suffix not work for me

Tony Peña emperor.cu at gmail.com
Thu Sep 27 17:34:57 CEST 2012


hi again... i try to get suffix work but i guess missing something... here
some debugs and confs

rad_recv: Access-Request packet from host 10.10.64.67 port 16829, id=53,
length=208
        Framed-Protocol = PPP
        User-Name = "*usertest at my.domain.cu*"
        User-Password = "*secret*"
        NAS-Port-Type = Async
        Calling-Station-Id = "123456789"
        Called-Station-Id = "987654321"
        Connect-Info = "44000/28800 V90/V44/LAPM"
        Cisco-AVPair = "v92-info=V.92 QC/QC Short Train Success/0/0"
        NAS-Port = 443
        NAS-Port-Id = "Async3/11*E1 7/0:7"
        Service-Type = Framed-User
        NAS-IP-Address = 10.10.64.67
# Executing section authorize from file
/etc/freeradius/sites-available/default
+- entering group authorize {...}
[preprocess]   hints: Matched DEFAULT at 36
++[preprocess] returns ok
++- entering policy filter_username {...}
+++? if (User-Name =~ /^ /)
? Evaluating (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ / $$/)
? Evaluating (User-Name =~ / $$/) -> FALSE
+++? if (User-Name =~ / $$/) -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}")
        expand: %{User-Name} -> *usertest at my.domain.cu*
        expand: %{tolower:%{User-Name}} -> *usertest at my.domain.cu*
? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
++- policy filter_username returns ok
*[suffix] No '@' in User-Name = "usertest", looking up realm NULL
         <---why not found '@' if is coming in radius packet and check in
the conf???*
[suffix] No such realm "NULL"
++[suffix] returns noop
[ldap] performing user authorization for *usertest*
[ldap]  expand: %{Stripped-User-Name} -> *usertest*
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=*
usertest*)                   *<---------- this works stripped-user-name OK*
[ldap]  expand: ou=group,ou=my,dc=domain,dc=cu ->
ou=group,ou=my,dc=domain,dc=cu
.
*checking user/pass works fine... now check monthlycounter to compare
hours..*
.
[monthlycounter1] sql_xlat
[monthlycounter1] WARNING: Deprecated conditional expansion ":-".  See "man
unlang" for details
[monthlycounter1]       expand:
%{Stripped-User-Name:-%{User-Name:-DEFAULT}} -> *usertest*
[monthlycounter1] sql_set_user escaped user --> '*usertest*'

*IF stripped-user-name works here at monthlycounter why the query not use
it! and use user with realm??/*

[monthlycounter1]       expand: SELECT SUM(acctsessiontime -
   GREATEST((1346472000 - UNIX_TIMESTAMP(acctstarttime)), 0))
   FROM radacct WHERE username='*usertest at my.domain.cu*' AND
   UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1346472000' -> SELECT
SUM(acctsessiontime -                  GREATEST((1346472000 -
UNIX_TIMESTAMP(acctstarttime)), 0))                  FROM radacct WHERE
username='*usertest at my.domain.cu*' AND
 UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1346472000'
rlm_sql (sql1): Reserving sql socket id: 4
[monthlycounter1] row[0] returned NULL
rlm_sql (sql1): Released sql socket id: 4
[monthlycounter1]       expand: %{sql1:SELECT SUM(acctsessiontime -
         GREATEST((1346472000 - UNIX_TIMESTAMP(acctstarttime)), 0))
         FROM radacct WHERE username='*usertest at my.domain.cu*' AND
         UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1346472000'} ->
*rlm_sqlcounter: No integer found in string ""    <------------- must be
found integer to compare with max-monthly-session, in database i have only
usernames, not with realms*
+++[monthlycounter1] returns noop

hints confs

*DEFAULT Suffix == "@my.domain.cu", Strip-User-Name = Yes*
        Hint = "userdefault",
        Service-Type = Framed-User,
        Framed-Protocol = PPP,

site-available/default

# cat sites-available/default | egrep -v '\#|^$'
authorize {
        preprocess
        filter_username
        *suffix*
        ldap
        redundant-load-balance {
                monthlycounter1
                monthlycounter2
        }
        checkval1
        checkval2
        checkval3

        expiration
        logintime
        pap
}
authenticate {
        Auth-Type PAP {
                pap
        }
        Auth-Type LDAP {
                ldap
        }
}
preacct {
        preprocess
        acct_unique
        *suffix*
}
accounting {
        redundant-load-balance {
                sql1
                sql2
        }
}
session {
        load-balance {
                sql1
                sql2
        }
}
post-auth {
        Post-Auth-Type REJECT {
                attr_filter.access_reject
        }
}
pre-proxy {
}
post-proxy {
}


thanxs for any help.

-- 
Antonio Peña
Secure email with PGP 0x8B021001 available at http://pgp.mit.edu
 Fingerprint: 74E6 2974 B090 366D CE71  7BB2 6476 FA09 8B02 1001
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120927/d5a17716/attachment-0001.html>


More information about the Freeradius-Users mailing list