problem with rlm_dbm_parser and DEFAULT Realms

Seamus Bridgeman seamusb114 at gmail.com
Fri Apr 3 18:05:49 CEST 2009 

Using freeradius2.1.3 and rlm_dbm module

Having a problem with rlm_dbm_parser to create dbm file. Testing with 3
DEFAULT Realm records and two username/password. Seems to
be overwriting DEFAULT Realm as only last one exists. rlm_dbm_parser reports
all records read and no errors but rlm_dbm_cat shows
only last Default. radclient tests naturally only succeed with DEFAULT
domain_three

Is there a know issue here on creating dbm files or have I missed some
setting to allow multiple DEFAULT Realm=xxx records in dbm file.

Desired approach is
- dbm file with large numbers of DEFAULT Realm and all with no fallthru.
- we have no other (catch-all) DEFAULTs with explicit accept or reject
- ideally usernames matching these realms (proxy.conf) and DEFAULT Realm
should respond with Accept straight away - no searching full
  subscriber base dbm file and then DEFAULT match. (e.g treat DEFAULT Realm
=xxx as distinct from generic DEFAULT)
- ideally have DEFAULT Realm=xxx be read in to hash/memory from separate
file and DBM users just have subscriber base (user/pass). This way every
time
  users.db updated/re-created/re-read - does not impact DEFAULT Realm=xxx
records. The later Realms more static - subscriber base
  changes more dynamic.
- Also using dbm as faster/ less memory resources and no need to restart
radiusd as dbm files change - and do change constantly..

This possible?


Logs below:

Test users file
--------------------
DEFAULT Realm == "domain_one", Auth-Type := Accept
        Tunnel-Type:1 = L2TP,
        Tunnel-Medium-Type:1 = IP,
        Tunnel-Server-Endpoint:1 = "xxx.xxx.xxx.xxx",
        Tunnel-Client-Auth-Id:1 = "realm1",
        Tunnel-Password:1 = "xxx",
        Tunnel-Assignment-Id:1 = "xxx",
        Tunnel_Algorithm = 2,
        Tunnel_Domain = 1

DEFAULT Realm == "domain_two", Auth-Type := Accept
        Tunnel-Type:1 = L2TP,
        Tunnel-Medium-Type:1 = IP,
        Tunnel-Server-Endpoint:1 = "xxx.xxx.xxx.xxx",
        Tunnel-Client-Auth-Id:1 = "realm2",
        Tunnel-Password:1 = "xxx",
        Tunnel-Assignment-Id:1 = "xxx",
        Tunnel_Algorithm = 2,
        Tunnel_Domain = 1

DEFAULT Realm == "domain_three", Auth-Type := Accept
        Tunnel-Type:1 = L2TP,
        Tunnel-Medium-Type:1 = IP,
        Tunnel-Server-Endpoint:1 = "xxx.xxx.xxx.xxx",
        Tunnel-Client-Auth-Id:1 = "realm3",
        Tunnel-Password:1 = "xxx",
        Tunnel-Assignment-Id:1 = "xxx",
        Tunnel_Algorithm = 2,
        Tunnel_Domain = 1

userone at one        Cleartext-Password := "pass"
        Class = "xxxclass1xxx",
        Service-Type = Framed-User,
        Framed-Protocol = PPP

usertwo at norealm    Cleartext-Password := "pass", Calling-Station-Id ==
"123456"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 10.10.10.0,
        Framed-IP-Netmask = 255.255.255.240,
------------------------------------------------------------------

rlm_dbm_parser logs:
%% # /usr/local/freeradius/bin/rlm_dbm_parser -c -xxx -i
/usr/local/freeradius/etc/raddb/users_generic -o
/usr/local/freeradius/etc/raddb/users
Use dictionary in: /usr/local/freeradius/etc/raddb
Found user: DEFAULT
Found user: DEFAULT
Found user: DEFAULT
Found user: userone at one
Found user: usertwo at norealm

Record loaded: 5
Lines parsed: 41
Record skiped: 0
Warnings: 0
Errors: 0
%%#

rlm_dbm_cat logs - only shows last DEFAULT Realm
------------------------------
%% # /usr/local/freeradius/bin/rlm_dbm_cat -f
/usr/local/freeradius/etc/raddb/users

DEFAULT             Realm == "domain_three", Auth-Type := Accept
                    Tunnel-Type:1 = L2TP, Tunnel-Medium-Type:1 = IPv4,
Tunnel-Server-Endpoint:1 = "xxx.xxx.xxx.xxx", Tunnel-Client-Auth-Id:1 =
"realm3", Tunnel-Password:1 = "xxx", Tunnel-Assignment-Id:1 = "xxx",
Tunnel_Algorithm = 2, Tunnel_Domain = 1

userone at one         Cleartext-Password := "pass"
                    Class = "xxxclass1xxx", Service-Type = Framed-User,
Framed-Protocol = PPP

usertwo at norealm     Cleartext-Password := "pass", Calling-Station-Id ==
"123456"
                    Service-Type = Framed-User, Framed-Protocol = PPP,
Framed-IP-Address = 10.10.10.0, Framed-IP-Netmask = 255.255.255.240

%%#


-----------------------
Havent included radiusd -X logs as issue seems to be creating dbm file and
hence before using Radius. radclient tests are successful when matching 3
records that do
exit in dbm file. Problem is two missing records
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090403/41267eab/attachment.html>

More information about the Freeradius-Users mailing list