Working on ip pool, user group, profile and realm with mySQL
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Tue Jan 13 12:07:42 CET 2015
Hi,
Accroding to http://wiki.freeradius.org/guide/SQL-HOWTO,
I try to use assign IP address from (IP-Pool = turkcell) my client after
my realm (motp) accept user.
I configure my database (Mysql) show below. But A get Accept-Reject always.
What is the mistake, have u hint?
mysql> select *from radcheck ;
+----+------------+--------------------+----+-------+
| id | username | attribute | op | value |
+----+------------+--------------------+----+-------+
| 9 | freeradius | Cleartext-Password | = | test |
+----+------------+--------------------+----+-------+
mysql> select *from radgroupcheck;
Empty set (0.00 sec)
mysql> select *from radgroupreply ;
+----+---------------+----------------+----+----------+
| id | groupname | attribute | op | value |
+----+---------------+----------------+----+----------+
| 1 | turkcell-motp | Proxy-To-Realm | := | motp |
| 2 | turkcell-motp | Pool-Name | := | turkcell |
+----+---------------+----------------+----+----------+
2 rows in set (0.00 sec)
mysql> select * from radippool;
+----+-----------+-----------------+--------------+-----------------+------------------+---------------------+------------------+----------+
| id | pool_name | framedipaddress | nasipaddress | calledstationid |
callingstationid | expiry_time | username | pool_key |
+----+-----------+-----------------+--------------+-----------------+------------------+---------------------+------------------+----------+
| 1 | turkcell | 10.1.1.181 | | | |
2015-01-12 17:39:27 | tevfikceydeliler | |
| 2 | turkcell | 10.1.1.182 | | | |
NULL | | 0 |
| 3 | turkcell | 10.1.1.183 | | | |
NULL | | 0 |
| 4 | turkcell | 10.1.1.184 | | | |
NULL | | 0 |
| 5 | vodafone | 10.1.1.191 | | | |
NULL | | 0 |
| 6 | vodafone | 10.1.1.192 | | | |
NULL | | |
| 7 | vodafone | 10.1.1.193 | | | |
NULL | | |
| 8 | vodafone | 10.1.1.194 | | | |
NULL | | |
+----+-----------+-----------------+--------------+-----------------+------------------+---------------------+------------------+----------+
mysql> select * from radusergroup;
+------------+---------------+----------+
| username | groupname | priority |
+------------+---------------+----------+
| freeradius | turkcell-motp | 0 |
+------------+---------------+----------+
And here is output of "freeradius -XXX" command:
...
...
Tue Jan 13 13:06:10 2015 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 10.65.8.117 port 51506, id=19,
length=50
User-Name = "freeradius"
User-Password = "123456"
Tue Jan 13 13:06:18 2015 : Info: # Executing section authorize from file
/etc/freeradius/sites-enabled/default
Tue Jan 13 13:06:18 2015 : Info: +- entering group authorize {...}
Tue Jan 13 13:06:18 2015 : Info: [suffix] No '@' in User-Name =
"freeradius", looking up realm NULL
Tue Jan 13 13:06:18 2015 : Info: [suffix] No such realm "NULL"
Tue Jan 13 13:06:18 2015 : Info: ++[suffix] returns noop
Tue Jan 13 13:06:18 2015 : Info: ++[files] returns noop
Tue Jan 13 13:06:18 2015 : Info: [sql] expand: %{Stripped-User-Name} ->
Tue Jan 13 13:06:18 2015 : Info: [sql] sql_set_user escaped user --> ''
Tue Jan 13 13:06:18 2015 : Debug: rlm_sql (sql): Reserving sql socket
id: 148
Tue Jan 13 13:06:18 2015 : Info: [sql] expand: SELECT id, username,
attribute, value, op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radcheck WHERE username =
'' ORDER BY id
Tue Jan 13 13:06:18 2015 : Info: [sql] expand: SELECT
groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'' ORDER BY priority
Tue Jan 13 13:06:18 2015 : Debug: rlm_sql (sql): Released sql socket id: 148
Tue Jan 13 13:06:18 2015 : Info: [sql] User not found
Tue Jan 13 13:06:18 2015 : Info: ++[sql] returns notfound
Tue Jan 13 13:06:18 2015 : Info: ERROR: No authenticate method
(Auth-Type) found for the request: Rejecting the user
Tue Jan 13 13:06:18 2015 : Info: Failed to authenticate the user.
Tue Jan 13 13:06:18 2015 : Info: Using Post-Auth-Type Reject
Tue Jan 13 13:06:18 2015 : Info: # Executing group from file
/etc/freeradius/sites-enabled/default
Tue Jan 13 13:06:18 2015 : Info: +- entering group REJECT {...}
Tue Jan 13 13:06:18 2015 : Info: [attr_filter.access_reject] expand:
%{User-Name} -> freeradius
Tue Jan 13 13:06:18 2015 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Tue Jan 13 13:06:18 2015 : Info: ++[attr_filter.access_reject] returns
updated
Tue Jan 13 13:06:18 2015 : Info: Delaying reject of request 0 for 1 seconds
Tue Jan 13 13:06:18 2015 : Debug: Going to the next request
Tue Jan 13 13:06:18 2015 : Debug: Waking up in 0.9 seconds.
Tue Jan 13 13:06:19 2015 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 19 to 10.65.8.117 port 51506
Tue Jan 13 13:06:19 2015 : Debug: Waking up in 4.9 seconds.
Tue Jan 13 13:06:24 2015 : Info: Cleaning up request 0 ID 19 with
timestamp +8
Tue Jan 13 13:06:24 2015 : Info: Ready to process requests.
Regards.
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list