white list for nas-ipaddress

Miguel Miranda miguel.mirandag at gmail.com
Tue Jul 28 20:28:43 CEST 2009 

Well, that is not the only one nas i have , the sql module is requiered for
several other nas and hotspots users...

On Tue, Jul 28, 2009 at 12:25 PM, Dimitrios Giannakopoulos <
d.giannakop at gmail.com> wrote:

> The problem is that the sql module returns reject
> you can remove the sql from authorization
>
> On Tue, Jul 28, 2009 at 8:53 PM, Miguel
> Miranda<miguel.mirandag at gmail.com> wrote:
> > Hi, i want to accept all request coming from a specific nas-ip-assdress ,
> i
> > used to configure like this (in users file):
> >
> > DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept
> >                 Fall-Through = Yes
> > The above settings are not working now, this is the debug of a
> transaction:
> >
> > rad_recv: Access-Request packet from host 192.168.150.25 port 1645,
> id=52,
> > length=94
> >         NAS-IP-Address = 192.168.150.25
> >         NAS-Port = 108
> >         NAS-Port-Type = Async
> >         User-Name = "123.com.sv"
> >         Called-Station-Id = "22660321"
> >         Calling-Station-Id = "22264218"
> >         User-Password = "cisco"
> >         Service-Type = Dialout-Framed-User
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > ++[chap] returns noop
> > ++[mschap] returns noop
> > [suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix] returns noop
> > [eap] No EAP-Message, not doing EAP
> > ++[eap] returns noop
> > ++[files] returns noop
> >         expand: %{User-Name} -> 123.com.sv
> > [sql] sql_set_user escaped user --> '123.com.sv'
> > rlm_sql (sql): Reserving sql socket id: 22
> >         expand: SELECT id, username, attribute, value, op           FROM
> > radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
> id
> > -> SELECT id, username, attribute, value, op           FROM
> > radcheck           WHERE username = '123.com.sv'           ORDER BY id
> >         expand: SELECT groupname           FROM radusergroup
> WHERE
> > username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
> > groupname           FROM radusergroup           WHERE username =
> > '123.com.sv'           ORDER BY priority
> > rlm_sql (sql): Released sql socket id: 22
> > [sql] User 123.com.sv not found
> > ++[sql] returns notfound
> > ++[expiration] returns noop
> > ++[logintime] returns noop
> > [pap] WARNING! No "known good" password found for the user.
> Authentication
> > may fail because of this.
> > ++[pap] returns noop
> > No authenticate method (Auth-Type) configuration found for the request:
> > Rejecting the user
> > Failed to authenticate the user.
> > Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli
> 22264218)
> > Using Post-Auth-Type Reject
> > +- entering group REJECT {...}
> >         expand: %{User-Name} -> 123.com.sv
> >  attr_filter: Matched entry DEFAULT at line 11
> > ++[attr_filter.access_reject] returns updated
> > Delaying reject of request 1 for 1 seconds
> > Going to the next request
> >
> >
> > Im using freeradius 2 and daloradius 0.9, and this a extract of relevant
> > radius.conf settings:
> >
> > authorize {
> >         preprocess
> >         chap
> >         mschap
> >         suffix
> >         eap {
> >                 ok = return
> >         }
> >
> >         files
> >         sql
> >         expiration
> >         logintime
> >         pap
> > }
> >
> >
> >
> > authenticate {
> >         Auth-Type PAP {
> >                 pap
> >         }
> >
> >         Auth-Type CHAP {
> >                 chap
> >         }
> >
> >         Auth-Type MS-CHAP {
> >                 mschap
> >         }
> >         eap
> > }
> >
> >
> > preacct {
> >         preprocess
> >         acct_unique
> >         suffix
> >         files
> > }
> >
> > accounting {
> >         detail
> >         sql
> >         attr_filter.accounting_response
> > }
> >
> >
> > session {
> >         radutmp
> > }
> >
> >
> > post-auth {
> >
> >
> >
> >
> >
> >         exec
> >
> >         Post-Auth-Type REJECT {
> >                 attr_filter.access_reject
> >         }
> > }
> >
> > post-proxy {
> >         eap
> > }
> >
> >
> > From the debug it appears that users file is not being processed
> correctly,
> > what should i check?
> > regards
> > Miguel Miranda
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090728/ac91812b/attachment.html>

More information about the Freeradius-Users mailing list