FreeRADIUS 2.0.4, Prefix/Suffix
Robert Borz
robert.borz at web.de
Sat Dec 27 11:12:19 CET 2008
Allright, I think I missed something. Restarting with the default configuration and just altering the users and hints file I get the desired behaviour as follows (shortened):
rad_recv: Access-Request packet from host ... port 2263, id=53, length=46
User-Name = "Speter"
User-Password = "secret1"
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 4
++[preprocess] returns ok
...
[files] users: Matched entry DEFAULT at line 1
[files] expand: %{Stripped-User-Name} -> peter
[files] users: Matched entry peter at line 14
++[files] returns ok
...
+- entering group PAP {...}
[pap] login attempt with password "secret1"
[pap] Using clear text password "secret1"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 53 to ... port 2263
Framed-Protocol = SLIP
User-Name = "peter"
Finished request 0.
I also tried going back to version 2.0.4 with the same (working) configuration and the Prefix/Suffix stuff gets matched in the hints file, the logs tell me:
+- entering group authorize
hints: Matched DEFAULT at 1
expand: %{Stripped-User-Name} -> peter
++[preprocess] returns ok
In the users file, I substitute User-Name by %{Stripped-User-Name}, but this seems not to work with version 2.0.4, although reading the logs I expect it should work:
++[unix] returns notfound
users: Matched entry DEFAULT at line 7
expand: %{Stripped-User-Name} -> peter
users: Matched entry Ppeter at line 15
++[files] returns ok
For reference, here are my hints and users files contents:
----- hints ------------
DEFAULT Prefix == "P", Strip-User-Name = Yes
Hint = "PPP"
DEFAULT Prefix == "S", Strip-User-Name = Yes
Hint = "SLIP"
------------------------
----- users ------------
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP,
User-Name = "%{Stripped-User-Name}",
Fall-Through = Yes
DEFAULT Hint == "PPP"
Framed-Protocol = PPP,
User-Name = "%{Stripped-User-Name}",
Fall-Through = Yes
"peter" Cleartext-Password := "secret1"
------------------------
Any idea what's the problem with version 2.0.4 ?
Thanks for your help...
Robert.
-----Original Message-----
From: freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org [mailto:freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org] On Behalf Of Robert Borz
Sent: Saturday, December 27, 2008 10:17 AM
To: 'FreeRadius users mailing list'
Subject: RE: FreeRADIUS 2.0.4, Prefix/Suffix
Thanks for the hint. Ok, so I grabbed the latest sources from freeradius.org, build a deb package and installed it via dpkg:
# freeradius -v
freeradius: FreeRADIUS Version 2.1.3, for host x86_64-pc-linux-gnu, built on Dec 27 2008 at 09:11:29
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
Looks good. But I still can't get this Prefix/Suffix stuff to work. My users get authenticated when sending authentication requests with usernames "Pjason" or "Cpeter" using NTRadPing Test Utility, but the attributes defined by the DEFAULT entries in the users file which should match the hints from the hints file doesn't get applied.
Now I stripped my configuration for only what is necessary (still doesn't work):
----- radiusd.conf -----
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
db_dir = $(raddbdir)
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
checkrad = ${sbindir}/checkrad
user = freerad
group = freerad
listen {
type = auth
ipaddr = *
}
$INCLUDE clients.conf
modules {
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
}
pap {
}
}
authorize {
preprocess
files
pap
}
authenticate {
Auth-Type PAP {
pap
}
}
------------------------
----- hints ------------
DEFAULT Prefix == "P", Strip-User-Name = Yes
Hint = "PHint",
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Prefix == "C", Strip-User-Name = Yes
Hint = "CHint",
Service-Type = Framed-User,
Framed-Protocol = SLIP
------------------------
----- users ------------
DEFAULT Hint == "PHint"
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Hint == "CHint"
Service-Type = Framed-User,
Framed-Protocol = SLIP
"Cpeter" Cleartext-Password := "secret1"
"Pjason" Cleartext-Password := "secret2"
------------------------
Thanks,
Robert.
-----Original Message-----
From: freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org [mailto:freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Saturday, December 27, 2008 8:50 AM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS 2.0.4, Prefix/Suffix
Robert Borz wrote:
> I installed FreeRADIUS version 2.0.4 on Debian Lenny from the standard
> package repositories and setup a simple configuration just
> authenticating against the users file to test this Prefix/Suffix stuff
> which I’ll need later in production.
>
> It doesn’t matter if I define Prefix or Suffix, they never match –
> either in the hints nor in the users file. Here’s one of the users file
> I tried:
This was fixed in 2.1.0, I think.
Try upgrading to the latest available version.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list