How to make an open auth realm?
Marcin S.
redark at tlen.pl
Wed Feb 10 18:15:33 CET 2010
working(user from database):
rad_recv: Access-Request packet from host 192.168.0.2 port 45023, id=7,
length=188
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 362
NAS-Port-Type = Ethernet
User-Name = "neptun"
Calling-Station-Id = "00:21:00:11:90:58"
Called-Station-Id = "service1"
NAS-Port-Id = "bridge1"
MS-CHAP-Challenge = 0x789a686362d46451ad1b12d6d1fecfb4
MS-CHAP2-Response =
0x0100efef25766b55d6f212d5332ed21e16d70000000000000000ae2174f15545d09d57abb1befd659c8255b254db8f45bfc9
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.0.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /usr/local/radius/var/log/radius/rad
[auth_log]
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/radius/var/log/radius/radacct/
[auth_log] expand: %t -> Wed Feb 10 17:45:13 2010
++[auth_log] returns ok
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[sql] expand: %{User-Name} -> neptun
[sql] sql_set_user escaped user --> 'neptun'
rlm_sql (sql): Reserving sql socket id: 12
[sql] expand: call rad1('%{User-Name}'); -> call rad1('neptun');
[sql] User found in radcheck table
[sql] expand: call rad2('%{User-Name}'); -> call rad2('neptun');
rlm_sql (sql): Released sql socket id: 12
++[sql] returns ok
Found Auth-Type = MSCHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[mschap] Told to do MS-CHAPv2 for neptun with NT-Password
++[mschap] returns ok
+- entering group session {...}
++[sql] returns noop
Login OK: [neptun/<via Auth-Type = mschap>] (from client router port 362
cli 00:21:00:11:90:58)
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> neptun
[sql] sql_set_user escaped user --> 'neptun'
[sql] expand: UPDATE nodes SET lastonline = unix_timestamp() WHERE
name='%{User-Name}' or mac='%{User-Name}'; -> UPDATE nodes SET lastonline =
rlm_sql (sql) in sql_postauth: query is UPDATE nodes SET lastonline =
unix_timestamp() WHERE name='neptun' or mac='neptun';
rlm_sql (sql): Reserving sql socket id: 11
rlm_sql (sql): Released sql socket id: 11
++[sql] returns ok
Sending Access-Accept of id 7 to 192.168.0.2 port 45023
Framed-IP-Address == 192.168.4.201
Framed-IP-Netmask == 255.255.255.255
Mikrotik-Rate-Limit := "386k/3072k 0/3584k 0/1536k 0/25 8"
MS-CHAP2-Success =
0x01533d45344637363346393230313246374145374641363036434630314632334336324230363831333338
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 192.168.0.2 port 59326,
id=8, length=146
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 362
NAS-Port-Type = Ethernet
User-Name = "neptun"
Calling-Station-Id = "00:21:00:11:90:58"
Called-Station-Id = "service1"
NAS-Port-Id = "bridge1"
Acct-Session-Id = "81400150"
Framed-IP-Address = 192.168.4.201
Acct-Authentic = RADIUS
Event-Timestamp = "Feb 10 2010 17:45:14 CET"
Acct-Status-Type = Start
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.0.2
Acct-Delay-Time = 0
+- entering group accounting {...}
[sql] expand: %{User-Name} -> neptun
[sql] sql_set_user escaped user --> 'neptun'
[sql] expand: ->
rlm_sql (sql): Reserving sql socket id: 10
rlm_sql (sql): Released sql socket id: 10
++[sql] returns ok
Sending Accounting-Response of id 8 to 192.168.0.2 port 59326
Finished request 2.
Cleaning up request 2 ID 8 with timestamp +2
Going to the next request
Waking up in 4.9 seconds.
not working(alien user):
rad_recv: Access-Request packet from host 192.168.0.2 port 57789,
id=234, length=189
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 353
NAS-Port-Type = Ethernet
User-Name = "someone"
Calling-Station-Id = "00:21:00:11:90:58"
Called-Station-Id = "service1"
NAS-Port-Id = "bridge1"
MS-CHAP-Challenge = 0xd74b24161391b697f91dee51eccb3898
MS-CHAP2-Response =
0x010004148d0dcca8dba78110be592613bf9000000000000000008a03009aa6e54aaf8af8bdd6ca4e3f366fdeb668b11a8ce7
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.0.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /usr/local/radius/var/log/radius/radacct/192.168
[auth_log]
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/radius/var/log/radius/radacct/192.168.0.2/
[auth_log] expand: %t -> Wed Feb 10 17:39:24 2010
++[auth_log] returns ok
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[sql] expand: %{User-Name} -> someone
[sql] sql_set_user escaped user --> 'someone'
rlm_sql (sql): Reserving sql socket id: 9
[sql] expand: call rad1('%{User-Name}'); -> call rad1('someone');
[sql] User found in radcheck table
[sql] expand: call rad2('%{User-Name}'); -> call rad2('someone');
rlm_sql (sql): Released sql socket id: 9
++[sql] returns ok
Found Auth-Type = MSCHAP
Found Auth-Type = Accept
Warning: Found 2 auth-types on request for user 'someone'
Auth-Type = Accept, accepting the user
Login OK: [someone/<via Auth-Type = mschap>] (from client router port
353 cli 00:21:00:11:90:58)
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> someone
[sql] sql_set_user escaped user --> 'someone'
[sql] expand: UPDATE nodes SET lastonline = unix_timestamp() WHERE
name='%{User-Name}' or mac='%{User-Name}'; -> UPDATE nodes SET
lastonline = unix_timest
rlm_sql (sql) in sql_postauth: query is UPDATE nodes SET lastonline =
unix_timestamp() WHERE name='someone' or mac='someone';
rlm_sql (sql): Reserving sql socket id: 8
rlm_sql (sql): Released sql socket id: 8
++[sql] returns ok
Sending Access-Accept of id 234 to 192.168.0.2 port 57789
Framed-IP-Address := 192.168.4.200
Framed-IP-Netmask := 255.255.255.255
Mikrotik-Rate-Limit := "128k/64k"
Finished request 3.
Going to the next request
Waking up in 3.7 seconds.
So what should I return to let in user without account in my database?
POzdrawiam
Marcin S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100210/f0187975/attachment.html>
More information about the Freeradius-Users
mailing list