checkval and != op
Christian Zoffoli
czoffoli at xmerlin.org
Mon Jun 21 14:41:58 CEST 2010
Il 21/06/2010 13:50, Alan DeKok ha scritto:
[cut]
> Why? What possible use is this? What do you expect it to do?
there is something strange IMHO
if I try a different user in the wired group and this radgroupcheck:
mysql> SELECT * FROM radgroupcheck WHERE groupname='wired';
+----+-----------+--------------------+----+-------------------+
| id | groupname | attribute | op | value |
+----+-----------+--------------------+----+-------------------+
| 6 | wired | Calling-Station-Id | := | 00-22-15-16-35-B0 |
| 7 | wired | Simultaneous-Use | := | 1 |
| 10 | wired | Max-All-Session | := | 3600 |
| 12 | wired | Access-Period | := | 604800 |
+----+-----------+--------------------+----+-------------------+
4 rows in set (0.00 sec)
All works as expected. The software is the same, the machine is the same
but now rlm_checkval works
---
rad_recv: Access-Request packet from host 127.0.0.1 port 51146, id=1,
length=298
ChilliSpot-Version = "1.2.2"
User-Name = "m7dby5cc"
CHAP-Challenge = 0x0c8e9cdfd1f76caa475d8120e0af8660
CHAP-Password = 0x00d4c0245b2a9b2a0429c5c3401da5439e
NAS-IP-Address = 192.168.182.1
Service-Type = Login-User
Framed-IP-Address = 192.168.182.2
Calling-Station-Id = "00-22-15-16-35-B0"
Called-Station-Id = "00-0D-B9-15-F4-C9"
NAS-Identifier = "localhost"
Acct-Session-Id = "4c1f311000000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
WISPr-Location-Name = "HotSpot_Service"
WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
Message-Authenticator = 0x7d095fb7ce6c28a7459e053a4074bf17
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "m7dby5cc", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
rlm_sql (sql): Reserving sql socket id: 0
expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'm7dby5cc' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'm7dby5cc' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'm7dby5cc' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'wired'
ORDER BY id
rlm_sql (sql): User found in group wired
expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'wired'
ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-22-15-16-35-B0
++[checkval] returns ok
rlm_expiration: Checking Expiration time: '18 Dec 2010 11:06:25'
++[expiration] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='m7dby5cc'
sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='m7dby5cc'}'
rlm_sql (sql): - sql_xlat
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): row[0] returned NULL
rlm_sql (sql): Released sql socket id: 4
expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='m7dby5cc'} ->
rlm_sqlcounter: No integer found in string ""
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName =
'%{User-Name}' ORDER BY AcctStartTime LIMIT 1'
expand: SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM
radacct WHERE UserName = '%{User-Name}' ORDER BY AcctStartTime LIMIT 1
-> SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM radacct
WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1
sqlcounter_expand: '%{sql:SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName = 'm7dby5cc'
ORDER BY AcctStartTime LIMIT 1}'
rlm_sql (sql): - sql_xlat
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM
radacct WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1 ->
SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) FROM radacct
WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): SQL query did not return any results
rlm_sql (sql): Released sql socket id: 3
expand: %{sql:SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime)
FROM radacct WHERE UserName = 'm7dby5cc' ORDER BY AcctStartTime LIMIT 1} ->
rlm_sqlcounter: No integer found in string ""
++[accessperiod] returns noop
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
+- entering group session
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: SELECT COUNT(*) FROM radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime is NULL -> SELECT COUNT(*)
FROM radacct WHERE username = 'm7dby5cc' AND acctstoptime is NULL
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
Login OK: [m7dby5cc/<CHAP-Password>] (from client localhost port 1 cli
00-22-15-16-35-B0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: %{User-Password} ->
expand: %{Chap-Password} -> 0x00d4c0245b2a9b2a0429c5c3401da5439e
expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'm7dby5cc',
'0x00d4c0245b2a9b2a0429c5c3401da5439e',
'Access-Accept', '2010-06-21 14:36:34')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)
VALUES ( 'm7dby5cc',
'0x00d4c0245b2a9b2a0429c5c3401da5439e',
'Access-Accept', '2010-06-21 14:36:34')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 1 to 127.0.0.1 port 51146
Acct-Interim-Interval := 600
Session-Timeout = 15542991
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 127.0.0.1 port 60147,
id=11, length=225
ChilliSpot-Version = "1.2.2"
ChilliSpot-Attr-10 = 0x00000002
Acct-Status-Type = Start
User-Name = "m7dby5cc"
Calling-Station-Id = "00-22-15-16-35-B0"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
Framed-IP-Address = 192.168.182.2
Acct-Session-Id = "4c1f311000000001"
NAS-IP-Address = 192.168.182.1
Called-Station-Id = "00-0D-B9-15-F4-C9"
NAS-Identifier = "localhost"
WISPr-Location-ID = "isocc=,cc=,ac=,network=XTekLABS,"
WISPr-Location-Name = "HotSpot_Service"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 192.168.182.1,Acct-Session-Id =
"4c1f311000000001",User-Name = "m7dby5cc"'
rlm_acct_unique: Acct-Unique-Session-ID = "ddca1f9d2efffb89".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "m7dby5cc", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/freeradius/radacct/127.0.0.1/detail-20100621
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/detail-20100621
expand: %t -> Mon Jun 21 14:36:35 2010
++[detail] returns ok
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> m7dby5cc
expand: %{%{User-Name}:-DEFAULT} -> m7dby5cc
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> m7dby5cc
rlm_sql (sql): sql_set_user escaped user --> 'm7dby5cc'
expand: %{Acct-Delay-Time} ->
expand: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}') -> INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay, xascendsessionsvrkey) VALUES
('4c1f311000000001', 'ddca1f9d2efffb89', 'm7dby5cc',
'', '192.168.182.1', '1', 'Wireless-802.11',
'2010-06-21 14:36:35', NULL, '0', '', '', '',
'0', '0', '00-0D-B9-15-F4-C9', '00-22-15-16-35-B0', '',
'', '', '192.168.182.2', '0', '0', '')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
expand: %{User-Name} -> m7dby5cc
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 11 to 127.0.0.1 port 60147
Finished request 15.
Cleaning up request 15 ID 11 with timestamp +12417
Going to the next request
Waking up in 4.9 seconds.
---
Best regards,
Christian
More information about the Freeradius-Users
mailing list