cui question FR 3.0.11

Alex Sharaz alex.sharaz at york.ac.uk
Mon Feb 1 12:24:37 CET 2016 

o.k. I'd added appropriate lines to clients.conf but, the NRPS clients are
in local-configs/nrps.conf to match up with my FR2.2 servers. As soon as I
updated those configs things sprang into life.

o.k. A debug shows that its happening in  acct_unique

For The accounting packets

Mon Feb  1 11:18:04 2016
        User-Name = "hyscj1 at hyms.ac.uk"
        NAS-IP-Address = 144.32.64.18
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        Acct-Session-Id = "hyscj1 at h4030043136B4-56AF3091"
        Event-Timestamp = "Feb  1 2016 11:18:04 GMT"
        Acct-Multi-Session-Id = "4030043136B4-0009337596"
        Framed-IP-Address = 10.240.199.226
        Calling-Station-Id = "40-30-04-31-36-B4"
        Called-Station-Id = "00-1A-1E-00-70-10"
        Class =
0x818f07c60000013700010200c253f60c00000000000000000000000001d158ee8aa99aa2000000000002d416
        Class =
0x3ef26051d9b04bb29a0230b453511637ba0b0000050000005230303237333463332d31302d35366166333039300000000000000000000000
        Acct-Delay-Time = 0
        Aruba-Essid-Name = "eduroam"
        Aruba-Location-Id = "hymsap5"
        Aruba-AP-Group = "Aruba-L1"
        Aruba-User-Role = "logon"
        Aruba-User-Vlan = 3899
        Aruba-Device-Type = "iPad"
        Acct-Status-Type = Stop
        Acct-Input-Octets = 177804
        Acct-Output-Octets = 416138
        Acct-Input-Packets = 1121
        Acct-Output-Packets = 1006
        Acct-Terminate-Cause = NAS-Request
        Acct-Session-Time = 3675
        NAS-Identifier = "aruba0"
        Proxy-State = 0x3232
        FreeRADIUS-Acct-Session-Start-Time = "Feb  1 2016 10:16:49 GMT"
        Module-Failure-Message = "regex failed: Found null in subject at
offset 4.  String unsafe for evaluation"
        Module-Failure-Message = "Failed retrieving values required to
evaluate condition"
        Acct-Unique-Session-Id = "d43b26de430a01deaef3e9e6c3b74302"
        Stripped-User-Name = "hyscj1"

I can see

on Feb  1 11:18:04 2016 : Debug: (940)     update request {
Mon Feb  1 11:18:04 2016 : Debug: (940)       EXPAND %{expr: %l -
%{%{Acct-Session-Time}:-0} - %{%{Ac
ct-Delay-Time}:-0}}
Mon Feb  1 11:18:04 2016 : Debug: (940)          --> 1454321809
Mon Feb  1 11:18:04 2016 : Debug: (940)
FreeRADIUS-Acct-Session-Start-Time = Feb  1 2016 10:16:49 GMT
Mon Feb  1 11:18:04 2016 : Debug: (940)     } # update request = noop
Mon Feb  1 11:18:04 2016 : Debug: (940)     policy acct_unique {
Mon Feb  1 11:18:04 2016 : Debug: (940)       if ("%{string:Class}" =~
/ai:([0-9a-f]{32})/i) {
Mon Feb  1 11:18:04 2016 : Debug: (940)       EXPAND TMPL XLAT STRUCT
Mon Feb  1 11:18:04 2016 : Debug: (940)       EXPAND %{string:Class}
Mon Feb  1 11:18:04 2016 : Debug: (940)          --> ????
Mon Feb  1 11:18:04 2016 : ERROR: (940)       regex failed: Found null in
subject at offset 4.  String unsafe for evaluation
Mon Feb  1 11:18:04 2016 : ERROR: (940)       Failed retrieving values
required to evaluate condition
Mon Feb  1 11:18:04 2016 : Debug: (940)       else {
Mon Feb  1 11:18:04 2016 : Debug: (940)         update request {
Mon Feb  1 11:18:04 2016 : Debug: (940)           EXPAND
%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
Mon Feb  1 11:18:04 2016 : Debug: (940)              -->
d43b26de430a01deaef3e9e6c3b74302
Mon Feb  1 11:18:04 2016 : Debug: (940)           &Acct-Unique-Session-Id
:= d43b26de430a01deaef3e9e6c3b74302
Mon Feb  1 11:18:04 2016 : Debug: (940)         } # update request = noop
Mon Feb  1 11:18:04 2016 : Debug: (940)       } # else = noop


and then we see the Acct-Unique-Session-Id  that's  used

A

On 1 February 2016 at 10:13, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:

> Hi,
>
> > 1). Module-Failure-Message - never seen this in a  debug log before.
> > Assuming its something specific to FR 3.x. What's it associated with?
>
> have a guess..... perhaps its the failure message from the module that
> failed explaining why
> the authentication didnt work?  ;-)
>
> outch!! o.k. point taken
>
> > 2). Chargeable-User-Identity = 0x
> >
> > Should I see this or should I see the whole string?
>
> if CUI is set, you'll have a full string...if its not (ie you havent
> configured it) you will have a blank string - 0x
>
> o.k. thought I had due to the fact that cuilog.sql seemed to be doing the
> right thing.
>
> Sigh! it's monday
> A
>
> alan
>
> On 1 February 2016 at 10:06, <A.L.M.Buxey at lboro.ac.uk> wrote:
>
>> Hi,
>>
>> > 1). Module-Failure-Message - never seen this in a  debug log before.
>> > Assuming its something specific to FR 3.x. What's it associated with?
>>
>> have a guess..... perhaps its the failure message from the module that
>> failed explaining why
>> the authentication didnt work?  ;-)
>>
>> > 2). Chargeable-User-Identity = 0x
>> >
>> > Should I see this or should I see the whole string?
>>
>> if CUI is set, you'll have a full string...if its not (ie you havent
>> configured it) you will have a blank string - 0x
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>

More information about the Freeradius-Users mailing list