cui question FR 3.0.11
Alex Sharaz
alex.sharaz at york.ac.uk
Mon Feb 1 12:24:37 CET 2016
o.k. I'd added appropriate lines to clients.conf but, the NRPS clients are
in local-configs/nrps.conf to match up with my FR2.2 servers. As soon as I
updated those configs things sprang into life.
o.k. A debug shows that its happening in acct_unique
For The accounting packets
Mon Feb 1 11:18:04 2016
User-Name = "hyscj1 at hyms.ac.uk"
NAS-IP-Address = 144.32.64.18
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "hyscj1 at h4030043136B4-56AF3091"
Event-Timestamp = "Feb 1 2016 11:18:04 GMT"
Acct-Multi-Session-Id = "4030043136B4-0009337596"
Framed-IP-Address = 10.240.199.226
Calling-Station-Id = "40-30-04-31-36-B4"
Called-Station-Id = "00-1A-1E-00-70-10"
Class =
0x818f07c60000013700010200c253f60c00000000000000000000000001d158ee8aa99aa2000000000002d416
Class =
0x3ef26051d9b04bb29a0230b453511637ba0b0000050000005230303237333463332d31302d35366166333039300000000000000000000000
Acct-Delay-Time = 0
Aruba-Essid-Name = "eduroam"
Aruba-Location-Id = "hymsap5"
Aruba-AP-Group = "Aruba-L1"
Aruba-User-Role = "logon"
Aruba-User-Vlan = 3899
Aruba-Device-Type = "iPad"
Acct-Status-Type = Stop
Acct-Input-Octets = 177804
Acct-Output-Octets = 416138
Acct-Input-Packets = 1121
Acct-Output-Packets = 1006
Acct-Terminate-Cause = NAS-Request
Acct-Session-Time = 3675
NAS-Identifier = "aruba0"
Proxy-State = 0x3232
FreeRADIUS-Acct-Session-Start-Time = "Feb 1 2016 10:16:49 GMT"
Module-Failure-Message = "regex failed: Found null in subject at
offset 4. String unsafe for evaluation"
Module-Failure-Message = "Failed retrieving values required to
evaluate condition"
Acct-Unique-Session-Id = "d43b26de430a01deaef3e9e6c3b74302"
Stripped-User-Name = "hyscj1"
I can see
on Feb 1 11:18:04 2016 : Debug: (940) update request {
Mon Feb 1 11:18:04 2016 : Debug: (940) EXPAND %{expr: %l -
%{%{Acct-Session-Time}:-0} - %{%{Ac
ct-Delay-Time}:-0}}
Mon Feb 1 11:18:04 2016 : Debug: (940) --> 1454321809
Mon Feb 1 11:18:04 2016 : Debug: (940)
FreeRADIUS-Acct-Session-Start-Time = Feb 1 2016 10:16:49 GMT
Mon Feb 1 11:18:04 2016 : Debug: (940) } # update request = noop
Mon Feb 1 11:18:04 2016 : Debug: (940) policy acct_unique {
Mon Feb 1 11:18:04 2016 : Debug: (940) if ("%{string:Class}" =~
/ai:([0-9a-f]{32})/i) {
Mon Feb 1 11:18:04 2016 : Debug: (940) EXPAND TMPL XLAT STRUCT
Mon Feb 1 11:18:04 2016 : Debug: (940) EXPAND %{string:Class}
Mon Feb 1 11:18:04 2016 : Debug: (940) --> ????
Mon Feb 1 11:18:04 2016 : ERROR: (940) regex failed: Found null in
subject at offset 4. String unsafe for evaluation
Mon Feb 1 11:18:04 2016 : ERROR: (940) Failed retrieving values
required to evaluate condition
Mon Feb 1 11:18:04 2016 : Debug: (940) else {
Mon Feb 1 11:18:04 2016 : Debug: (940) update request {
Mon Feb 1 11:18:04 2016 : Debug: (940) EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
Mon Feb 1 11:18:04 2016 : Debug: (940) -->
d43b26de430a01deaef3e9e6c3b74302
Mon Feb 1 11:18:04 2016 : Debug: (940) &Acct-Unique-Session-Id
:= d43b26de430a01deaef3e9e6c3b74302
Mon Feb 1 11:18:04 2016 : Debug: (940) } # update request = noop
Mon Feb 1 11:18:04 2016 : Debug: (940) } # else = noop
and then we see the Acct-Unique-Session-Id that's used
A
On 1 February 2016 at 10:13, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> Hi,
>
> > 1). Module-Failure-Message - never seen this in a debug log before.
> > Assuming its something specific to FR 3.x. What's it associated with?
>
> have a guess..... perhaps its the failure message from the module that
> failed explaining why
> the authentication didnt work? ;-)
>
> outch!! o.k. point taken
>
> > 2). Chargeable-User-Identity = 0x
> >
> > Should I see this or should I see the whole string?
>
> if CUI is set, you'll have a full string...if its not (ie you havent
> configured it) you will have a blank string - 0x
>
> o.k. thought I had due to the fact that cuilog.sql seemed to be doing the
> right thing.
>
> Sigh! it's monday
> A
>
> alan
>
> On 1 February 2016 at 10:06, <A.L.M.Buxey at lboro.ac.uk> wrote:
>
>> Hi,
>>
>> > 1). Module-Failure-Message - never seen this in a debug log before.
>> > Assuming its something specific to FR 3.x. What's it associated with?
>>
>> have a guess..... perhaps its the failure message from the module that
>> failed explaining why
>> the authentication didnt work? ;-)
>>
>> > 2). Chargeable-User-Identity = 0x
>> >
>> > Should I see this or should I see the whole string?
>>
>> if CUI is set, you'll have a full string...if its not (ie you havent
>> configured it) you will have a blank string - 0x
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
More information about the Freeradius-Users
mailing list