Problem with Hints file

Craig Nattrass craig at storage.co.za
Mon Jun 29 00:31:58 CEST 2015 

Hi,

I have just upgraded to version 3.0.8 from 3.0.0

My goal is to combine the User-Name and the Mikrotik-Realm in the hints into the following: User-Name := "%{User-Name}@%{Mikrotik-Realm}"
This would be for the Authentication and the Accounting.

I version 3.0.0 this part worked. However the username did not pass correctly SQL-User-Name but with fiddling with the strip username seemed to resolve this.
When the Accounting packets came in I ended up with User-Names looking like this: ai:=28=5B0-9a-f=5D=7B32=7D=29 which was expanded from: 
(122) sql :     expand: "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" -> 'ai:([0-9a-f]{32})'
(122) sql : SQL-User-Name set to "ai:([0-9a-f]{32})"

this was when I decided to upgrade to 3.0.8

version 3.0.0 sample log: 

        Called-Station-Id = 'hotspot1'
        NAS-Port-Id = 'wlan2'
        User-Name = 'craign'
        MS-CHAP-Domain = 'wifi.co'
        NAS-Port = 2148532316
        Acct-Session-Id = '8010005c'
        Framed-IP-Address = 10.254.2.245
        Mikrotik-Host-IP = 10.254.2.245
        User-Password = 'mmmm'
        Service-Type = Login-User
        WISPr-Logoff-URL = 'http://10.254.2.1/logout'
        NAS-Identifier = 'MikroTik'
        Mikrotik-Realm = 'wifi.co'
        NAS-IP-Address = 10.99.0.16
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0)   authorize {
(0)   filter_username filter_username {
(0)    ? if (User-Name != "%{tolower:%{User-Name}}")
(0)     expand: "%{tolower:%{User-Name}}" -> 'craign'
(0)    ? if (User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(0)    ? if (User-Name =~ / /)
(0)    ? if (User-Name =~ / /)  -> FALSE
(0)    ? if (User-Name =~ /@.*@/ )
(0)    ? if (User-Name =~ /@.*@/ )  -> FALSE
(0)    ? if (User-Name =~ /\\.\\./ )
(0)    ? if (User-Name =~ /\\.\\./ )  -> FALSE
(0)    ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(0)    ? if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(0)    ? if (User-Name =~ /\\.$/)
(0)    ? if (User-Name =~ /\\.$/)   -> FALSE
(0)    ? if (User-Name =~ /@\\./)
(0)    ? if (User-Name =~ /@\\./)   -> FALSE
(0)   } # filter_username filter_username = notfound
(0) preprocess :   hints: Matched DEFAULT at 19
(0) preprocess :        expand: "%{User-Name}@%{Mikrotik-Realm}" -> 'craign at wifi.co'
(0)   [preprocess] = ok
(0)   [chap] = noop
(0)   [mschap] = noop
(0)   [digest] = noop
(0)   [files] = noop
(0) sql :       expand: "%{%{User-Name}:-DEFAULT}" -> 'craign'
(0) sql : SQL-User-Name set to "craign"




This is the logs from version 3.0.8
The below shows the preprocess from the hints adding neither the User-Name Nor the Mikrotik-Realm to the User-Name:
the values of %{User-Name} and %{Mikrotik-Realm} are being dropped.

 Called-Station-Id = 'hotspot1'
(0)   NAS-Port-Id = 'wlan2'
(0)   User-Name = 'craign'
(0)   MS-CHAP-Domain = 'wifi.co'
(0)   NAS-Port = 2148532315
(0)   Acct-Session-Id = '8010005b'
(0)   Framed-IP-Address = 10.254.2.245
(0)   Mikrotik-Host-IP = 10.254.2.245
(0)   User-Password = 'mmmm'
(0)   Service-Type = Login-User
(0)   WISPr-Logoff-URL = 'http://10.254.2.1/logout'
(0)   NAS-Identifier = 'MikroTik'
(0)   Mikrotik-Realm = 'wifi.co'
(0)   NAS-IP-Address = 10.99.0.16
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (User-Name != "%{tolower:%{User-Name}}") {
(0)       EXPAND %{tolower:%{User-Name}}
(0)          --> craign
(0)       if (User-Name != "%{tolower:%{User-Name}}")  -> FALSE
(0)       if (User-Name =~ / /) {
(0)       if (User-Name =~ / /)  -> FALSE
(0)       if (User-Name =~ /@.*@/ ) {
(0)       if (User-Name =~ /@.*@/ )  -> FALSE
(0)       if (User-Name =~ /\\.\\./ ) {
(0)       if (User-Name =~ /\\.\\./ )  -> FALSE
(0)       if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))  {
(0)       if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))   -> FALSE
(0)       if (User-Name =~ /\\.$/)  {
(0)       if (User-Name =~ /\\.$/)   -> FALSE
(0)       if (User-Name =~ /@\\./)  {
(0)       if (User-Name =~ /@\\./)   -> FALSE
(0)     } # policy filter_username = notfound
(0) preprocess: hints: Matched DEFAULT at 19
(0) preprocess: EXPAND %{User-Name}@%{Mikrotik-Realm}
(0) preprocess:    --> @
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0)     [files] = noop
(0) sql: EXPAND %{%{User-Name}:-DEFAULT}
(0) sql:    --> craign
(0) sql: SQL-User-Name set to 'craign'


Regards
Craig

More information about the Freeradius-Users mailing list