Radgroupcheck and regexp

ecard ecard at bk.ru
Thu Feb 5 15:16:29 CET 2009


I use freeradius 2.1.3 with oracle DB.
Regexp works wrong in radgroupcheck table. What did I do wrong?

Usergrop table
------------------------------------------------------------------
65658	testgroup		testgroup1	15
65659	testgroup		testgroup2	20
------------------------------------------------------------------

Radgroupcheck table
------------------------------------------------------------------
321	testgroup1	NAS-IP-Address	!~	^10.10
341	testgroup2	NAS-IP-Address	=~	^10.10
------------------------------------------------------------------

Radgroupreply table
------------------------------------------------------------------
682	testgroup1	Fall-Through	=	Yes
661	testgroup1	Cisco-AVPair	+=	ip:addr-pool=test1
681	testgroup2	Fall-Through	=	Yes
662	testgroup2	Cisco-AVPair	+=	ip:addr-pool=test2
------------------------------------------------------------------


Sending Access-Request of id 250 to 127.0.0.1 port 1812
        User-Name = "testgroup"
        User-Password = "test"
        NAS-IP-Address = 10.10.1.1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=250, length=46
        Cisco-AVPair = "ip:addr-pool=test2"

Sending Access-Request of id 203 to 127.0.0.1 port 1812
        User-Name = "testgroup"
        User-Password = "test"
        NAS-IP-Address = 10.11.1.1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=203, length=46
        Cisco-AVPair = "ip:addr-pool=test2"



Debug from last request:

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 6526, id=133, length=55
        User-Name = "testgroup"
        User-Password = "test"
        NAS-IP-Address = 10.11.1.1
+- entering group authorize {...}
[preprocess]    expand: %{NAS-IP-Address} -> 10.11.1.1
++[preprocess] returns ok
[auth_log]      expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
[auth_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
[auth_log]      expand: %t -> Thu Feb  5 16:39:28 2009
++[auth_log] returns ok
++[chap] returns noop
[suffix] No '@' in User-Name = "testgroup", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "testgroup"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 2
++[files] returns ok
[sqlauth]       expand: %{User-Name} -> testgroup
[sqlauth] sql_set_user escaped user --> 'testgroup'
rlm_sql (sqlauth): Reserving sql socket id: 7
[sqlauth]       expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id
SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[sqlauth] User found in radcheck table
[sqlauth]       expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id
SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id
[sqlauth]       expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' OR CLID='%{Calling-Station-Id}' order by priority -> SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority
SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority
[sqlauth]       expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id
SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id
###################################################
[sqlauth]       expand: %{NAS-IP-Address} -> 10.11.1.1
###################################################
[sqlauth]       expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id
SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id
###################################################
[sqlauth]       expand: %{NAS-IP-Address} -> 10.11.1.1
[sqlauth] User found in group testgroup2
###################################################
[sqlauth]       expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id
SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id
rlm_sql (sqlauth): Released sql socket id: 7
++[sqlauth] returns ok
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Local
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request is correct.
Login OK: [testgroup] (from client local port 0)
+- entering group post-auth {...}
[reply_log]     expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
[reply_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
[reply_log]     expand: %t -> Thu Feb  5 16:39:28 2009
++[reply_log] returns ok
Sending Access-Accept of id 133 to 127.0.0.1 port 6526
        Cisco-AVPair += "ip:addr-pool=test2"
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 7 ID 133 with timestamp +695
Ready to process requests.





More information about the Freeradius-Users mailing list