Attribute NOT being returned in access-accept but is returned in Access-Challenge

Jake He jake.he at gmail.com
Sat Jun 27 14:51:12 CEST 2015


I fixed it!

I called my perl script in inner-tunner server not in the default server.
Now the final Access-Accept have the Mikrotik-Total-Limit.

Thank you.

On 27 June 2015 at 13:34, Jake He <jake.he at gmail.com> wrote:

> Thank you Alan.
>
> Mikrotik-Total-Limit is set in server default. But when virtual server
> inner-tunnel is called. The sql over write the Mikrotik-Total-Limit. This
> is my understanding of what happened.
>
> Is there a way for inner-tunnel not to set the reply attributes again?
>
> Jake
>
> (7) Virtual server inner-tunnel received request
> (7)   EAP-Message = 0x02010016041045307f80005829c45ec3c5a20be7bc6c
> (7)   User-Name = 'jake'
> (7)   State = 0xc7faab94c7fbaf949e6d25fbda29b50d
> (7) server inner-tunnel {
> (7)   session-state: No cached attributes
> (7)   # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
> (7)     authorize {
> (7)       [chap] = noop
> (7)       [mschap] = noop
> (7) suffix: Checking for suffix after "@"
> (7) suffix: No '@' in User-Name = "jake", looking up realm NULL
> (7) suffix: No such realm "NULL"
> (7)       [suffix] = noop
> (7)       update control {
> (7)         &Proxy-To-Realm := LOCAL
> (7)       } # update control = noop
> (7) eap: Peer sent code Response (2) ID 1 length 22
> (7) eap: No EAP Start, assuming it's an on-going EAP conversation
> (7)       [eap] = updated
> (7)       [files] = noop
> (7) sql: EXPAND %{User-Name}
> (7) sql:    --> jake
> (7) sql: SQL-User-Name set to 'jake'
> rlm_sql (sql): Reserved connection (4)
> (7) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = '%{SQL-User-Name}' ORDER BY id
> (7) sql:    --> SELECT id, username, attribute, value, op FROM radcheck
> WHERE username = 'jake' ORDER BY id
> (7) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radcheck WHERE username = 'jake' ORDER BY id
> (7) sql: User found in radcheck table
> (7) sql: Conditional check items matched, merging assignment check items
> (7) sql:   Cleartext-Password := 'fheman123'
> (7) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
> WHERE username = '%{SQL-User-Name}' ORDER BY id
> (7) sql:    --> SELECT id, username, attribute, value, op FROM radreply
> WHERE username = 'jake' ORDER BY id
> (7) sql: Executing select query: SELECT id, username, attribute, value, op
> FROM radreply WHERE username = 'jake' ORDER BY id
> (7) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
> '%{SQL-User-Name}' ORDER BY priority
> (7) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'jake'
> ORDER BY priority
> (7) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
> username = 'jake' ORDER BY priority
> (7) sql: User found in the group table
> (7) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id
> (7) sql:    --> SELECT id, groupname, attribute, Value, op FROM
> radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
> (7) sql: Executing select query: SELECT id, groupname, attribute, Value,
> op FROM radgroupcheck WHERE groupname = '14kimberleyst' ORDER BY id
> (7) sql: Group "14kimberleyst": Conditional check items matched
> (7) sql: Group "14kimberleyst": Merging assignment check items
> (7) sql:   Reset-Date := '13'
> (7) sql:   Total-Bytes := '999999999999999999'
> (7) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id
> (7) sql:    --> SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
> (7) sql: Executing select query: SELECT id, groupname, attribute, value,
> op FROM radgroupreply WHERE groupname = '14kimberleyst' ORDER BY id
> (7) sql: Group "14kimberleyst": Merging reply items
> (7) sql:   Session-Timeout := 10800
> (7) sql:   Mikrotik-Total-Limit := 1
>
> On 27 June 2015 at 01:24, Alan DeKok <aland at deployingradius.com> wrote:
>
>> On Jun 26, 2015, at 12:08 PM, Jake He <jake.he at gmail.com> wrote:
>> > Sorry, I make a mistake. I am using Mikrotik-Total-Limit not
>> > Mikrotik-Recv-Limit.
>>
>>   Describing the problem correctly helps.
>>
>> > This is the debug for my perl script.
>> > (1) check_usage: &reply:Session-Timeout = $RAD_REPLY{'Session-Timeout'}
>> ->
>> > '10800'
>> > (1) check_usage: &reply:Mikrotik-Total-Limit-Gigawords =
>> > $RAD_REPLY{'Mikrotik-Total-Limit-Gigawords'} -> ‘232830643'
>>
>>  So it’s getting set.  That’s nice.
>>
>> > This means that Mikrotik-Total-Limit is set right?
>>
>>   Yes.
>>
>>   Then go read the debug log to see when it’s being set, and when your
>> perl script is being executed.
>>
>>   There’s no magic here.  Just read the debug output to see what it’s
>> doing.
>>
>>   Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>


More information about the Freeradius-Users mailing list