Unlang Condition Wrong Value !

Suman Dash sumandash at gmail.com
Mon Aug 8 11:32:05 CEST 2011


Undermentioned is the complete config. This is a direct approach
without storing the results in Tmp-Integer . I assume that this direct
approach has nothing to do with 32bit length of Freeradius Attributes.

What i am looking to accomplish is a data counter which does not wraps
at 4GB, Checks whether total used traffic is less than
Max-Monthly-Traffic and based on the result it updates the reply
attribute.

 I have read a lot in mailing lists that people have accomplished it
with rlm_perl but i unable to find a similar script in freeradius
mailing list.

I understand that this feature will be beneficial to a lot of people
in community as a lot of people have done hacks and tricks to make it
work. So till now official Session counter is available but no data
counter.


if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}") {
                update reply {
                       Mikrotik-Recv-Limit := "%{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE
tbl_usergroup.username = '%{User-Name}'}" - "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}"
                             }
                                else {
                                        update reply {
                                                Reply-Message := "Fair
Usage Policy Enforced, Bandwidth Limited"
                                                Mikrotik-Rate-Limit :=
"128K/256K"

                                                  }
                             }
                                             }



Regards
Suman

On Mon, Aug 8, 2011 at 2:39 PM, Suman Dash <sumandash at gmail.com> wrote:
> What i mean to say is that i am not using an integer to store the
> value as integer is limited to 32bit, Instead i am directly comparing
> output from sql query in Unlanf but it doesn't seems to work either.
>
> It returns false where it should be returning true.
>
> Regards
>
> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>>
>> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>>
>>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>>> How about direct sql statements in Unlang not involving the
>>> Tmp-Integer. It is also not working in my scenario.
>>>
>>
>> You mean a comparison of two integers from two SQL statements?
>>
>>> Attached is the logs.
>>
>> More useful would be the config...
>>
>> -Arran
>>
>>>
>>>
>>> Going to the next request
>>> Ready to process requests.
>>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>>> id=55, length=132
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 60
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "10021"
>>>        Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>>        Called-Station-Id = "Internet"
>>>        NAS-Port-Id = "LAN"
>>>        User-Password = "10021"
>>>        NAS-Identifier = "NTL.XXXXX"
>>>        NAS-IP-Address = xxx.xx.xx.xx
>>> # Executing section authorize from file /etc/freeradius/sites-enabled/default
>>> +- entering group authorize {...}
>>> ++[preprocess] returns ok
>>> ++[chap] returns noop
>>> ++[mschap] returns noop
>>> ++[digest] returns noop
>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>> [suffix] No such realm "NULL"
>>> ++[suffix] returns noop
>>> [eap] No EAP-Message, not doing EAP
>>> ++[eap] returns noop
>>> [files] users: Matched entry DEFAULT at line 172
>>> ++[files] returns ok
>>> [sql]   expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> rlm_sql (sql): Reserving sql socket id: 1
>>> [sql]   expand: SELECT id, username, attribute, value, op
>>> FROM tbl_check           WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_check           WHERE username = '10021'           ORDER BY
>>> id
>>> [sql] User found in radcheck table
>>> [sql]   expand: SELECT id, username, attribute, value, op
>>> FROM tbl_reply           WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_reply           WHERE username = '10021'           ORDER BY
>>> id
>>> [sql]   expand: SELECT groupname           FROM tbl_usergroup
>>> WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
>>> SELECT groupname           FROM tbl_usergroup           WHERE username
>>> = '10021'           ORDER BY priority
>>> [sql]   expand: SELECT id, groupname, attribute,           Value, op
>>>        FROM tbl_groupcheck           WHERE groupname = '%{Sql-Group}'
>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>> Value, op           FROM tbl_groupcheck           WHERE groupname =
>>> 'TEST-10G'           ORDER BY id
>>> [sql] User found in group TEST-10G
>>> [sql]   expand: SELECT id, groupname, attribute,           value, op
>>>        FROM tbl_groupreply           WHERE groupname = '%{Sql-Group}'
>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>> value, op           FROM tbl_groupreply           WHERE groupname =
>>> 'TEST-10G'           ORDER BY id
>>> rlm_sql (sql): Released sql socket id: 1
>>> ++[sql] returns ok
>>> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>>> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>>> ++[checkval] returns ok
>>> [expiration] Checking Expiration time: '1 Sep 2011'
>>> ++[expiration] returns ok
>>> ++[logintime] returns noop
>>> ++[pap] returns updated
>>> Found Auth-Type = PAP
>>> # Executing group from file /etc/freeradius/sites-enabled/default
>>> +- entering group PAP {...}
>>> [pap] login attempt with password "xxxxx"
>>> [pap] Using CRYPT password "Wh1vvjSX72NI6"
>>> [pap] User authenticated successfully
>>> ++[pap] returns ok
>>> # Executing section session from file /etc/freeradius/sites-enabled/default
>>> +- entering group session {...}
>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>> /var/log/freeradius/radutmp
>>> [radutmp]       expand: %{User-Name} -> 10021
>>> ++[radutmp] returns ok
>>> # Executing section post-auth from file /etc/freeradius/sites-enabled/default
>>> +- entering group post-auth {...}
>>> [sql]   expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> [sql]   expand: %{User-Password} -> xxxxx
>>> [sql]   expand: INSERT INTO tbl_postauth
>>> (username, pass, reply, authdate)                           VALUES (
>>>                        '%{User-Name}',
>>> '%{%{User-Password}:-%{Chap-Password}}',
>>> '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth
>>>             (username, pass, reply, authdate)
>>>  VALUES (                           '10021',
>>> '10021',                           'Access-Accept', '2011-08-08
>>> 01:31:49')
>>> rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth
>>>                    (username, pass, reply, authdate)
>>>         VALUES (                           '10021',
>>>        '10021',                           'Access-Accept',
>>> '2011-08-08 01:31:49')
>>> rlm_sql (sql): Reserving sql socket id: 0
>>> rlm_sql (sql): Released sql socket id: 0
>>> ++[sql] returns ok
>>> ++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
>>> tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>> WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>> FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) =
>>> MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}")
>>> sql_xlat
>>>        expand: %{User-Name} -> 10021
>>> sql_set_user escaped user --> '10021'
>>>        expand: SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
>>> tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>               WHERE tbl_usergroup.username = '%{User-Name}' -> SELECT
>>> tbl_groupcheck.value from tbl_groupcheck
>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname =
>>> tbl_usergroup.groupname WHERE tbl_usergroup.username = '10021'
>>> rlm_sql (sql): Reserving sql socket id: 4
>>> sql_xlat finished
>>> rlm_sql (sql): Released sql socket id: 4
>>>        expand: %{sql:SELECT tbl_groupcheck.value from tbl_groupcheck
>>> JOIN tbl_usergroup on tbl_groupcheck.groupname =
>>> tbl_usergroup.groupname
>>>               WHERE tbl_usergroup.username = '%{User-Name}'} -> 23737418240
>>> sql_xlat
>>>        expand: %{User-Name} -> 10021
>>> sql_set_user escaped user --> '10021'
>>>        expand: SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
>>>               WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
>>> AND YEAR(acctstoptime) = YEAR(NOW())
>>>               -> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM
>>> tbl_acct WHERE UserName='10021'
>>>               AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())
>>> rlm_sql (sql): Reserving sql socket id: 3
>>> sql_xlat finished
>>> rlm_sql (sql): Released sql socket id: 3
>>>        expand: %{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
>>> WHERE UserName='%{User-Name}'
>>>               AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
>>> YEAR(NOW())} -> 21093361889
>>> ? Evaluating ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck
>>> JOIN tbl_usergroup on tbl_groupcheck.groupname =
>>> tbl_usergroup.groupname
>>>                       WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>                       FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime)
>>> = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}") -> FALSE
>>> ++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
>>> tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>                       WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>                       FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime)
>>> = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}") -> FALSE
>>> ++[exec] returns noop
>>> Sending Access-Accept of id 55 to xxx.xx.xx.xx port 60642
>>>        Framed-Protocol := PPP
>>>        Framed-Compression := Van-Jacobson-TCP-IP
>>>        Framed-MTU := 1472
>>>        Idle-Timeout := 300
>>>        Reply-Message := "Welcome to Internet Services"
>>>        Mikrotik-Rate-Limit := "512K/2048K 512K/2048K 512K/2048K 180/180 8"
>>>        Framed-Netmask := 255.255.255.0
>>>        Session-Timeout = 2068091
>>> Finished request 2.
>>> Going to the next request
>>> Waking up in 4.9 seconds.
>>> rad_recv: Accounting-Request packet from host xxx.xx.xx.xx port 40276,
>>> id=56, length=154
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 60
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "10021"
>>>        Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>>        Called-Station-Id = "iBroadNet Internet"
>>>        NAS-Port-Id = "LAN"
>>>        Acct-Session-Id = "81800038"
>>>        Framed-IP-Address = 172.16.11.250
>>>        Acct-Authentic = RADIUS
>>>        Event-Timestamp = "Aug  8 2011 01:31:47 IST"
>>>        Acct-Status-Type = Start
>>>        NAS-Identifier = "NTL.xxxxx"
>>>        NAS-IP-Address = xxx.xx.xx.xx
>>>        Acct-Delay-Time = 0
>>> # Executing section preacct from file /etc/freeradius/sites-enabled/default
>>> +- entering group preacct {...}
>>> ++[preprocess] returns ok
>>> [acct_unique] Hashing 'NAS-Port = 60,Client-IP-Address =
>>> xxx.xx.xx.xx,NAS-IP-Address = xxx.xx.xx.xx,Acct-Session-Id =
>>> "81800038",User-Name = "10021"'
>>> [acct_unique] Acct-Unique-Session-ID = "840514b78a2e0def".
>>> ++[acct_unique] returns ok
>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>> [suffix] No such realm "NULL"
>>> ++[suffix] returns noop
>>> ++[files] returns noop
>>> # Executing section accounting from file /etc/freeradius/sites-enabled/default
>>> +- entering group accounting {...}
>>> [detail]        expand:
>>> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
>>> /var/log/freeradius/radacct/xxx.xx.xx.xx/detail-20110808
>>> [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
>>> expands to /var/log/freeradius/radacct/xxx.xx.xx.xx/detail-20110808
>>> [detail]        expand: %t -> Mon Aug  8 01:31:49 2011
>>> ++[detail] returns ok
>>> ++[unix] returns ok
>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>> /var/log/freeradius/radutmp
>>> [radutmp]       expand: %{User-Name} -> 10021
>>> ++[radutmp] returns ok
>>> [sql]   expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> [sql]   expand: %{Acct-Delay-Time} -> 0
>>> [sql]   expand:            INSERT INTO tbl_acct
>>> (acctsessionid,    acctuniqueid,     username,              realm,
>>>       nasipaddress,     nasportid,              nasporttype,
>>> acctstarttime,    acctstoptime,              acctsessiontime,
>>> acctauthentic,    connectinfo_start,              connectinfo_stop,
>>> acctinputoctets,  acctoutputoctets,              calledstationid,
>>> callingstationid, acctterminatecause,              servicetype,
>>> framedprotocol,   framedipaddress,              acctstartdelay,
>>> acctstopdelay,    xascendsessionsvrkey)           VALUES
>>> ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>>> '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
>>> '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
>>>  '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0',
>>> '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>>>             '%{Service-Type}', '%{Framed-Protocol}',
>>> '%{Framed-IP-Address}',
>>> rlm_sql (sql): Reserving sql socket id: 2
>>> rlm_sql (sql): Released sql socket id: 2
>>> ++[sql] returns ok
>>> ++[exec] returns noop
>>> [attr_filter.accounting_response]       expand: %{User-Name} -> 10021
>>> attr_filter: Matched entry DEFAULT at line 12
>>> ++[attr_filter.accounting_response] returns updated
>>> Sending Accounting-Response of id 56 to xxx.xx.xx.xx port 40276
>>> Finished request 3.
>>> Cleaning up request 3 ID 56 with timestamp +17
>>> Going to the next request
>>> Waking up in 4.8 seconds.
>>>
>>> The condition outputs 23737418240 > 21093361889 RETURNS FALSE .
>>>
>>> On Mon, Aug 8, 2011 at 12:51 PM, Arran Cudbard-Bell
>>> <a.cudbardb at freeradius.org> wrote:
>>>> RFC 2865:
>>>>
>>>>      integer   32 bit unsigned value, most significant octet first.
>>>>
>>>> FreeRADIUS is just a RADIUS server, and the temporary integer attributes are just RADIUS attributes.
>>>>
>>>> -Arran
>>>>
>>>>
>>>>
>>>> On 8 Aug 2011, at 09:11, Suman Dash wrote:
>>>>
>>>>> I am trying to replace sqlcounter with Unland expression in Post Auth
>>>>> Section. The values are successfully called but while storing in
>>>>> Tmp-Interger those are stripped. Below are the logs .
>>>>> As you can see from the logs that Mysql returns a value of 20989570594
>>>>> But it's stored as 3557549056 for Tmp-Integer-0
>>>>>
>>>>> The same happens to Tmp-Integer-1 due to which the expression output
>>>>> becomes FALSE instead of TRUE.
>>>>>
>>>>> Is this the limitation of Tmp-Integer as it is an 32bit int ?
>>>>>
>>>>> ##Post-Auth Section
>>>>>
>>>>> sql
>>>>> update control    {
>>>>>                            Tmp-Integer-0 := "%{sql:SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
>>>>>                                                FROM tbl_acct WHERE
>>>>> UserName='%{User-Name}' \
>>>>>                                                AND
>>>>> MONTH(acctstoptime) = MONTH(NOW()) \
>>>>>                                                AND YEAR(acctstoptime)
>>>>> = YEAR(NOW())}"
>>>>>                            Tmp-Integer-1 := "%{sql:SELECT
>>>>> tbl_groupcheck.value from tbl_groupcheck \
>>>>>                                                JOIN tbl_usergroup on
>>>>> tbl_groupcheck.groupname = tbl_usergroup.groupname \
>>>>>                                                where
>>>>> tbl_usergroup.username = '%{User-Name}'}"
>>>>>                          }
>>>>>                if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") {
>>>>>                                update reply {
>>>>>                                        Mikrotik-Recv-Limit :=
>>>>> "%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}"
>>>>>                                             }
>>>>>                                                                             }
>>>>>                if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") {
>>>>>                                update reply {
>>>>>                                        Reply-Message := "Fair Usage
>>>>> Policy Enforced, Bandwidth Limited"
>>>>>                                        Mikrotik-Rate-Limit :=
>>>>> "128K/256K 128K/256K 128K/256K 180/180 8"
>>>>>                                             }
>>>>>                                                                              }
>>>>> ##MySQL Table
>>>>>
>>>>> mysql> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>> ->     FROM tbl_acct WHERE UserName='10021'
>>>>> ->     AND MONTH(acctstoptime) = MONTH(NOW())
>>>>> ->     AND YEAR(acctstoptime) = YEAR(NOW());
>>>>>
>>>>> +------------------------------------------------------+
>>>>> | IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) |
>>>>> +------------------------------------------------------+
>>>>> |                                          20989570594 |
>>>>> +------------------------------------------------------+
>>>>> 1 row in set (0.00 sec)
>>>>>
>>>>> mysql> SELECT tbl_groupcheck.value from tbl_groupcheck
>>>>> ->            JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>> ->            where tbl_usergroup.username = '10021';
>>>>>
>>>>> +-------------+
>>>>> | value       |
>>>>> +-------------+
>>>>> | 20737418240 |
>>>>> +-------------+
>>>>> 1 row in set (0.00 sec)
>>>>>
>>>>>
>>>>> ##RADIUS DEBUG LOG
>>>>>
>>>>>
>>>>> Finished request 4.
>>>>> Cleaning up request 4 ID 176 with timestamp +15
>>>>> Going to the next request
>>>>> Ready to process requests.
>>>>> rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198,
>>>>> id=236, length=132
>>>>>        Service-Type = Framed-User
>>>>>        Framed-Protocol = PPP
>>>>>        NAS-Port = 56
>>>>>        NAS-Port-Type = Ethernet
>>>>>        User-Name = "10021"
>>>>>        Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
>>>>>        Called-Station-Id = "Internet"
>>>>>        NAS-Port-Id = "LAN"
>>>>>        User-Password = "10021"
>>>>>        NAS-Identifier = "XXX.XXXXXXX"
>>>>>        NAS-IP-Address = XXX.XX.XX.86
>>>>> # Executing section authorize from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group authorize {...}
>>>>> ++[preprocess] returns ok
>>>>> ++[chap] returns noop
>>>>> ++[mschap] returns noop
>>>>> ++[digest] returns noop
>>>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>>>> [suffix] No such realm "NULL"
>>>>> ++[suffix] returns noop
>>>>> [eap] No EAP-Message, not doing EAP
>>>>> ++[eap] returns noop
>>>>> [files] users: Matched entry DEFAULT at line 172
>>>>> ++[files] returns ok
>>>>> [sql]   expand: %{User-Name} -> 10021
>>>>> [sql] sql_set_user escaped user --> '10021'
>>>>> rlm_sql (sql): Reserving sql socket id: 3
>>>>> [sql]   expand: SELECT id, username, attribute, value, op
>>>>> FROM tbl_check           WHERE username = '%{SQL-User-Name}'
>>>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>>>> FROM tbl_check           WHERE username = '10021'           ORDER BY
>>>>> id
>>>>> [sql] User found in radcheck table
>>>>> [sql]   expand: SELECT id, username, attribute, value, op
>>>>> FROM tbl_reply           WHERE username = '%{SQL-User-Name}'
>>>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>>>> FROM tbl_reply           WHERE username = '10021'           ORDER BY
>>>>> id
>>>>> [sql]   expand: SELECT groupname           FROM tbl_usergroup
>>>>> WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
>>>>> SELECT groupname           FROM tbl_usergroup           WHERE username
>>>>> = '10021'           ORDER BY priority
>>>>> [sql]   expand: SELECT id, groupname, attribute,           Value, op
>>>>>        FROM tbl_groupcheck           WHERE groupname = '%{Sql-Group}'
>>>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>>>> Value, op           FROM tbl_groupcheck           WHERE groupname =
>>>>> 'TEST-10G'           ORDER BY id
>>>>> [sql] User found in group TEST-10G
>>>>> [sql]   expand: SELECT id, groupname, attribute,           value, op
>>>>>        FROM tbl_groupreply           WHERE groupname = '%{Sql-Group}'
>>>>>          ORDER BY id -> SELECT id, groupname, attribute,
>>>>> value, op           FROM tbl_groupreply           WHERE groupname =
>>>>> 'TEST-10G'           ORDER BY id
>>>>> rlm_sql (sql): Released sql socket id: 3
>>>>> ++[sql] returns ok
>>>>> rlm_checkval: Item Name: Calling-Station-Id, Value: XX:XX:XX:BA:8A:3B
>>>>> rlm_checkval: Value Name: Calling-Station-Id, Value: XX:XX:XX:BA:8A:3B
>>>>> ++[checkval] returns ok
>>>>> [expiration] Checking Expiration time: '1 Sep 2011'
>>>>> ++[expiration] returns ok
>>>>> ++[logintime] returns noop
>>>>> ++[pap] returns updated
>>>>> Found Auth-Type = PAP
>>>>> # Executing group from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group PAP {...}
>>>>> [pap] login attempt with password "XXXXX"
>>>>> [pap] Using CRYPT password "XXXXXXXXXXXXXX"
>>>>> [pap] User authenticated successfully
>>>>> ++[pap] returns ok
>>>>> # Executing section session from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group session {...}
>>>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>>>> /var/log/freeradius/radutmp
>>>>> [radutmp]       expand: %{User-Name} -> 10021
>>>>> ++[radutmp] returns ok
>>>>> # Executing section post-auth from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group post-auth {...}
>>>>> [sql]   expand: %{User-Name} -> 10021
>>>>> [sql] sql_set_user escaped user --> '10021'
>>>>> [sql]   expand: %{User-Password} -> XXXXX
>>>>> [sql]   expand: INSERT INTO tbl_postauth
>>>>> (username, pass, reply, authdate)                           VALUES (
>>>>>                        '%{User-Name}',
>>>>> '%{%{User-Password}:-%{Chap-Password}}',
>>>>> '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth
>>>>>             (username, pass, reply, authdate)
>>>>>  VALUES (                           '10021',
>>>>> '10021',                           'Access-Accept', '2011-08-08
>>>>> 00:27:25')
>>>>> rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth
>>>>>                    (username, pass, reply, authdate)
>>>>>         VALUES (                           '10021',
>>>>>        '10021',                           'Access-Accept',
>>>>> '2011-08-08 00:27:25')
>>>>> rlm_sql (sql): Reserving sql socket id: 2
>>>>> rlm_sql (sql): Released sql socket id: 2
>>>>> ++[sql] returns ok
>>>>> sql_xlat
>>>>>        expand: %{User-Name} -> 10021
>>>>> sql_set_user escaped user --> '10021'
>>>>>        expand: SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>>               FROM tbl_acct WHERE UserName='%{User-Name}'
>>>>>               AND MONTH(acctstoptime) = MONTH(NOW())
>>>>>               AND YEAR(acctstoptime) = YEAR(NOW()) -> SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>>               FROM tbl_acct WHERE UserName='10021'
>>>>>               AND MONTH(acctstoptime) = MONTH(NOW())
>>>>>               AND YEAR(acctstoptime) = YEAR(NOW())
>>>>> rlm_sql (sql): Reserving sql socket id: 1
>>>>> sql_xlat finished
>>>>> rlm_sql (sql): Released sql socket id: 1
>>>>>        expand: %{sql:SELECT
>>>>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
>>>>>               FROM tbl_acct WHERE UserName='%{User-Name}'
>>>>>               AND MONTH(acctstoptime) = MONTH(NOW())
>>>>>               AND YEAR(acctstoptime) = YEAR(NOW())} -> 20989570594
>>>>> sql_xlat
>>>>>        expand: %{User-Name} -> 10021
>>>>> sql_set_user escaped user --> '10021'
>>>>>        expand: SELECT tbl_groupcheck.value from tbl_groupcheck
>>>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>>               where tbl_usergroup.username = '%{User-Name}' -> SELECT
>>>>> tbl_groupcheck.value from tbl_groupcheck
>>>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>>               where tbl_usergroup.username = '10021'
>>>>> rlm_sql (sql): Reserving sql socket id: 0
>>>>> sql_xlat finished
>>>>> rlm_sql (sql): Released sql socket id: 0
>>>>>        expand: %{sql:SELECT tbl_groupcheck.value from tbl_groupcheck
>>>>>               JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
>>>>>               where tbl_usergroup.username = '%{User-Name}'} -> 20737418240
>>>>> ++[control] returns ok
>>>>> ++? if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}")
>>>>>        expand: %{control:Tmp-Integer-1} -> 3557549056
>>>>>        expand: %{control:Tmp-Integer-0} -> 3809701410
>>>>> ? Evaluating ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") -> FALSE
>>>>> ++? if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") -> FALSE
>>>>> ++? if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}")
>>>>>        expand: %{control:Tmp-Integer-1} -> 3557549056
>>>>>        expand: %{control:Tmp-Integer-0} -> 3809701410
>>>>> ? Evaluating ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") -> TRUE
>>>>> ++? if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") -> TRUE
>>>>> ++- entering if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") {...}
>>>>> +++[reply] returns ok
>>>>> ++- if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") returns ok
>>>>> ++[exec] returns noop
>>>>> Sending Access-Accept of id 236 to XXX.XX.XX.86 port 44198
>>>>>        Framed-Protocol = PPP
>>>>>        Framed-Compression = Van-Jacobson-TCP-IP
>>>>>        Framed-MTU = 1472
>>>>>        Idle-Timeout = 300
>>>>>        Reply-Message = "Fair Usage Policy Enforced, Bandwidth Limited"
>>>>>        Mikrotik-Rate-Limit = "128K/256K 128K/256K 128K/256K 180/180 8"
>>>>>        Framed-Netmask = 255.255.255.0
>>>>>        Session-Timeout = 2071955
>>>>> Finished request 5.
>>>>> Going to the next request
>>>>> Waking up in 4.9 seconds.
>>>>> rad_recv: Accounting-Request packet from host XXX.XX.XX.86 port 45096,
>>>>> id=237, length=154
>>>>>        Service-Type = Framed-User
>>>>>        Framed-Protocol = PPP
>>>>>        NAS-Port = 56
>>>>>        NAS-Port-Type = Ethernet
>>>>>        User-Name = "10021"
>>>>>        Calling-Station-Id = "XX:XX:XX:BA:8A:3B"
>>>>>        Called-Station-Id = " Internet"
>>>>>        NAS-Port-Id = "LAN"
>>>>>        Acct-Session-Id = "81800034"
>>>>>        Framed-IP-Address = XXX.XX.XX.250
>>>>>        Acct-Authentic = RADIUS
>>>>>        Event-Timestamp = "Aug  8 2011 00:27:23 IST"
>>>>>        Acct-Status-Type = Start
>>>>>        NAS-Identifier = "XXX.XXXXXXX"
>>>>>        NAS-IP-Address = XXX:XX:XX.86
>>>>>        Acct-Delay-Time = 0
>>>>> # Executing section preacct from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group preacct {...}
>>>>> ++[preprocess] returns ok
>>>>> [acct_unique] Hashing 'NAS-Port = 56,Client-IP-Address =
>>>>> XXX.XX.XX.86,NAS-IP-Address = XXX.XX.XX.86,Acct-Session-Id =
>>>>> "81800034",User-Name = "10021"'
>>>>> [acct_unique] Acct-Unique-Session-ID = "e99f1594c7c50876".
>>>>> ++[acct_unique] returns ok
>>>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>>>> [suffix] No such realm "NULL"
>>>>> ++[suffix] returns noop
>>>>> ++[files] returns noop
>>>>> # Executing section accounting from file /etc/freeradius/sites-enabled/default
>>>>> +- entering group accounting {...}
>>>>> [detail]        expand:
>>>>> /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
>>>>> /var/log/freeradius/radacct/125.20.80.86/detail-20110808
>>>>> [detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
>>>>> expands to /var/log/freeradius/radacct/125.20.80.86/detail-20110808
>>>>> [detail]        expand: %t -> Mon Aug  8 00:27:25 2011
>>>>> ++[detail] returns ok
>>>>> ++[unix] returns ok
>>>>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>>>>> /var/log/freeradius/radutmp
>>>>> [radutmp]       expand: %{User-Name} -> 10021
>>>>> ++[radutmp] returns ok
>>>>> [sql]   expand: %{User-Name} -> 10021
>>>>> [sql] sql_set_user escaped user --> '10021'
>>>>> [sql]   expand: %{Acct-Delay-Time} -> 0
>>>>> [sql]   expand:            INSERT INTO tbl_acct
>>>>> (acctsessionid,    acctuniqueid,     username,              realm,
>>>>>       nasipaddress,     nasportid,              nasporttype,
>>>>> acctstarttime,    acctstoptime,              acctsessiontime,
>>>>> acctauthentic,    connectinfo_start,              connectinfo_stop,
>>>>> acctinputoctets,  acctoutputoctets,              calledstationid,
>>>>> callingstationid, acctterminatecause,              servicetype,
>>>>> framedprotocol,   framedipaddress,              acctstartdelay,
>>>>> acctstopdelay,    xascendsessionsvrkey)           VALUES
>>>>> ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>>>>> '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
>>>>> '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
>>>>>  '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0',
>>>>> '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>>>>>             '%{Service-Type}', '%{Framed-Protocol}',
>>>>> '%{Framed-IP-Address}',
>>>>> rlm_sql (sql): Reserving sql socket id: 4
>>>>> rlm_sql (sql): Released sql socket id: 4
>>>>> ++[sql] returns ok
>>>>> ++[exec] returns noop
>>>>> [attr_filter.accounting_response]       expand: %{User-Name} -> 10021
>>>>> attr_filter: Matched entry DEFAULT at line 12
>>>>> ++[attr_filter.accounting_response] returns updated
>>>>> Sending Accounting-Response of id 237 to XXX.XX.XX.86 port 45096
>>>>> Finished request 6.
>>>>> Cleaning up request 6 ID 237 with timestamp +18
>>>>> Going to the next request
>>>>> Waking up in 4.8 seconds.
>>>>> -
>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>>
>>>>
>>>> Arran Cudbard-Bell
>>>> a.cudbardb at freeradius.org
>>>>
>>>> RADIUS - Half the complexity of Diameter
>>>>
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>
>> Arran Cudbard-Bell
>> a.cudbardb at freeradius.org
>>
>> RADIUS - Half the complexity of Diameter
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>




More information about the Freeradius-Users mailing list