
>        expand: 
> //var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> 
> //var/log/radius/radacct/149.246.185.169/reply-detail-20071218
> rlm_detail: 
> //var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d 
> expands to //var/log/radius/radacct/149.246.185.169/reply-detail-20071218
>        expand: %t -> Tue Dec 18 15:29:07 2007
> ++[reply_log] returns ok
> rlm_sql (sql): Processing sql_postauth
>        expand: %{User-Name} -> 000000007989
> rlm_sql (sql): sql_set_user escaped user --> '000000007989'
>        expand: INSERT into radpostauth (id, user, pass, reply, 
> date,nasname) values ('', '%{User-Name}', '%{User-Password}', 
> '%{reply:Packet-Type}', NOW(),'%{NAS-IP-Address}') -> INSERT into 
> radpostauth (id, user, pass, reply, date,nasname) values ('', 
> '000000007989', '000000007989', 'Access-Accept', NOW(),'139.25.153.222')
> rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, 
> user, pass, reply, date,nasname) values ('', '000000007989', 
> '000000007989', 'Access-Accept', NOW(),'139.25.153.222')
> rlm_sql (sql): Ignoring unconnected handle 4..
> rlm_sql (sql): Ignoring unconnected handle 3..
> rlm_sql (sql): Ignoring unconnected handle 2..
> rlm_sql (sql): Ignoring unconnected handle 1..
> rlm_sql (sql): Ignoring unconnected handle 0..
> rlm_sql (sql): There are no DB handles to use! skipped 5, tried to 
> connect 0
> ++[sql] returns fail
>  Found Post-Auth-Type Reject
> +- entering group REJECT
> rlm_sql (sql): Processing sql_postauth
>        expand: %{User-Name} -> 000000007989
> rlm_sql (sql): sql_set_user escaped user --> '000000007989'
>        expand: INSERT into radpostauth (id, user, pass, reply, 
> date,nasname) values ('', '%{User-Name}', '%{User-Password}', 
> '%{reply:Packet-Type}', NOW(),'%{NAS-IP-Address}') -> INSERT into 
> radpostauth (id, user, pass, reply, date,nasname) values ('', 
> '000000007989', '000000007989', 'Access-Reject', NOW(),'139.25.153.222')
> rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, 
> user, pass, reply, date,nasname) values ('', '000000007989', 
> '000000007989', 'Access-Reject', NOW(),'139.25.153.222')
> rlm_sql (sql): Ignoring unconnected handle 4..
> rlm_sql (sql): Ignoring unconnected handle 3..
> rlm_sql (sql): Ignoring unconnected handle 2..
> rlm_sql (sql): Ignoring unconnected handle 1..
> rlm_sql (sql): Ignoring unconnected handle 0..
> rlm_sql (sql): There are no DB handles to use! skipped 5, tried to 
> connect 0
> ++[sql] returns fail
> Sending Access-Reject of id 51 to 149.246.185.169 port 32833
> Finished request 0.
> Going to the next request
> Waking up in 0.9 seconds.
> Waking up in 4.0 seconds.
> Cleaning up request 0 ID 51 with timestamp +1
> Ready to process requests.
>
> Norbert Wegener
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
Feature.

Whats slightly worrying about using rlm_sql is if for any reason a table 
is locked,
the SQL request will block until the table is unlocked. In blocking it 
appears to block the entire FR server !
Everything just stops until the table is unlocked, and the request is 
satisfied !

-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900




More information about the Freeradius-Users mailing list