checkval and != op
Christian Zoffoli
czoffoli at xmerlin.org
Mon Jun 21 11:31:00 CEST 2010
Il 21/06/2010 08:30, Alan DeKok ha scritto:
> Christian Zoffoli wrote:
>> I've configured freeradius with mysql anche checkval and all works as
>> expected when I try to authenticate users with Calling-Station-ID and :=
>> operators in radgroupcheck but I cannot use it with != operator.
>
> I don't see why. It works as documented, and the != operator works.
mysql> SELECT * FROM radcheck WHERE username='bumlwdgx';
+-------+----------+--------------------+----+----------------------+
| id | username | attribute | op | value |
+-------+----------+--------------------+----+----------------------+
| 20716 | bumlwdgx | Expiration | := | 18 Dec 2010 11:06:03 |
| 20715 | bumlwdgx | Cleartext-Password | := | 88209211 |
+-------+----------+--------------------+----+----------------------+
mysql> SELECT * FROM radusergroup WHERE username='bumlwdgx';
+-------+----------+-----------+----------+
| ID | username | groupname | priority |
+-------+----------+-----------+----------+
| 10114 | bumlwdgx | wireless | 1 |
+-------+----------+-----------+----------+
1 row in set (0.00 sec)
SELECT * FROM radgroupcheck WHERE groupname='wireless';
+----+-----------+--------------------+----+-------------------+
| id | groupname | attribute | op | value |
+----+-----------+--------------------+----+-------------------+
| 18 | wireless | Calling-Station-Id | != | 00-22-15-16-35-B0 |
| 9 | wireless | Access-Period | := | 604800 |
| 11 | wireless | Max-All-Session | := | 86400 |
+----+-----------+--------------------+----+-------------------+
3 rows in set (0.00 sec)
here is the output of the radius auth
---
rad_recv: Access-Request packet from host 127.0.0.1 port 34220, id=1,
length=298
ChilliSpot-Version = "1.2.2"
User-Name = "bumlwdgx"
CHAP-Challenge = 0x777d7fc0c28a480f750e1f5506c3ccd7
CHAP-Password = 0x008617e203333f1fc66b2cacc4cbbe2255
NAS-IP-Address = 192.168.182.1
Service-Type = Login-User
Framed-IP-Address = 192.168.182.2
Calling-Station-Id = "00-22-15-16-35-B0"
Called-Station-Id = "00-0D-B9-15-F4-C9"
NAS-Identifier = "localhost"
Acct-Session-Id = "4c1f2f3e00000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
WISPr-Location-Name = "HotSpot_Service"
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Message-Authenticator = 0x2fea143af618652c950abd1fe0ad8cce
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "bumlwdgx", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> bumlwdgx
expand: %{%{User-Name}:-DEFAULT} -> bumlwdgx
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> bumlwdgx
rlm_sql (sql): sql_set_user escaped user --> 'bumlwdgx'
rlm_sql (sql): Reserving sql socket id: 0
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'bumlwdgx' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'bumlwdgx' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'bumlwdgx' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'wireless'
ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
rlm_checkval: Could not find attribute named Calling-Station-Id in check
pairs
++[checkval] returns notfound
rlm_expiration: Checking Expiration time: '18 Dec 2010 11:06:03'
++[expiration] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[accessperiod] returns noop
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [bumlwdgx/<CHAP-Password>] (from client localhost port 1 cli
00-22-15-16-35-B0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> bumlwdgx
expand: %{%{User-Name}:-DEFAULT} -> bumlwdgx
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> bumlwdgx
rlm_sql (sql): sql_set_user escaped user --> 'bumlwdgx'
expand: %{User-Password} ->
expand: %{Chap-Password} -> 0x008617e203333f1fc66b2cacc4cbbe2255
expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'bumlwdgx',
'0x008617e203333f1fc66b2cacc4cbbe2255',
'Access-Accept', '2010-06-21 11:22:37')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'bumlwdgx',
'0x008617e203333f1fc66b2cacc4cbbe2255',
'Access-Accept', '2010-06-21 11:22:37')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 1 to 127.0.0.1 port 34220
Session-Timeout = 15554606
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 60147,
id=8, length=225
ChilliSpot-Version = "1.2.2"
ChilliSpot-Attr-10 = 0x00000002
Acct-Status-Type = Start
User-Name = "bumlwdgx"
Calling-Station-Id = "00-22-15-16-35-B0"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
Framed-IP-Address = 192.168.182.2
Acct-Session-Id = "4c1f2f3e00000001"
NAS-IP-Address = 192.168.182.1
Called-Station-Id = "00-0D-B9-15-F4-C9"
NAS-Identifier = "localhost"
WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
WISPr-Location-Name = "HotSpot_Service"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 192.168.182.1,Acct-Session-Id =
"4c1f2f3e00000001",User-Name = "bumlwdgx"'
rlm_acct_unique: Acct-Unique-Session-ID = "18a263802bd4fe7e".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "bumlwdgx", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/detail-20100621
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/detail-20100621
expand: %t -> Mon Jun 21 11:22:37 2010
++[detail] returns ok
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> bumlwdgx
expand: %{%{User-Name}:-DEFAULT} -> bumlwdgx
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> bumlwdgx
rlm_sql (sql): sql_set_user escaped user --> 'bumlwdgx'
expand: %{Acct-Delay-Time} ->
expand: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}') -> INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay, xascendsessionsvrkey) VALUES
('4c1f2f3e00000001', '18a263802bd4fe7e', 'bumlwdgx',
'', '192.168.182.1', '1', 'Wireless-802.11',
'2010-06-21 11:22:37', NULL, '0', '', '', '',
'0', '0', '00-0D-B9-15-F4-C9', '00-22-15-16-35-B0', '',
'', '', '192.168.182.2', '0', '0', '')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
expand: %{User-Name} -> bumlwdgx
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 8 to 127.0.0.1 port 60147
Finished request 11.
Cleaning up request 11 ID 8 with timestamp +779
Going to the next request
Waking up in 4.9 seconds.
---
in radiusd.conf I have:
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
Best regards,
Christian
More information about the Freeradius-Users
mailing list