Calling-Station-Id

Osmany osmany at oc.quimefa.cu
Thu Jan 7 14:07:45 CET 2010


On Thu, 2010-01-07 at 11:32 +0100, Bjørn Mork wrote:
> Michel Bulgado <michel at casa.co.cu> writes:
> 
> > Try this way, remember the operator.
> >
> > |312|test at internet.quimefa.cu|Calling-Station-Id | += | "72061490"
> > |298|test at internet.quimefa.cu|MD5-Password       | := | password
> > |313|test at internet.quimefa.cu|Calling-Station-Id | += | "72061490"
> 
> 
> Please read the manual.  In this case, that's users(5):
> 
>        Attribute += Value
>             Always matches as a check item, and adds the current attribute with value to the list of configuration items.
>             As a reply item, it has an identical meaning, but the attribute is added to the reply items.
> 
> 
> This means that the 3 lines
> 
>  |312|test at internet.quimefa.cu|Calling-Station-Id | += | "72061490"
>  |298|test at internet.quimefa.cu|MD5-Password       | := | password
>  |313|test at internet.quimefa.cu|Calling-Station-Id | += | "72061490"
> 
> are identical to the single line
> 
>  |298|test at internet.quimefa.cu|MD5-Password       | := | password
> 
> and the user will be accepted regardless of Calling-Station-Id.
> 
> 
> > suffix] Looking up realm "internet.quimefa.cu" for User-Name = "test at internet.quimefa.cu"
> > [suffix] No such realm "internet.quimefa.cu"
> 
> This is normal, and no problem.  You may define a realm using LOCAL
> authentication to avoid it, but it won't change anything except remove
> the debug message.
> 
> > sql] User test at internet.quimefa.cu not found
> > ++[sql] returns notfound
> 
> The sql module returns notfound if the check items don't match.  This is
> expected in this case as I explained:  Two different equality tests on a
> single attribute will never match.
> 
> 
> > But in the end because it connects the user's which is declared in the file "users". apparently
> > you have stated that locate the user in the database and also in this
> > file, you must define where you will store your users and then put the
> > phone number.
> 
This time I used:

|298|test at internet.quimefa.cu|MD5-Password       | := | password
|313|test at internet.quimefa.cu|Calling-Station-Id | =~ | 6480342|555555

and it still accepts the user from regardless of the phone number it's using. this is what comes up
in the debug.

rad_recv: Access-Request packet from host 192.168.25.10 port 17968,
id=239, length=148
        User-Name = "test at internet.quimefa.cu"
        User-Password = "password"
        NAS-IP-Address = 192.168.25.10
        NAS-Port = 98
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "60110"
        Calling-Station-Id = "72061490"
        NAS-Identifier = "BVISTA"
        NAS-Port-Type = Async
        Connect-Info = "41333/31200 V90/V42bis/LAPM"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "internet.quimefa.cu" for User-Name =
"test at internet.quimefa.cu"
[suffix] No such realm "internet.quimefa.cu"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
        expand: %{User-Name} -> test at internet.quimefa.cu
[sql] sql_set_user escaped user --> 'test at internet.quimefa.cu'
rlm_sql (sql): Reserving sql socket id: 3
        expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'test at internet.quimefa.cu'
ORDER BY id
        expand: %{Calling-Station-Id} -> 72061490
[sql] User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'test at internet.quimefa.cu'
ORDER BY id
        expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'test at internet.quimefa.cu'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "password"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
        expand: %{User-Name} -> test at internet.quimefa.cu
[sql] sql_set_user escaped user --> 'test at internet.quimefa.cu'

as you can see the phone number that user test is using is different
from the ones I have specified in the radcheck table and it comes up
with the sql module returning ok and accepts the user in. I notice that
the pap module also works and returns ok, but I read that this is
mandatory, otherwise no user will be accepted no matter what.




More information about the Freeradius-Users mailing list