R: R: R: NAS-Identifier and radgroupcheck table
Ana Gallardo
ana.gallardo.77 at gmail.com
Mon Apr 26 14:46:04 CEST 2010
Hello,
sorry to ask again about this isuue, but I can't get the correct
configuration.
I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
I want to filter users login from fixed NAS,but I always get an reject.
I don't understand why in the example bellow:
++[request] returns notfound
Thank you very much.
EXAMPLE
My SQL database:
mysql> select * from radcheck;
+----+------------+--------------------+----+-------------+
| id | username | attribute | op | value |
+----+------------+--------------------+----+-------------+
| 1 | ana | Cleartext-Password | := | claveAna |
+----+------------+--------------------+----+-------------+
1 rows in set (0.00 sec)
mysql> select * from radreply;
+----+----------+---------------+----+--------------------------+
| id | username | attribute | op | value |
+----+----------+---------------+----+--------------------------+
| 1 | ana | Reply-Message | += | Hola Anita |
+----+----------+---------------+----+--------------------------+
1 rows in set (0.00 sec)
mysql> select * from radusergroup;
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| ana | CAU1 | 0 |
+----------+-----------+----------+
1 rows in set (0.00 sec)
mysql> select * from radgroupcheck;
+----+-----------+----------------+----+--------+
| id | groupname | attribute | op | value |
+----+-----------+----------------+----+--------+
| 1 | CAU1 | Huntgroup-Name | == | pccau1 |
| 2 | CAU1 | Auth-Type | := | Accept |
+----+-----------+----------------+----+--------+
2 rows in set (0.00 sec)
mysql> select * from radgroupreply;
+----+-----------+---------------+----+------------------------------+
| id | groupname | attribute | op | value |
+----+-----------+---------------+----+------------------------------+
| 1 | CAU1 | Reply-Message | += | Hola miembros del grupo CAU1 |
+----+-----------+---------------+----+------------------------------+
1 rows in set (0.00 sec)
mysql> select * from nas;
+----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+
| id | nasname | shortname | type | ports | secret | server |
community | description |
+----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+
| 1 | X.X.X.X | pcCAU1 | other | NULL | cau123 | NULL |
NULL | CAU1 computer |
+----+----------------+-----------+-------+-------+--------+--------+-----------+---------------+
1 rows in set (0.00 sec)
In my users file:
debian:/etc/freeradius# cat users
DEFAULT Auth-Type := Reject
bob Cleartext-Password := "hello"
Reply-Message = "Hola %{User-Name}"
My default server:
authorize {
update request {
Huntgroup-Name = "%{sql:select shortname from nas where
nasname=\"%{Client-IP-Address}\"}"
}
preprocess
mschap
suffix
eap {
ok = return
}
files
sql
expiration
pap
}
Request with radtest + ana + pcCAU1
rad_recv: Access-Request packet from host X.X.X.X port 45281, id=133,
length=55
User-Name = "ana"
User-Password = "claveAna"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
+- entering group authorize {...}
sql_xlat
expand: %{User-Name} -> ana
sql_set_user escaped user --> 'ana'
expand: select shortname from nas where nasname="%{Client-IP-Address}"
-> select shortname from nas where nasname="X.X.X.X"
expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: select shortname from nas where nasname="X.X.X.X"
sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
expand: %{sql:select shortname from nas where
nasname="%{Client-IP-Address}"} -> pcCAU1
++[request] returns notfound
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "ana", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 9
++[files] returns ok
[sql] expand: %{User-Name} -> ana
[sql] sql_set_user escaped user --> 'ana'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = BINARY 'ana' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = BINARY 'ana' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = BINARY 'ana' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = BINARY 'ana' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = BINARY '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = BINARY
'ana' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = BINARY 'ana' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = 'CAU1' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname = 'CAU1'
ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[expiration] Checking Expiration time: '02 Dec 2010'
++[expiration] returns ok
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Reject
Auth-Type = Reject, rejecting user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[sql] expand: %{User-Name} -> ana
[sql] sql_set_user escaped user --> 'ana'
[sql] expand: INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES ( '%{User-Name}',
'%{Calling-Station-Id}', '%C',
'%{Nas-IP-Address}', '%{reply:Packet-Type}',
NOW()) -> INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES ( 'ana', '',
'pcCAU1', '127.0.1.1',
'Access-Reject', NOW())
[sql] expand: /var/log/freeradius/sqltrace.sql ->
/var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, mac, client, nas, reply,
authdate) VALUES (
'ana', '', 'pcCAU1',
'127.0.1.1', 'Access-Reject', NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: INSERT INTO radpostauth
(username, mac, client, nas, reply, authdate)
VALUES ( 'ana', '',
'pcCAU1', '127.0.1.1',
'Access-Reject', NOW())
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[attr_filter.access_reject] expand: %{User-Name} -> ana
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 133 to X.X.X.X port 45281
Reply-Message += "Hola Anita"
Sorry for my english.
--
____________________
Ana Gallardo Gómez
____________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100426/fd5f6f56/attachment.html>
More information about the Freeradius-Users
mailing list