Re: Radgroupcheck and regexp
ecard
ecard at bk.ru
Fri Feb 6 07:30:03 CET 2009
Now I check this in 2.0.1.
This work right in 2.0.1, but not in 2.1.3.
Sending Access-Request of id 163 to 127.0.0.1 port 1812
User-Name = "testgroup"
User-Password = "test"
NAS-IP-Address = 10.10.1.1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=163, length=46
Cisco-AVPair = "ip:addr-pool=test2"
Sending Access-Request of id 140 to 127.0.0.1 port 1812
User-Name = "testgroup"
User-Password = "test"
NAS-IP-Address = 10.11.1.1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=140, length=46
Cisco-AVPair = "ip:addr-pool=test1"
>
>
> I use freeradius 2.1.3 with oracle DB.
> Regexp works wrong in radgroupcheck table. What did I do wrong?
>
> Usergrop table
> ------------------------------------------------------------------
> 65658 testgroup testgroup1 15
> 65659 testgroup testgroup2 20
> ------------------------------------------------------------------
>
> Radgroupcheck table
> ------------------------------------------------------------------
> 321 testgroup1 NAS-IP-Address !~ ^10.10
> 341 testgroup2 NAS-IP-Address =~ ^10.10
> ------------------------------------------------------------------
>
> Radgroupreply table
> ------------------------------------------------------------------
> 682 testgroup1 Fall-Through = Yes
> 661 testgroup1 Cisco-AVPair += ip:addr-pool=test1
> 681 testgroup2 Fall-Through = Yes
> 662 testgroup2 Cisco-AVPair += ip:addr-pool=test2
> ------------------------------------------------------------------
>
>
> Sending Access-Request of id 250 to 127.0.0.1 port 1812
> User-Name = "testgroup"
> User-Password = "test"
> NAS-IP-Address = 10.10.1.1
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=250, length=46
> Cisco-AVPair = "ip:addr-pool=test2"
>
> Sending Access-Request of id 203 to 127.0.0.1 port 1812
> User-Name = "testgroup"
> User-Password = "test"
> NAS-IP-Address = 10.11.1.1
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=203, length=46
> Cisco-AVPair = "ip:addr-pool=test2"
>
>
>
> Debug from last request:
>
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1 port 6526, id=133, length=55
> User-Name = "testgroup"
> User-Password = "test"
> NAS-IP-Address = 10.11.1.1
> +- entering group authorize {...}
> [preprocess] expand: %{NAS-IP-Address} -> 10.11.1.1
> ++[preprocess] returns ok
> [auth_log] expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [auth_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [auth_log] expand: %t -> Thu Feb 5 16:39:28 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "testgroup", looking up realm NULL
> [suffix] Found realm "NULL"
> [suffix] Adding Stripped-User-Name = "testgroup"
> [suffix] Adding Realm = "NULL"
> [suffix] Authentication realm is LOCAL.
> ++[suffix] returns ok
> [files] users: Matched entry DEFAULT at line 2
> ++[files] returns ok
> [sqlauth] expand: %{User-Name} -> testgroup
> [sqlauth] sql_set_user escaped user --> 'testgroup'
> rlm_sql (sqlauth): Reserving sql socket id: 7
> [sqlauth] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id
> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id
> WARNING: Found User-Password == "...".
> WARNING: Are you sure you don't mean Cleartext-Password?
> WARNING: See "man rlm_pap" for more information.
> [sqlauth] User found in radcheck table
> [sqlauth] expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id
> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id
> [sqlauth] expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' OR CLID='%{Calling-Station-Id}' order by priority -> SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority
> SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority
> [sqlauth] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id
> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id
> ###################################################
> [sqlauth] expand: %{NAS-IP-Address} -> 10.11.1.1
> ###################################################
> [sqlauth] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id
> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id
> ###################################################
> [sqlauth] expand: %{NAS-IP-Address} -> 10.11.1.1
> [sqlauth] User found in group testgroup2
> ###################################################
> [sqlauth] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id
> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id
> rlm_sql (sqlauth): Released sql socket id: 7
> ++[sqlauth] returns ok
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = Local
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Replacing User-Password in config items with Cleartext-Password. !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Please update your configuration so that the "known good" !!!
> !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> WARNING: Please update your configuration, and remove 'Auth-Type = Local'
> WARNING: Use the PAP or CHAP modules instead.
> User-Password in the request is correct.
> Login OK: [testgroup] (from client local port 0)
> +- entering group post-auth {...}
> [reply_log] expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [reply_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205
> [reply_log] expand: %t -> Thu Feb 5 16:39:28 2009
> ++[reply_log] returns ok
> Sending Access-Accept of id 133 to 127.0.0.1 port 6526
> Cisco-AVPair += "ip:addr-pool=test2"
> Finished request 7.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 7 ID 133 with timestamp +695
> Ready to process requests.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list