Checkval
Vik21
vik.antunes at gmail.com
Thu Jun 4 15:26:47 CEST 2009
Hello!
I am trying to put checkval to work with radgroupcheck however without
success. My problem is that in the radcheck if Calling-Station-Id is not met
he rejects the user (just like I want it to do) but in the radgroupcheck if
the Calling-Station-Id is not met freeradius send an Access-Accept anyway (I
want it to reject).
My checkval:
checkval {
# The attribute to look for in the request
item-name = Calling-Station-Id
# The attribute to look for in check items. Can be multi valued
check-name = Calling-Station-Id
# The data type. Can be
# string,integer,ipaddr,date,abinary,octets
data-type = string
# If set to yes and we dont find the item-name attribute in the
# request then we send back a reject
# DEFAULT is no
notfound-reject = yes
}
Part of my radius log:
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-21-00-33-B1-88
rlm_checkval: Could not find attribute named Calling-Station-Id in check
pairs
++[checkval] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
expand: %{User-Name} -> vitor33
[sql] sql_set_user escaped user --> 'vitor33'
expand: %{User-Password} ->
expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES
('%{User-Name}', '%{%{User-Password}:-Chap-Password}',
'%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ('vitor33', 'Chap-Password', 'Access-Accept',
NOW())
expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES ('vitor33', 'Chap-Password',
'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_postgresql: query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ('vitor33', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
} # server inner-tunnel
[ttls] Got tunneled reply code 2
EAP-Message = 0x03010004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "vitor33"
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
rlm_eap_ttls: Freeing handler for user vitor33
++[eap] returns ok
+- entering group post-auth {...}
expand: %{User-Name} -> vitor33
[sql] sql_set_user escaped user --> 'vitor33'
expand: %{User-Password} ->
expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES
('%{User-Name}', '%{%{User-Password}:-Chap-Password}',
'%{reply:Packet-Type}', NOW()) -> INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ('vitor33', 'Chap-Password', 'Access-Accept',
NOW())
expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES ('vitor33', 'Chap-Password',
'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ('vitor33', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 19 to 192.168.100.2 port 32773
MS-MPPE-Recv-Key =
0x5b81c8ead986cb6408398bc0a2e3bef7457500dd6b8504be9d63a097679ee0d8
MS-MPPE-Send-Key =
0x4da2d778e0ffa8bddaf4e989a5b34e69e29266ff830134df8c2f03ca8d21bbe7
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "vitor33"
Finished request 7.
My radgroupcheck table:
4;"testgroup";"Simultaneous-Use";":=";"1"
7;"testgroup";"Calling-Station-Id";"==";"00-00-00-00-00-11"
My radusergroup table:
"admin";"testgroup";0
"vitor33";"testgroup";0
Can anyone help me ?
Thanks in advance.
edit: If I add the line "Auth-Type := Reject" for the same group in
radgroupcheck, freeradius keep send Access-Acept when he should send
Access-Reject, right ?
--
View this message in context: http://www.nabble.com/Checkval-tp23867006p23867006.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list