help - zone migration

Amardeep Singh aman.xsaintz at gmail.com
Wed May 4 12:17:21 CEST 2016


Hi,

I am trying to implement zone migration on Nomadix. I have made the desired
configuration settings on the Nomadix. However when I switch between the
SSIDs it does not redirect me to the AAA page. Although I get authenticated
on Nomadix but the redirection is not working.

I have added the authentication query on free radius as
(/etc/raddb/sites-enabled/default):-

if ("%{Called-Station-Id}" =~ /^00-50-E8-/) {
update request {
Tmp-String-0 = "%{sql: SELECT radius_group_name from raduserzone where \
site_id='%{NAS-Identifier}' and \
mac_address='%{Calling-Station-Id}' and \
vlan_id='%{NAS-Port}'}"
}
if (&Tmp-String-0 != "") {
update request {
  Tmp-String-1 := "%{sql: update radusergroup set \
  groupname='%{Tmp-String-0}' \
  where username='%{Calling-Station-Id}'}";
}
}
else {
reject
}
}

raduserzone is  a custom table :-
mysql> select * from raduserzone ;
+----+---------+-------------------+---------+-------------------+
| id | site_id | mac_address       | vlan_id | radius_group_name |
+----+---------+-------------------+---------+-------------------+
I am using custom radius table here to track the guest data while switching
in the database.
    I have attached the radius debug logs.
Any ideas/suggestions?

Thanks,
Amardeep
-------------- next part --------------
sql_set_user escaped user --> '78-9E-D0-31-29-7E'
        expand:  SELECT radius_group_name from raduserzone where                                site_id='%{NAS-Identifier}' and                                 mac_address='%{Calling-Station-Id}' and                              vlan_id='%{NAS-Port}' ->  SELECT radius_group_name from raduserzone where                               site_id='100051' and                            mac_address='78-9E-D0-31-29-7E' and                          vlan_id='77'
rlm_sql (sql): Reserving sql socket id: 36
SQL query did not return any results
rlm_sql (sql): Released sql socket id: 36
        expand: %{sql: SELECT radius_group_name from raduserzone where                          site_id='%{NAS-Identifier}' and                                 mac_address='%{Calling-Station-Id}' and                              vlan_id='%{NAS-Port}'} ->
+++} # update request = noop
+++? if (&Tmp-String-0 != "")
? Evaluating (&Tmp-String-0 != "") -> TRUE
+++? if (&Tmp-String-0 != "") -> TRUE
+++if (&Tmp-String-0 != "") {
++++update request {
sql_xlat
        expand: %{User-Name} -> 78-9E-D0-31-29-7E
sql_set_user escaped user --> '78-9E-D0-31-29-7E'
        expand:  update radusergroup set                                   groupname='%{Tmp-String-0}'                             where username='%{Calling-Station-Id}' ->  update radusergroup set                                   groupname=''                                    where username='78-9E-D0-31-29-7E'
rlm_sql (sql): Reserving sql socket id: 35
rlm_sql_mysql: MYSQL Error: No Fields
rlm_sql_mysql: MYSQL error:
rlm_sql (sql): Attempting to connect rlm_sql_mysql #35
rlm_sql_mysql: Starting connect to MySQL server for #35
rlm_sql (sql): Connected new DB handle, #35
rlm_sql (sql): failed after re-connect
SQL query did not succeed
rlm_sql (sql): Released sql socket id: 35
        expand: %{sql: update radusergroup set                             groupname='%{Tmp-String-0}'                             where username='%{Calling-Station-Id}'} ->
++++} # update request = noop
+++} # if (&Tmp-String-0 != "") = noop
+++ ... skipping else for request 7: Preceding "if" was taken
++} # if ("%{Called-Station-Id}" =~ /^00-50-E8-/) = noop
++[chap] = noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] = ok
[suffix] No '@' in User-Name = "78-9E-D0-31-29-7E", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++? if ((User-Name =~ /%{Calling-Station-Id}/i) && (User-Name =~ /^(c0-33-5e-57)/i))
        expand: %{Calling-Station-Id} -> 78-9E-D0-31-29-7E
?? Evaluating (User-Name =~ /%{Calling-Station-Id}/i) -> TRUE
?? Evaluating (User-Name =~ /^(c0-33-5e-57)/i) -> FALSE
++? if ((User-Name =~ /%{Calling-Station-Id}/i) && (User-Name =~ /^(c0-33-5e-57)/i)) -> FALSE
[files]         expand: %{Calling-Station-Id} -> 78-9E-D0-31-29-7E
++[files] = noop
[sql]   expand: %{User-Name} -> 78-9E-D0-31-29-7E
[sql] sql_set_user escaped user --> '78-9E-D0-31-29-7E'
rlm_sql (sql): Reserving sql socket id: 34
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '78-9E-D0-31-29-7E'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '78-9E-D0-31-29-7E'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '78-9E-D0-31-29-7E'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 34
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = MSCHAP
# Executing group from file /etc/raddb/sites-enabled/default
+group MS-CHAP {
[mschap] Creating challenge hash with username: 78-9E-D0-31-29-7E
[mschap] Client is using MS-CHAPv2 for 78-9E-D0-31-29-7E, we need NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
        expand: %{NAS-IP-Address} -> 112.196.9.83
Login OK: [78-9E-D0-31-29-7E/<via Auth-Type = MSCHAP>] (from client SNAP3TestRadius port 77 cli 78-9E-D0-31-29-7E) 112.196.9.83
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
[sql]   expand: %{User-Name} -> 78-9E-D0-31-29-7E
[sql] sql_set_user escaped user --> '78-9E-D0-31-29-7E'
[sql]   expand: %{User-Password} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Chap-Password} ->
[sql]   expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '78-9E-D0-31-29-7E',                           '',                           'Access-Accept', '2016-04-22 02:15:09')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '78-9E-D0-31-29-7E',                           '',                           'Access-Accept', '2016-04-22 02:15:09')
rlm_sql (sql): Reserving sql socket id: 33
rlm_sql (sql): Released sql socket id: 33
++[sql] = ok
[sql_log] Processing sql_log_postauth
[sql_log]       expand: %{User-Name} -> 78-9E-D0-31-29-7E
[sql_log]       expand: %{%{User-Name}:-DEFAULT} -> 78-9E-D0-31-29-7E
[sql_log] sql_set_user escaped user --> '78-9E-D0-31-29-7E'
[sql_log] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
[sql_log]       ... expanding second conditional
[sql_log]       expand: Chap-Password -> Chap-Password
[sql_log]       expand: INSERT INTO radpostauth                          (username, pass, reply, authdate) VALUES                        ('%{User-Name}', '%{User-Password:-Chap-Password}',          '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth                       (username, pass, reply, authdate) VALUES                        ('78-9E-D0-31-29-7E', 'Chap-Password',              'Access-Accept', '2016-04-22 02:15:09');
[sql_log]       expand: /var/log/radius/radacct/sql-relay -> /var/log/radius/radacct/sql-relay
++[sql_log] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 10 to 112.196.9.83 port 2939
        MS-CHAP2-Success = 0x2c533d44433637373633323830393933464333434445433636414535424641414645343143363532383739
        MS-MPPE-Recv-Key = 0xcacc2558ba80ad6bac2e68d769718b11
        MS-MPPE-Send-Key = 0xb0ee2cb548a13fba8e0fbebcfee26f72
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 112.196.9.83 port 3404, id=18, length=189
        User-Name = "78-9E-D0-31-29-7E"
        NAS-IP-Address = 112.196.9.83
        NAS-Port = 77
        Acct-Status-Type = Start
        Acct-Session-Id = "33000006"
        Event-Timestamp = "Apr 22 2016 02:15:09 EDT"
        Called-Station-Id = "00-50-E8-00-92-24"
        Calling-Station-Id = "78-9E-D0-31-29-7E"
        NAS-Identifier = "100051"
        Framed-IP-Address = 192.168.20.3
        Nomadix-Subnet = "0.0.0.0"
        Nomadix-SMTP-Redirect = 1
        WISPr-Location-ID = "isocc=,cc=,ac=,network="
        Acct-Delay-Time = 0
# Executing section preacct from file /etc/raddb/sites-enabled/default
+group preacct {
++[preprocess] = ok
[acct_unique] Hashing 'NAS-Port = 77,NAS-Identifier = "100051",NAS-IP-Address = 112.196.9.83,Acct-Session-Id = "33000006",User-Name = "78-9E-D0-31-29-7E"'
[acct_unique] Acct-Unique-Session-ID = "598ef65abf72768f".
++[acct_unique] = ok
[suffix] No '@' in User-Name = "78-9E-D0-31-29-7E", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++[files] = noop
+} # group preacct = ok
# Executing section accounting from file /etc/raddb/sites-enabled/default
+group accounting {
[sql]   expand: %{User-Name} -> 78-9E-D0-31-29-7E
[sql] sql_set_user escaped user --> '78-9E-D0-31-29-7E'
[sql]   expand: %{Acct-Delay-Time} -> 0
[sql]   expand:            INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 32
rlm_sql (sql): Released sql socket id: 32
++[sql] = ok
++[exec] = noop
[attr_filter.accounting_response]       expand: %{User-Name} -> 78-9E-D0-31-29-7E
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] = updated
+} # group accounting = updated
Sending Accounting-Response of id 18 to 112.196.9.83 port 3404
Finished request 8.
Cleaning up request 8 ID 18 with timestamp +2357
Going to the next request
Waking up in 4.1 seconds.
Cleaning up request 7 ID 10 with timestamp +2356
Ready to process requests.



More information about the Freeradius-Users mailing list