white list for nas-ipaddress

Miguel Miranda miguel.mirandag at gmail.com
Tue Jul 28 21:27:51 CEST 2009


Me too, but my questions is about the nas-ip-address entry that i posted as
example, acording to the docs, all users should be accepted, no matter what
user/pass combitantion they are using.
and in my case freeradius rejects the access

On Tue, Jul 28, 2009 at 1:19 PM, Dimitrios Giannakopoulos <
d.giannakop at gmail.com> wrote:

> Hi Miranda
> I use the same users file and authorization configuration (with sql)
> and it is work fine.
>
>
> On Tue, Jul 28, 2009 at 9:28 PM, Miguel
> Miranda<miguel.mirandag at gmail.com> wrote:
> > Well, that is not the only one nas i have , the sql module is requiered
> for
> > several other nas and hotspots users...
> >
> > On Tue, Jul 28, 2009 at 12:25 PM, Dimitrios Giannakopoulos
> > <d.giannakop at gmail.com> wrote:
> >>
> >> The problem is that the sql module returns reject
> >> you can remove the sql from authorization
> >>
> >> On Tue, Jul 28, 2009 at 8:53 PM, Miguel
> >> Miranda<miguel.mirandag at gmail.com> wrote:
> >> > Hi, i want to accept all request coming from a specific
> nas-ip-assdress
> >> > , i
> >> > used to configure like this (in users file):
> >> >
> >> > DEFAULT NAS-IP-Address == "192.168.150.25", Auth-Type := Accept
> >> >                 Fall-Through = Yes
> >> > The above settings are not working now, this is the debug of a
> >> > transaction:
> >> >
> >> > rad_recv: Access-Request packet from host 192.168.150.25 port 1645,
> >> > id=52,
> >> > length=94
> >> >         NAS-IP-Address = 192.168.150.25
> >> >         NAS-Port = 108
> >> >         NAS-Port-Type = Async
> >> >         User-Name = "123.com.sv"
> >> >         Called-Station-Id = "22660321"
> >> >         Calling-Station-Id = "22264218"
> >> >         User-Password = "cisco"
> >> >         Service-Type = Dialout-Framed-User
> >> > +- entering group authorize {...}
> >> > ++[preprocess] returns ok
> >> > ++[chap] returns noop
> >> > ++[mschap] returns noop
> >> > [suffix] No '@' in User-Name = "123.com.sv", looking up realm NULL
> >> > [suffix] No such realm "NULL"
> >> > ++[suffix] returns noop
> >> > [eap] No EAP-Message, not doing EAP
> >> > ++[eap] returns noop
> >> > ++[files] returns noop
> >> >         expand: %{User-Name} -> 123.com.sv
> >> > [sql] sql_set_user escaped user --> '123.com.sv'
> >> > rlm_sql (sql): Reserving sql socket id: 22
> >> >         expand: SELECT id, username, attribute, value, op
> FROM
> >> > radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
> >> > BY id
> >> > -> SELECT id, username, attribute, value, op           FROM
> >> > radcheck           WHERE username = '123.com.sv'           ORDER BY
> id
> >> >         expand: SELECT groupname           FROM radusergroup
> >> > WHERE
> >> > username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
> >> > groupname           FROM radusergroup           WHERE username =
> >> > '123.com.sv'           ORDER BY priority
> >> > rlm_sql (sql): Released sql socket id: 22
> >> > [sql] User 123.com.sv not found
> >> > ++[sql] returns notfound
> >> > ++[expiration] returns noop
> >> > ++[logintime] returns noop
> >> > [pap] WARNING! No "known good" password found for the user.
> >> > Authentication
> >> > may fail because of this.
> >> > ++[pap] returns noop
> >> > No authenticate method (Auth-Type) configuration found for the
> request:
> >> > Rejecting the user
> >> > Failed to authenticate the user.
> >> > Login incorrect: [123.com.sv/cisco] (from client tigo port 108 cli
> >> > 22264218)
> >> > Using Post-Auth-Type Reject
> >> > +- entering group REJECT {...}
> >> >         expand: %{User-Name} -> 123.com.sv
> >> >  attr_filter: Matched entry DEFAULT at line 11
> >> > ++[attr_filter.access_reject] returns updated
> >> > Delaying reject of request 1 for 1 seconds
> >> > Going to the next request
> >> >
> >> >
> >> > Im using freeradius 2 and daloradius 0.9, and this a extract of
> relevant
> >> > radius.conf settings:
> >> >
> >> > authorize {
> >> >         preprocess
> >> >         chap
> >> >         mschap
> >> >         suffix
> >> >         eap {
> >> >                 ok = return
> >> >         }
> >> >
> >> >         files
> >> >         sql
> >> >         expiration
> >> >         logintime
> >> >         pap
> >> > }
> >> >
> >> >
> >> >
> >> > authenticate {
> >> >         Auth-Type PAP {
> >> >                 pap
> >> >         }
> >> >
> >> >         Auth-Type CHAP {
> >> >                 chap
> >> >         }
> >> >
> >> >         Auth-Type MS-CHAP {
> >> >                 mschap
> >> >         }
> >> >         eap
> >> > }
> >> >
> >> >
> >> > preacct {
> >> >         preprocess
> >> >         acct_unique
> >> >         suffix
> >> >         files
> >> > }
> >> >
> >> > accounting {
> >> >         detail
> >> >         sql
> >> >         attr_filter.accounting_response
> >> > }
> >> >
> >> >
> >> > session {
> >> >         radutmp
> >> > }
> >> >
> >> >
> >> > post-auth {
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >         exec
> >> >
> >> >         Post-Auth-Type REJECT {
> >> >                 attr_filter.access_reject
> >> >         }
> >> > }
> >> >
> >> > post-proxy {
> >> >         eap
> >> > }
> >> >
> >> >
> >> > From the debug it appears that users file is not being processed
> >> > correctly,
> >> > what should i check?
> >> > regards
> >> > Miguel Miranda
> >> >
> >> >
> >> >
> >> > -
> >> > List info/subscribe/unsubscribe? See
> >> > http://www.freeradius.org/list/users.html
> >> >
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090728/abf2c835/attachment.html>


More information about the Freeradius-Users mailing list