radacct issue (was: Re: hints file based rewrite does not work (migration from freeradius 1.1.x to 3.0.x))

Bernd bernd at kroenchenstadt.de
Thu Feb 18 11:09:11 CET 2016


Hi list,

with your help I solved following problem in fall last year. I'll 
include that information because it may be connected to my current 
problem.

I'm running into an issue that

somerealm/01234 at vpn.kroenchenstade.de is being accounted into MySQL and 
logfiles (radacct)

while

somerealm/01234 at newtest.kroenchenstade.de.com

*is* able to log in (radius.log shows it) but (after disconnect) is 
*not* logged anywhere (neither MySQL nor in radacct).

What am I missing?

Thanks in advance,

Bernd

---

On 2015-10-13 14:12, Bernd wrote:
> Am 2015-10-12 17:30, schrieb Herwin Weststrate:
>> On 12-10-15 17:12, Bernd wrote:
>>> The code itself seems to work, thanks a lot! However, it still sends 
>>> a
>>> "=25" (which originates from the forbidden character "%" regarding 
>>> its
>>> use within a MySQL setup) to the MySQL:
>>> 
>>> (20) if (&User-Name =~ /@\\./)
>>> (20) if (&User-Name =~ /@\\./) -> FALSE
>>> (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/)
>>> (20) EXPAND bla-bla/([^%%]+)%%kroenchenstadt.de
>>> (20) --> bla-bla/([^%]+)%kroenchenstadt.de
>>> (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) -> 
>>> TRUE
>>> (20) if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) {
>>> (20) update control {
>>> (20) EXPAND %{1}@kroenchenstadt.de
>>> (20) --> 20082105 at kroenchenstadt.de
>>> (20) User-Name := "20082105 at kroenchenstadt.de"
>>> (20) } # update control = noop
>>> (20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) = 
>>> noop
>>> ...
>>> (20) sql : EXPAND %{User-Name}
>>> (20) sql : --> bla-bla/20082105%kroenchenstadt.de
>>> (20) sql : SQL-User-Name set to 'bla-bla/20082105%kroenchenstadt.de'
>>> rlm_sql (sql): Reserved connection (4)
>> 
>> It changes control:User-Name to "20082105 at kroenchenstadt.de", the
>> expansion in the second part used User-Name without a list prefix, 
>> which
>> defaults to request:User-Name. Update on of these two statements and
>> you're fine.
> 
> Updated to 'request:User-Name' which perfectly does what I need.
> 
> Thank you a lot!!
> 
>>> So, filter in policy.d doesn't really *apply* it as I get from
>>> 
>>> (20) } # if (User-Name =~ /bla\-bla\/([^%%]+)%%kroenchenstadt.de/) = 
>>> noop
>>> (20) } # filter_username filter_username = noop
>>> 
>>> That makes no sense to me because I didn't tell it to noop.
>> 
>> noop is a kind of return value used in unlang. You could add a more
>> explicit value by specifying it:
>> 
>>   if (User-Name =~ /bla-bla\/([^%%]+)%%kroenchenstadt.de/) {
>>     ... update control block
>>     updated
>>   }
>> 
>> Using this will make it show as "updated". But as long as there is no
>> direct check for the return value, they're not that useful and can be
>> safely omitted.
> 
> Okay, I see. Didn't recognize it as return value but rather as kind of
> 'result of command', which seemed a bit weird given that a few lines
> up it said to have rewritten that string it should rewrite. Thanks for
> clarification.



More information about the Freeradius-Users mailing list