white list for nas-ipaddress

Miguel Miranda miguel.mirandag at gmail.com
Tue Jul 28 19:53:19 CEST 2009


Hi, i want to accept all request coming from a specific nas-ip-assdress , i
used to configure like this (in users file):

DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept
                Fall-Through = Yes
The above settings are not working now, this is the debug of a transaction:

rad_recv: Access-Request packet from host 192.168.150.25 port 1645, id=52,
length=94
        NAS-IP-Address = 192.168.150.25
        NAS-Port = 108
        NAS-Port-Type = Async
        User-Name = "123.com.sv"
        Called-Station-Id = "22660321"
        Calling-Station-Id = "22264218"
        User-Password = "cisco"
        Service-Type = Dialout-Framed-User
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
        expand: %{User-Name} -> 123.com.sv
[sql] sql_set_user escaped user --> '123.com.sv'
rlm_sql (sql): Reserving sql socket id: 22
        expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '123.com.sv'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'123.com.sv'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 22
[sql] User 123.com.sv not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli 22264218)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
        expand: %{User-Name} -> 123.com.sv
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request


Im using freeradius 2 and daloradius 0.9, and this a extract of relevant
radius.conf settings:

authorize {
        preprocess
        chap
        mschap
        suffix
        eap {
                ok = return
        }

        files
        sql
        expiration
        logintime
        pap
}



authenticate {
        Auth-Type PAP {
                pap
        }

        Auth-Type CHAP {
                chap
        }

        Auth-Type MS-CHAP {
                mschap
        }
        eap
}


preacct {
        preprocess
        acct_unique
        suffix
        files
}

accounting {
        detail
        sql
        attr_filter.accounting_response
}


session {
        radutmp
}


post-auth {





        exec

        Post-Auth-Type REJECT {
                attr_filter.access_reject
        }
}

post-proxy {
        eap
}


>From the debug it appears that users file is not being processed correctly,
what should i check?
regards
Miguel Miranda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090728/53182112/attachment.html>


More information about the Freeradius-Users mailing list