FreeRADIUS 2.0.4, Prefix/Suffix

Robert Borz robert.borz at web.de
Sat Dec 27 11:12:19 CET 2008


Allright, I think I missed something. Restarting with the default configuration and just altering the users and hints file I get the desired behaviour as follows (shortened):

rad_recv: Access-Request packet from host ... port 2263, id=53, length=46
        User-Name = "Speter"
        User-Password = "secret1"
+- entering group authorize {...}
[preprocess]   hints: Matched DEFAULT at 4
++[preprocess] returns ok
	...
 [files] users: Matched entry DEFAULT at line 1
[files]         expand: %{Stripped-User-Name} -> peter
[files] users: Matched entry peter at line 14
++[files] returns ok
	...
+- entering group PAP {...}
[pap] login attempt with password "secret1"
[pap] Using clear text password "secret1"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 53 to ... port 2263
        Framed-Protocol = SLIP
        User-Name = "peter"
Finished request 0.


I also tried going back to version 2.0.4 with the same (working) configuration and the Prefix/Suffix stuff gets matched in the hints file, the logs tell me:

+- entering group authorize
  hints: Matched DEFAULT at 1
        expand: %{Stripped-User-Name} -> peter
++[preprocess] returns ok

In the users file, I substitute User-Name by %{Stripped-User-Name}, but this seems not to work with version 2.0.4, although reading the logs I expect it should work:

++[unix] returns notfound
    users: Matched entry DEFAULT at line 7
        expand: %{Stripped-User-Name} -> peter
    users: Matched entry Ppeter at line 15
++[files] returns ok

For reference, here are my hints and users files contents:

----- hints ------------
DEFAULT Prefix == "P", Strip-User-Name = Yes
        Hint = "PPP"

DEFAULT Prefix == "S", Strip-User-Name = Yes
        Hint = "SLIP"
------------------------


----- users ------------
DEFAULT Hint == "SLIP"
        Framed-Protocol = SLIP,
        User-Name = "%{Stripped-User-Name}",
        Fall-Through = Yes

DEFAULT Hint == "PPP"
        Framed-Protocol = PPP,
        User-Name = "%{Stripped-User-Name}",
        Fall-Through = Yes

"peter"        Cleartext-Password := "secret1"
------------------------


Any idea what's the problem with version 2.0.4 ?
Thanks for your help...


Robert.


-----Original Message-----
From: freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org [mailto:freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org] On Behalf Of Robert Borz
Sent: Saturday, December 27, 2008 10:17 AM
To: 'FreeRadius users mailing list'
Subject: RE: FreeRADIUS 2.0.4, Prefix/Suffix

Thanks for the hint. Ok, so I grabbed the latest sources from freeradius.org, build a deb package and installed it via dpkg:

# freeradius -v
freeradius: FreeRADIUS Version 2.1.3, for host x86_64-pc-linux-gnu, built on Dec 27 2008 at 09:11:29
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.

Looks good. But I still can't get this Prefix/Suffix stuff to work. My users get authenticated when sending authentication requests with usernames "Pjason" or "Cpeter" using NTRadPing Test Utility, but the attributes defined by the DEFAULT entries in the users file which should match the hints from the hints file doesn't get applied.

Now I stripped my configuration for only what is necessary (still doesn't work):

----- radiusd.conf -----
prefix        = /usr
exec_prefix   = /usr
sysconfdir    = /etc
localstatedir = /var
sbindir       = ${exec_prefix}/sbin
logdir        = /var/log/freeradius
raddbdir      = /etc/freeradius
radacctdir    = ${logdir}/radacct
confdir       = ${raddbdir}
run_dir       = ${localstatedir}/run/freeradius
db_dir        = $(raddbdir)
libdir        = /usr/lib/freeradius
pidfile       = ${run_dir}/freeradius.pid
checkrad      = ${sbindir}/checkrad
user          = freerad
group         = freerad

listen {
        type    = auth
        ipaddr  = *
}

$INCLUDE clients.conf

modules {
        preprocess {
                huntgroups                      = ${confdir}/huntgroups
                hints                           = ${confdir}/hints
                with_ascend_hack                = no
                ascend_channels_per_line        = 23
                with_ntdomain_hack              = no
                with_specialix_jetstream_hack   = no
                with_cisco_vsa_hack             = no
        }

        files {
                usersfile                       = ${confdir}/users
        }

        pap {
        }
}

authorize {
        preprocess
        files
        pap
}

authenticate {

        Auth-Type PAP {
                pap
        }
}
------------------------


----- hints ------------
DEFAULT Prefix == "P", Strip-User-Name = Yes
        Hint = "PHint",
        Service-Type = Framed-User,
        Framed-Protocol = PPP


DEFAULT Prefix == "C", Strip-User-Name = Yes
        Hint = "CHint",
        Service-Type = Framed-User,
        Framed-Protocol = SLIP
------------------------


----- users ------------
DEFAULT Hint == "PHint"
        Service-Type = Framed-User,
        Framed-Protocol = PPP


DEFAULT Hint == "CHint"
        Service-Type = Framed-User,
        Framed-Protocol = SLIP


"Cpeter"        Cleartext-Password := "secret1"
"Pjason"        Cleartext-Password := "secret2"
------------------------


Thanks,
Robert.


-----Original Message-----
From: freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org [mailto:freeradius-users-bounces+robert.borz=web.de at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Saturday, December 27, 2008 8:50 AM
To: FreeRadius users mailing list
Subject: Re: FreeRADIUS 2.0.4, Prefix/Suffix

Robert Borz wrote:
> I installed FreeRADIUS version 2.0.4 on Debian Lenny from the standard
> package repositories and setup a simple configuration just
> authenticating against the users file to test this Prefix/Suffix stuff
> which I’ll need later in production. 
> 
> It doesn’t matter if I define Prefix or Suffix, they never match –
> either in the hints nor in the users file. Here’s one of the users file
> I tried:

  This was fixed in 2.1.0, I think.

  Try upgrading to the latest available version.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list