Virtual server can't set reply attributes
Paul
ensoniqpb at gmail.com
Fri Sep 5 16:26:03 CEST 2014
Alan wrote:
> That's wrong. Why are you using Cisco-AVPair twice? It should be:
> Cisco-AVPair
> +=
> "ip:inacl=ACL_VIRT_SECURE_IN"
I just badly pasted. The SQL table is fine.
> OK... and what does the debug log look like for 2.2.5? Are you using the same SQL tables? Or different ones?
The same tables. 2.2.5 output:
rad_recv: Access-Request packet from host 193.151.53.4 port 1645,
id=59, length=121
Framed-Protocol = PPP
User-Name = "test1"
CHAP-Password = 0x0123554ba1746f7fd30486bd0bd46c39de
Calling-Station-Id = "0024.c435.f7e4"
NAS-Port-Type = Ethernet
NAS-Port = 33554632
NAS-Port-Id = "0/0/2/200"
Connect-Info = "POL_Vlan200_500M"
Service-Type = Framed-User
NAS-IP-Address = 193.151.53.4
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/srv_default
+group authorize {
++[preprocess] = ok
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "test1"
[suffix] Adding Realm = "NULL"
[suffix] Proxying request from user test1 to realm NULL
[suffix] Preparing to proxy authentication request to realm "NULL"
++[suffix] = updated
+} # group authorize = updated
WARNING: Empty pre-proxy section. Using default return values.
>>> Sending proxied request internally to virtual server.
server srv_null {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/srv_null
+group authorize {
++[preprocess] = ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] = ok
[files] users: Matched entry DEFAULT at line 172
++[files] = ok
[sql] expand: %{Stripped-User-Name} -> test1
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> test1
[sql] sql_set_user escaped user --> 'test1'
rlm_sql (sql): Reserving sql socket id: 26
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = BINARY '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = BINARY 'test1'
ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = BINARY '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = BINARY 'test1'
ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = BINARY '%{SQL-User-Name}' ORDER BY priority
-> SELECT groupname FROM radusergroup WHERE
username = BINARY 'test1' ORDER BY priority
rlm_sql (sql): Released sql socket id: 26
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
+} # group authorize = ok
Found Auth-Type = CHAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/srv_null
+group CHAP {
[chap] login attempt by "test1" with CHAP password
[chap] Using clear text password "test121" for user test1 authentication.
[chap] chap user test1 authenticated succesfully
++[chap] = ok
+} # group CHAP = ok
WARNING: Empty post-auth section. Using default return values.
} # server srv_null
Going to the next request
<<< Received proxied response code 2 from internal virtual server.
WARNING: Empty post-proxy section. Using default return values.
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/srv_default
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/srv_default
Sending Access-Accept of id 59 to 193.151.53.4 port 1645
Framed-Protocol = PPP
Cisco-AVPair += "ip:inacl=ACL_VIRT_SECURE_IN"
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
--
Regards,
Paul
More information about the Freeradius-Users
mailing list