How to make an open auth realm?

Marcin S. redark at tlen.pl
Wed Feb 10 18:15:33 CET 2010


working(user from database):

rad_recv: Access-Request packet from host 192.168.0.2 port 45023, id=7, 
length=188
         Service-Type = Framed-User
         Framed-Protocol = PPP
         NAS-Port = 362
         NAS-Port-Type = Ethernet
         User-Name = "neptun"
         Calling-Station-Id = "00:21:00:11:90:58"
         Called-Station-Id = "service1"
         NAS-Port-Id = "bridge1"
         MS-CHAP-Challenge = 0x789a686362d46451ad1b12d6d1fecfb4
         MS-CHAP2-Response = 
0x0100efef25766b55d6f212d5332ed21e16d70000000000000000ae2174f15545d09d57abb1befd659c8255b254db8f45bfc9
         NAS-Identifier = "MikroTik"
         NAS-IP-Address = 192.168.0.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/radius/var/log/radius/rad
[auth_log] 
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /usr/local/radius/var/log/radius/radacct/
[auth_log]      expand: %t -> Wed Feb 10 17:45:13 2010
++[auth_log] returns ok
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[sql]   expand: %{User-Name} -> neptun
[sql] sql_set_user escaped user --> 'neptun'
rlm_sql (sql): Reserving sql socket id: 12
[sql]   expand: call rad1('%{User-Name}'); -> call rad1('neptun');
[sql] User found in radcheck table
[sql]   expand: call rad2('%{User-Name}'); -> call rad2('neptun');
rlm_sql (sql): Released sql socket id: 12
++[sql] returns ok
Found Auth-Type = MSCHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with 
Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known 
good"               !!!
!!! clear text password is in Cleartext-Password, and not in 
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[mschap] Told to do MS-CHAPv2 for neptun with NT-Password
++[mschap] returns ok
+- entering group session {...}
++[sql] returns noop
Login OK: [neptun/<via Auth-Type = mschap>] (from client router port 362 
cli 00:21:00:11:90:58)
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> neptun
[sql] sql_set_user escaped user --> 'neptun'
[sql]   expand: UPDATE nodes SET lastonline = unix_timestamp() WHERE 
name='%{User-Name}' or mac='%{User-Name}'; -> UPDATE nodes SET lastonline =
rlm_sql (sql) in sql_postauth: query is UPDATE nodes SET lastonline = 
unix_timestamp() WHERE name='neptun' or mac='neptun';
rlm_sql (sql): Reserving sql socket id: 11
rlm_sql (sql): Released sql socket id: 11
++[sql] returns ok
Sending Access-Accept of id 7 to 192.168.0.2 port 45023
         Framed-IP-Address == 192.168.4.201
         Framed-IP-Netmask == 255.255.255.255
         Mikrotik-Rate-Limit := "386k/3072k 0/3584k 0/1536k 0/25 8"
         MS-CHAP2-Success = 
0x01533d45344637363346393230313246374145374641363036434630314632334336324230363831333338
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 192.168.0.2 port 59326, 
id=8, length=146
         Service-Type = Framed-User
         Framed-Protocol = PPP
         NAS-Port = 362
         NAS-Port-Type = Ethernet
         User-Name = "neptun"
         Calling-Station-Id = "00:21:00:11:90:58"
         Called-Station-Id = "service1"
         NAS-Port-Id = "bridge1"
         Acct-Session-Id = "81400150"
         Framed-IP-Address = 192.168.4.201
         Acct-Authentic = RADIUS
         Event-Timestamp = "Feb 10 2010 17:45:14 CET"
         Acct-Status-Type = Start
         NAS-Identifier = "MikroTik"
         NAS-IP-Address = 192.168.0.2
         Acct-Delay-Time = 0
+- entering group accounting {...}
[sql]   expand: %{User-Name} -> neptun
[sql] sql_set_user escaped user --> 'neptun'
[sql]   expand:  ->
rlm_sql (sql): Reserving sql socket id: 10
rlm_sql (sql): Released sql socket id: 10
++[sql] returns ok
Sending Accounting-Response of id 8 to 192.168.0.2 port 59326
Finished request 2.
Cleaning up request 2 ID 8 with timestamp +2
Going to the next request
Waking up in 4.9 seconds.

not working(alien user):
rad_recv: Access-Request packet from host 192.168.0.2 port 57789, 
id=234, length=189
         Service-Type = Framed-User
         Framed-Protocol = PPP
         NAS-Port = 353
         NAS-Port-Type = Ethernet
         User-Name = "someone"
         Calling-Station-Id = "00:21:00:11:90:58"
         Called-Station-Id = "service1"
         NAS-Port-Id = "bridge1"
         MS-CHAP-Challenge = 0xd74b24161391b697f91dee51eccb3898
         MS-CHAP2-Response = 
0x010004148d0dcca8dba78110be592613bf9000000000000000008a03009aa6e54aaf8af8bdd6ca4e3f366fdeb668b11a8ce7
         NAS-Identifier = "MikroTik"
         NAS-IP-Address = 192.168.0.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
-> /usr/local/radius/var/log/radius/radacct/192.168
[auth_log] 
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /usr/local/radius/var/log/radius/radacct/192.168.0.2/
[auth_log]      expand: %t -> Wed Feb 10 17:39:24 2010
++[auth_log] returns ok
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[sql]   expand: %{User-Name} -> someone
[sql] sql_set_user escaped user --> 'someone'
rlm_sql (sql): Reserving sql socket id: 9
[sql]   expand: call rad1('%{User-Name}'); -> call rad1('someone');
[sql] User found in radcheck table
[sql]   expand: call rad2('%{User-Name}'); -> call rad2('someone');
rlm_sql (sql): Released sql socket id: 9
++[sql] returns ok
Found Auth-Type = MSCHAP
Found Auth-Type = Accept
Warning:  Found 2 auth-types on request for user 'someone'
Auth-Type = Accept, accepting the user
Login OK: [someone/<via Auth-Type = mschap>] (from client router port 
353 cli 00:21:00:11:90:58)
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> someone
[sql] sql_set_user escaped user --> 'someone'
[sql]   expand: UPDATE nodes SET lastonline = unix_timestamp() WHERE 
name='%{User-Name}' or mac='%{User-Name}'; -> UPDATE nodes SET 
lastonline = unix_timest
rlm_sql (sql) in sql_postauth: query is UPDATE nodes SET lastonline = 
unix_timestamp() WHERE name='someone' or mac='someone';
rlm_sql (sql): Reserving sql socket id: 8
rlm_sql (sql): Released sql socket id: 8
++[sql] returns ok
Sending Access-Accept of id 234 to 192.168.0.2 port 57789
         Framed-IP-Address := 192.168.4.200
         Framed-IP-Netmask := 255.255.255.255
         Mikrotik-Rate-Limit := "128k/64k"
Finished request 3.
Going to the next request
Waking up in 3.7 seconds.


So what should I return to let in user without account in my database?


POzdrawiam
Marcin S.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100210/f0187975/attachment.html>


More information about the Freeradius-Users mailing list