About Proxy-realm and ip-pool
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Wed Jan 7 16:56:57 CET 2015
Hi,
I try to build a topology like that:
Freeradius receives authentication requests and sends to two OTP server
according to user is defined.
Then, if OTP server accept password freeradius authorizes user and
assign an IP address from IP pool which defined on user attribute.
For this,
I write this configuration In proxy.conf file:
home_server motp_1 {
type = auth+acct
ipaddr = 10.1.1.52
port = 1812
secret = test
status_check = status-server
}
home_server motp_2 {
type = auth+acct
ipaddr = 10.43.1.52
port = 1812
secret = test
status_check = status-server
}
home_server_pool motp {
type = fail-over
home_server = motp_1
home_server = motp_2
}
realm motp {
pool = motp
nostrip
}
and users:
tevfikceydeliler Proxy-To-Realm := motp
Framed-Protocol := PPP,
Pool-Name := turkcell
??? Altough this configs, user can get IP adddress from Pool. ??
log file says (cropped):
...
rad_recv: Access-Request packet from host 10.65.8.117 port 63687, id=13,
length=56
User-Name = "tevfikceydeliler"
User-Password = "8704cb"
Wed Jan 7 15:40:27 2015 : Info: # Executing section authorize from file
/etc/freeradius/sites-enabled/default
Wed Jan 7 15:40:27 2015 : Info: +- entering group authorize {...}
Wed Jan 7 15:40:27 2015 : Info: ++[preprocess] returns ok
Wed Jan 7 15:40:27 2015 : Info: sql_xlat
Wed Jan 7 15:40:27 2015 : Info: expand: %{User-Name} ->
tevfikceydeliler
Wed Jan 7 15:40:27 2015 : Info: sql_set_user escaped user -->
'tevfikceydeliler'
Wed Jan 7 15:40:27 2015 : Info: expand: select groupname from
radhuntgroup where nasipaddress="%{NAS-IP-Address}" -> select groupname
from ra
dhuntgroup where nasipaddress="10.65.8.117"
Wed Jan 7 15:40:27 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 3
Wed Jan 7 15:40:27 2015 : Info: SQL query did not return any results
Wed Jan 7 15:40:27 2015 : Debug: rlm_sql (sql): Released sql socket id: 3
Wed Jan 7 15:40:27 2015 : Info: expand: %{sql:select groupname from
radhuntgroup where nasipaddress="%{NAS-IP-Address}"} ->
Wed Jan 7 15:40:27 2015 : Info: ++[request] returns ok
Wed Jan 7 15:40:27 2015 : Info: ++[chap] returns noop
Wed Jan 7 15:40:27 2015 : Info: ++[mschap] returns noop
Wed Jan 7 15:40:27 2015 : Info: [suffix] No '@' in User-Name =
"tevfikceydeliler", looking up realm NULL
Wed Jan 7 15:40:27 2015 : Info: [suffix] No such realm "NULL"
Wed Jan 7 15:40:27 2015 : Info: ++[suffix] returns noop
Wed Jan 7 15:40:27 2015 : Info: [eap] No EAP-Message, not doing EAP
Wed Jan 7 15:40:27 2015 : Info: ++[eap] returns noop
Wed Jan 7 15:40:27 2015 : Info: ++[unix] returns notfound
Wed Jan 7 15:40:27 2015 : Info: [files] users: Matched entry
tevfikceydeliler at line 205
Wed Jan 7 15:40:27 2015 : Info: ++[files] returns ok
Wed Jan 7 15:40:27 2015 : Info: [sql] expand: %{User-Name} ->
tevfikceydeliler
Wed Jan 7 15:40:27 2015 : Info: [sql] sql_set_user escaped user -->
'tevfikceydeliler'
Wed Jan 7 15:40:27 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 2
Wed Jan 7 15:40:27 2015 : Info: [sql] expand: SELECT id, username,
attribute, value, op FROM radcheck WHERE username = '%{SQL-U
ser-Name}' ORDER BY id -> SELECT id, username, attribute,
value, op FROM radcheck WHERE username =
'tevfikceydeliler'
ORDER BY id
Wed Jan 7 15:40:27 2015 : Info: [sql] User found in radcheck table
Wed Jan 7 15:40:27 2015 : Info: [sql] expand: SELECT id, username,
attribute, value, op FROM radreply WHERE username = '%{SQL-U
ser-Name}' ORDER BY id -> SELECT id, username, attribute,
value, op FROM radreply WHERE username =
'tevfikceydeliler'
ORDER BY id
Wed Jan 7 15:40:27 2015 : Info: [sql] expand: SELECT
groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'tevfikceydeliler' ORDER BY priority
Wed Jan 7 15:40:27 2015 : Info: [sql] expand: SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE gro
upname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE gr
oupname = 'Turkcell_motp' ORDER BY id
Wed Jan 7 15:40:27 2015 : Info: [sql] User found in group Turkcell_motp
Wed Jan 7 15:40:27 2015 : Info: [sql] expand: SELECT id, groupname,
attribute, value, op FROM radgroupreply
WHERE gro
upname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply
WHERE gr
oupname = 'Turkcell_motp' ORDER BY id
Wed Jan 7 15:40:27 2015 : Debug: rlm_sql (sql): Released sql socket id: 2
Wed Jan 7 15:40:27 2015 : Info: ++[sql] returns ok
Wed Jan 7 15:40:27 2015 : Debug: rlm_sqlcounter: Entering module
authorize code
Wed Jan 7 15:40:27 2015 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Wed Jan 7 15:40:27 2015 : Info: ++[dailycounter] returns noop
Wed Jan 7 15:40:27 2015 : Debug: rlm_sqlcounter: Entering module
authorize code
Wed Jan 7 15:40:27 2015 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Wed Jan 7 15:40:27 2015 : Info: ++[monthlycounter] returns noop
Wed Jan 7 15:40:27 2015 : Debug: rlm_sqlcounter: Entering module
authorize code
Wed Jan 7 15:40:27 2015 : Debug: rlm_sqlcounter: Could not find Check
item value pair
Wed Jan 7 15:40:27 2015 : Info: ++[weeklycounter] returns noop
Wed Jan 7 15:40:27 2015 : Debug: rlm_sqlcounter: Entering module
authorize code
...
...
Wed Jan 7 15:40:27 2015 : Info: ++[pap] returns noop
Wed Jan 7 15:40:27 2015 : Info: WARNING: Empty pre-proxy section.
Using default return values.
Sending Access-Request of id 12 to 10.1.1.52 port 1812
User-Name = "tevfikceydeliler"
User-Password = "8704cb"
NAS-IP-Address = 10.65.8.117
Proxy-State = 0x3133
Wed Jan 7 15:40:27 2015 : Info: Proxying request 0 to home server
10.1.1.52 port 1812
Sending Access-Request of id 12 to 10.1.1.52 port 1812
User-Name = "tevfikceydeliler"
User-Password = "8704cb"
NAS-IP-Address = 10.65.8.117
Proxy-State = 0x3133
Wed Jan 7 15:40:27 2015 : Debug: Going to the next request
Wed Jan 7 15:40:27 2015 : Debug: Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 10.1.1.52 port 1812, id=12,
length=39
Reply-Message = "Hello Friend!"
Proxy-State = 0x3133
Wed Jan 7 15:40:28 2015 : Info: # Executing section post-proxy from
file /etc/freeradius/sites-enabled/default
Wed Jan 7 15:40:28 2015 : Info: +- entering group post-proxy {...}
Wed Jan 7 15:40:28 2015 : Info: [eap] No pre-existing handler found
Wed Jan 7 15:40:28 2015 : Info: ++[eap] returns noop
Wed Jan 7 15:40:28 2015 : Info: Found Auth-Type = Accept
Wed Jan 7 15:40:28 2015 : Info: Auth-Type = Accept, accepting the user
Wed Jan 7 15:40:28 2015 : Info: # Executing section post-auth from file
/etc/freeradius/sites-enabled/default
Wed Jan 7 15:40:28 2015 : Info: +- entering group post-auth {...}
Wed Jan 7 15:40:28 2015 : Info: [sql] expand: %{User-Name} ->
tevfikceydeliler
Wed Jan 7 15:40:28 2015 : Info: [sql] sql_set_user escaped user -->
'tevfikceydeliler'
Wed Jan 7 15:40:28 2015 : Info: [sql] expand: %{User-Password} ->
8704cb
Wed Jan 7 15:40:28 2015 : Info: [sql] expand: INSERT INTO
radpostauth (username, pass, reply, authdate)
VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO
radpostauth (username, pass, reply,
authdate) VA
LUES ( 'tevfikceydeliler', '8704cb',
'Access-Accept', '2015-01-07 15:40
:27')
Wed Jan 7 15:40:28 2015 : Debug: rlm_sql (sql) in sql_postauth: query
is INSERT INTO radpostauth (username, pass, reply, a
uthdate) VALUES ( 'tevfikceydeliler', '8704cb',
'Access-Accept', '2015-01-07 15:40:27')
Wed Jan 7 15:40:28 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 1
Wed Jan 7 15:40:28 2015 : Debug: rlm_sql (sql): Released sql socket id: 1
Wed Jan 7 15:40:28 2015 : Info: ++[sql] returns ok
Wed Jan 7 15:40:28 2015 : Info: ++[exec] returns noop
Sending Access-Accept of id 13 to 10.65.8.117 port 63687
Reply-Message = "Hello Friend!"
Wed Jan 7 15:40:28 2015 : Info: Finished request 0.
Wed Jan 7 15:40:28 2015 : Debug: Going to the next request
Wed Jan 7 15:40:28 2015 : Debug: Waking up in 4.9 seconds.
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list