Checking NAS-Identifier in the radgroupcheck table

super_tomtom super_tomtom at hotmail.com
Thu Oct 2 12:00:05 CEST 2008 

Thanks Ivan for your answer.

My freeradius version is 2.0.5.

I added a Reply-Message in the radgroupreply table like this :
+----+-----------+---------------+----+-------------------------+
| id | groupname | attribute     | op | value                   |
+----+-----------+---------------+----+-------------------------+
|  1 | hotel1    | Reply-Message | =  | You are in hotel1 group | 
+----+-----------+---------------+----+-------------------------+

and when I launch the radtest command, it doesn't seems to send it :
#> radtest user1 5f4dcc3b5aa765d61d8327deb882cf99 127.0.0.1 3990 testing123
Sending Access-Request of id 229 to 127.0.0.1 port 1812
        User-Name = "user1"
        User-Password = "5f4dcc3b5aa765d61d8327deb882cf99"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 3990
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=229,
length=26
        Idle-Timeout = 60

On the server side, here is what happens :
rad_recv: Access-Request packet from host 127.0.0.1 port 32782, id=141,
length=73
        User-Name = "user1"
        User-Password = "5f4dcc3b5aa765d61d8327deb882cf99"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 3990
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
        expand: %{User-Name} -> user1
rlm_sql (sql): sql_set_user escaped user --> 'user1'
rlm_sql (sql): Reserving sql socket id: 2
        expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radcheck          
WHERE username = 'user1'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radreply          
WHERE username = 'user1'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'user1'          
ORDER BY priority
        expand: SELECT id, groupname, attribute,           Value, op          
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'          
ORDER BY id -> SELECT id, groupname, attribute,           Value, op          
FROM radgroupcheck           WHERE groupname = 'hotel1'           ORDER BY
id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
  rad_check_password:  Found Auth-Type 
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "5f4dcc3b5aa765d61d8327deb882cf99"
rlm_pap: Using clear text password "5f4dcc3b5aa765d61d8327deb882cf99"
rlm_pap: User authenticated successfully
++[pap] returns ok
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 141 to 127.0.0.1 port 32782
        Idle-Timeout = 60
Finished request 22.

...well... doesn't seems to change anything... I added an Idle-Timeout
parameter in the radreply table, this one works fine, but in the
radgroupreply table, it looks like it ignores it.

Another thing, I didn't really understood the first part of your answer:


> Not only that but Auth-Type Local also wasn't forced. Adding it there is
> a mistake in the first place but it still didn't work.
> 

Could you explain me this please? 
Thanks !


tnt-4 wrote:
> 
> Not only that but Auth-Type Local also wasn't forced. Adding it there is
> a mistake in the first place but it still didn't work.
> 
> What freeradius version is this? Add Reply-Message to radgroupreply and
> see if that shows in the reply.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/Checking-NAS-Identifier-in-the-radgroupcheck-table-tp19763949p19776514.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list