Re: Radgroupcheck and regexp

ecard ecard at bk.ru
Fri Feb 6 07:30:03 CET 2009


Now I check this in 2.0.1.
This work right in 2.0.1, but not in 2.1.3.



Sending Access-Request of id 163 to 127.0.0.1 port 1812
        User-Name = "testgroup"
        User-Password = "test"
        NAS-IP-Address = 10.10.1.1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=163, length=46
        Cisco-AVPair = "ip:addr-pool=test2"

Sending Access-Request of id 140 to 127.0.0.1 port 1812
        User-Name = "testgroup"
        User-Password = "test"
        NAS-IP-Address = 10.11.1.1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=140, length=46
        Cisco-AVPair = "ip:addr-pool=test1"

> 
> 
> I use freeradius 2.1.3 with oracle DB.
> Regexp works wrong in radgroupcheck table. What did I do wrong?
> 
> Usergrop table
> ------------------------------------------------------------------
> 65658	testgroup		testgroup1	15
> 65659	testgroup		testgroup2	20
> ------------------------------------------------------------------
> 
> Radgroupcheck table
> ------------------------------------------------------------------
> 321	testgroup1	NAS-IP-Address	!~	^10.10
> 341	testgroup2	NAS-IP-Address	=~	^10.10
> ------------------------------------------------------------------
> 
> Radgroupreply table
> ------------------------------------------------------------------
> 682	testgroup1	Fall-Through	=	Yes
> 661	testgroup1	Cisco-AVPair	+=	ip:addr-pool=test1
> 681	testgroup2	Fall-Through	=	Yes
> 662	testgroup2	Cisco-AVPair	+=	ip:addr-pool=test2
> ------------------------------------------------------------------
> 
> 
> Sending Access-Request of id 250 to 127.0.0.1 port 1812
>         User-Name = "testgroup"
>         User-Password = "test"
>         NAS-IP-Address = 10.10.1.1
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=250, length=46
>         Cisco-AVPair = "ip:addr-pool=test2"
> 
> Sending Access-Request of id 203 to 127.0.0.1 port 1812
>         User-Name = "testgroup"
>         User-Password = "test"
>         NAS-IP-Address = 10.11.1.1
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=203, length=46
>         Cisco-AVPair = "ip:addr-pool=test2"
> 
> 
> 
> Debug from last request:
> 
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 6526, id=133, length=55
>         User-Name = "testgroup"
>         User-Password = "test"
>         NAS-IP-Address = 10.11.1.1
> +- entering group authorize {...}
> [preprocess]    expand: %{NAS-IP-Address} -> 10.11.1.1
> ++[preprocess] returns ok
> [auth_log]      expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [auth_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [auth_log]      expand: %t -> Thu Feb  5 16:39:28 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "testgroup", looking up realm NULL
> [suffix] Found realm "NULL"
> [suffix] Adding Stripped-User-Name = "testgroup"
> [suffix] Adding Realm = "NULL"
> [suffix] Authentication realm is LOCAL.
> ++[suffix] returns ok
> [files] users: Matched entry DEFAULT at line 2
> ++[files] returns ok
> [sqlauth]       expand: %{User-Name} -> testgroup
> [sqlauth] sql_set_user escaped user --> 'testgroup'
> rlm_sql (sqlauth): Reserving sql socket id: 7
> [sqlauth]       expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id
> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id
> WARNING: Found User-Password == "...".
> WARNING: Are you sure you don't mean Cleartext-Password?
> WARNING: See "man rlm_pap" for more information.
> [sqlauth] User found in radcheck table
> [sqlauth]       expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id
> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id
> [sqlauth]       expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' OR CLID='%{Calling-Station-Id}' order by priority -> SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority
> SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority
> [sqlauth]       expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id
> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id
> ###################################################
> [sqlauth]       expand: %{NAS-IP-Address} -> 10.11.1.1
> ###################################################
> [sqlauth]       expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id
> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id
> ###################################################
> [sqlauth]       expand: %{NAS-IP-Address} -> 10.11.1.1
> [sqlauth] User found in group testgroup2
> ###################################################
> [sqlauth]       expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id
> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id
> rlm_sql (sqlauth): Released sql socket id: 7
> ++[sqlauth] returns ok
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = Local
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!    Replacing User-Password in config items with Cleartext-Password.     !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Please update your configuration so that the "known good"               !!!
> !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> WARNING: Please update your configuration, and remove 'Auth-Type = Local'
> WARNING: Use the PAP or CHAP modules instead.
> User-Password in the request is correct.
> Login OK: [testgroup] (from client local port 0)
> +- entering group post-auth {...}
> [reply_log]     expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [reply_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [reply_log]     expand: %t -> Thu Feb  5 16:39:28 2009
> ++[reply_log] returns ok
> Sending Access-Accept of id 133 to 127.0.0.1 port 6526
>         Cisco-AVPair += "ip:addr-pool=test2"
> Finished request 7.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 7 ID 133 with timestamp +695
> Ready to process requests.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list