radgroupcheck v1.x and v2.x difference ?

lamersons m at baltia.net
Mon Jan 19 09:43:54 CET 2009 

upgraded freeradius from 1.x to 2.x version and some parts of radgroupcheck
are now refusing to work as they did in first version.

1. i have user 'evdo at evdo.lattelecom' in usergroup it has 'LTK' group.
2. in radgroupcheck group 'LTK' has been given the attribute
'Calling-Station-Id' so the look is LTK|Calling-Station-Id|=~|14703371

The meaning of this(how i understend it) is that if calling-station-id in
radgroupcheck differs from incoming calling-station-id it would give reject. 
But it doesnt. How can i limit one pool of Calling-Station-Ids from using
different logins ?


------------------ Debug of how entered wrong
calling-station-id(LTK|Calling-Station-Id|=~|14703371) to radgroupcheck, and
it still returned ok --- 
rad_recv: Access-Request packet from host 192.168.145.1 port 1812, id=74,
length=180
        3GPP2-Correlation-Id = "36267509"
        3GPP2-Service-Option = 59
        User-Name = "evdo at evdo.lattelecom"
        CHAP-Challenge = 0x66853bea6d3cb9565a0fcdfcf212ac37
        CHAP-Password = 0x01c9f14ad379679686d83e343590d84910
        NAS-Port-Type = Virtual
        Calling-Station-Id = "247033715800852"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-IP-Address = 192.168.145.1
        Framed-IP-Address = 0.0.0.0
        Framed-IP-Netmask = 0.0.0.0
        Event-Timestamp = "Jan 19 2009 10:12:58 EET"
        3GPP2-Prepaid-acct-Capability = 0x010600000003
+- entering group authorize {...}
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
[suffix] Looking up realm "evdo.lattelecom" for User-Name =
"evdo at evdo.lattelecom"
[suffix] No such realm "evdo.lattelecom"
++[suffix] returns noop
[sql]   expand: %{User-Name} -> evdo at evdo.lattelecom
[sql] sql_set_user escaped user --> 'evdo at evdo.lattelecom'
rlm_sql (sql): Reserving sql socket id: 18
[sql]   expand: SELECT id, UserName, Attribute, Value, op FROM radcheck
WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName,
Attribute, Value, op FROM radcheck WHERE Username = 'evdo at evdo.lattelecom'
ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, UserName, Attribute, Value, op FROM radreply
WHERE Username = '%{SQL-User-Name}' union SELECT id, UserName, Attribute,
Value, op FROM station_id WHERE Username = '%{Calling-Station-Id}' ORDER BY
id -> SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username
= 'evdo at evdo.lattelecom' union SELECT id, UserName, Attribute, Value, op
FROM station_id WHERE Username = '247033715800852' ORDER BY id
[sql]   expand: SELECT GroupName FROM usergroup WHERE UserName =
'%{SQL-User-Name}' ORDER BY id -> SELECT GroupName FROM usergroup WHERE
UserName = 'evdo at evdo.lattelecom' ORDER BY id
[sql]   expand: SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id,
groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'LTK'
ORDER BY id
[sql]   expand: %{Calling-Station-Id} -> 247033715800852
[sql] User found in group LTK
[sql]   expand: SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id,
groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'LTK'
ORDER BY id
rlm_sql (sql): Released sql socket id: 18
++[sql] returns ok
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = CHAP
---------------------- queries are: --------------
nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"
        authorize_check_query = "SELECT id, UserName, Attribute, Value, op
FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
        authorize_reply_query = "SELECT id, UserName, Attribute, Value, op
FROM radreply WHERE Username = '%{SQL-User-Name}' union SELECT id, UserName,
Attribute, Value, op FROM station_id WHERE Username =
'%{Calling-Station-Id}' ORDER BY id"
        authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
        authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
        accounting_onoff_query = ""
        accounting_update_query = ""
        accounting_update_query_alt = ""
        accounting_start_query = ""
        accounting_start_query_alt = ""
        accounting_stop_query = ""
        accounting_stop_query_alt = ""
        group_membership_query = "SELECT GroupName FROM usergroup WHERE
UserName = '%{SQL-User-Name}' ORDER BY id"


  
-- 
View this message in context: http://www.nabble.com/radgroupcheck-v1.x-and-v2.x-difference---tp21538835p21538835.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list