checkval and != op

Christian Zoffoli czoffoli at xmerlin.org
Mon Jun 21 11:31:00 CEST 2010


Il 21/06/2010 08:30, Alan DeKok ha scritto:
> Christian Zoffoli wrote:
>> I've configured freeradius with mysql anche checkval and all works as
>> expected when I try to authenticate users with Calling-Station-ID and :=
>> operators in radgroupcheck but I cannot use it with != operator.
> 
>   I don't see why.  It works as documented, and the != operator works.


mysql> SELECT * FROM radcheck WHERE username='bumlwdgx';
+-------+----------+--------------------+----+----------------------+
| id    | username | attribute          | op | value                |
+-------+----------+--------------------+----+----------------------+
| 20716 | bumlwdgx | Expiration         | := | 18 Dec 2010 11:06:03 |
| 20715 | bumlwdgx | Cleartext-Password | := | 88209211             |
+-------+----------+--------------------+----+----------------------+


mysql> SELECT * FROM radusergroup WHERE username='bumlwdgx';
+-------+----------+-----------+----------+
| ID    | username | groupname | priority |
+-------+----------+-----------+----------+
| 10114 | bumlwdgx | wireless  |        1 |
+-------+----------+-----------+----------+
1 row in set (0.00 sec)


 SELECT * FROM radgroupcheck WHERE groupname='wireless';
+----+-----------+--------------------+----+-------------------+
| id | groupname | attribute          | op | value             |
+----+-----------+--------------------+----+-------------------+
| 18 | wireless  | Calling-Station-Id | != | 00-22-15-16-35-B0 |
|  9 | wireless  | Access-Period      | := | 604800            |
| 11 | wireless  | Max-All-Session    | := | 86400             |
+----+-----------+--------------------+----+-------------------+
3 rows in set (0.00 sec)



here is the output of the radius auth

---
rad_recv: Access-Request packet from host 127.0.0.1 port 34220, id=1,
length=298
	ChilliSpot-Version = "1.2.2"
	User-Name = "bumlwdgx"
	CHAP-Challenge = 0x777d7fc0c28a480f750e1f5506c3ccd7
	CHAP-Password = 0x008617e203333f1fc66b2cacc4cbbe2255
	NAS-IP-Address = 192.168.182.1
	Service-Type = Login-User
	Framed-IP-Address = 192.168.182.2
	Calling-Station-Id = "00-22-15-16-35-B0"
	Called-Station-Id = "00-0D-B9-15-F4-C9"
	NAS-Identifier = "localhost"
	Acct-Session-Id = "4c1f2f3e00000001"
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
	WISPr-Location-Name = "HotSpot_Service"
	WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
	Message-Authenticator = 0x2fea143af618652c950abd1fe0ad8cce
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: No '@' in User-Name = "bumlwdgx", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> bumlwdgx
	expand: %{%{User-Name}:-DEFAULT} -> bumlwdgx
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> bumlwdgx
rlm_sql (sql): sql_set_user escaped user --> 'bumlwdgx'
rlm_sql (sql): Reserving sql socket id: 0
	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'bumlwdgx'           ORDER BY id
rlm_sql (sql): User found in radcheck table
	expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'bumlwdgx'           ORDER BY id
	expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'bumlwdgx'           ORDER BY priority
	expand: SELECT id, groupname, attribute,           Value, op
FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,           Value, op
      FROM radgroupcheck           WHERE groupname = 'wireless'
  ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
rlm_checkval: Could not find attribute named Calling-Station-Id in check
pairs
++[checkval] returns notfound
rlm_expiration: Checking Expiration time: '18 Dec 2010 11:06:03'
++[expiration] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[accessperiod] returns noop
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [bumlwdgx/<CHAP-Password>] (from client localhost port 1 cli
00-22-15-16-35-B0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> bumlwdgx
	expand: %{%{User-Name}:-DEFAULT} -> bumlwdgx
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> bumlwdgx
rlm_sql (sql): sql_set_user escaped user --> 'bumlwdgx'
	expand: %{User-Password} ->
	expand: %{Chap-Password} -> 0x008617e203333f1fc66b2cacc4cbbe2255
	expand: INSERT INTO radpostauth                           (username,
pass, reply, authdate)                           VALUES (
            '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
           (username, pass, reply, authdate)
VALUES (                           'bumlwdgx',
'0x008617e203333f1fc66b2cacc4cbbe2255',
'Access-Accept', '2010-06-21 11:22:37')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
                  (username, pass, reply, authdate)
      VALUES (                           'bumlwdgx',
      '0x008617e203333f1fc66b2cacc4cbbe2255',
'Access-Accept', '2010-06-21 11:22:37')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 1 to 127.0.0.1 port 34220
	Session-Timeout = 15554606
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 60147,
id=8, length=225
	ChilliSpot-Version = "1.2.2"
	ChilliSpot-Attr-10 = 0x00000002
	Acct-Status-Type = Start
	User-Name = "bumlwdgx"
	Calling-Station-Id = "00-22-15-16-35-B0"
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	NAS-Port-Id = "00000001"
	Framed-IP-Address = 192.168.182.2
	Acct-Session-Id = "4c1f2f3e00000001"
	NAS-IP-Address = 192.168.182.1
	Called-Station-Id = "00-0D-B9-15-F4-C9"
	NAS-Identifier = "localhost"
	WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
	WISPr-Location-Name = "HotSpot_Service"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 192.168.182.1,Acct-Session-Id =
"4c1f2f3e00000001",User-Name = "bumlwdgx"'
rlm_acct_unique: Acct-Unique-Session-ID = "18a263802bd4fe7e".
++[acct_unique] returns ok
    rlm_realm: No '@' in User-Name = "bumlwdgx", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
	expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/detail-20100621
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/detail-20100621
	expand: %t -> Mon Jun 21 11:22:37 2010
++[detail] returns ok
	expand: %{Stripped-User-Name} ->
	expand: %{User-Name} -> bumlwdgx
	expand: %{%{User-Name}:-DEFAULT} -> bumlwdgx
	expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> bumlwdgx
rlm_sql (sql): sql_set_user escaped user --> 'bumlwdgx'
	expand: %{Acct-Delay-Time} ->
	expand:            INSERT INTO radacct             (acctsessionid,
acctuniqueid,     username,              realm,            nasipaddress,
    nasportid,              nasporttype,      acctstarttime,
acctstoptime,              acctsessiontime,  acctauthentic,
connectinfo_start,              connectinfo_stop, acctinputoctets,
acctoutputoctets,              calledstationid,  callingstationid,
acctterminatecause,              servicetype,      framedprotocol,
framedipaddress,              acctstartdelay,   acctstopdelay,
xascendsessionsvrkey)           VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
 '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',
             '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
       '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
             '%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}') ->            INSERT INTO radacct
     (acctsessionid,    acctuniqueid,     username,              realm,
           nasipaddress,     nasportid,              nasporttype,
acctstarttime,    acctstoptime,              acctsessiontime,
acctauthentic,    connectinfo_start,              connectinfo_stop,
acctinputoctets,  acctoutputoctets,              calledstationid,
callingstationid, acctterminatecause,              servicetype,
framedprotocol,   framedipaddress,              acctstartdelay,
acctstopdelay,    xascendsessionsvrkey)           VALUES
('4c1f2f3e00000001', '18a263802bd4fe7e',              'bumlwdgx',
       '', '192.168.182.1', '1',              'Wireless-802.11',
'2010-06-21 11:22:37', NULL,              '0', '', '',              '',
'0', '0',              '00-0D-B9-15-F4-C9', '00-22-15-16-35-B0', '',
          '', '', '192.168.182.2',              '0', '0', '')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
	expand: %{User-Name} -> bumlwdgx
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 8 to 127.0.0.1 port 60147
Finished request 11.
Cleaning up request 11 ID 8 with timestamp +779
Going to the next request
Waking up in 4.9 seconds.
---


in radiusd.conf I have:

checkval {
	item-name = Calling-Station-Id
	check-name = Calling-Station-Id
	data-type = string
}



Best regards,
Christian



More information about the Freeradius-Users mailing list