Problem expanding "%{Calling-Station-Id}"

Ana Gallardo Gómez anaougu at gmail.com
Fri May 6 14:28:34 CEST 2016


Hello Alan,

 Show the FULL debug output.  And just use "radiusd -X".  Don't use
> "radiusd -Xxx" unless we suggest it.
>

ok


>   Following the documentation helps you get quick and useful answers.
> Ignoring the documentation means it's much more difficult for us to help
> you.
>

Here is...

(9) Received Access-Request Id 251 from 192.168.1.15:34136 to
192.168.1.6:1812 length 80
(9)   User-Name = 'nodowifi at nodo.unex.es'
(9)   User-Password = 'pass'
(9)   Calling-Station-Id = 'f0:f6:1c:58:da:cd'
(9) # Executing section authorize from file
/etc/freeradius/sites-enabled/captive
(9)   authorize {
(9)     policy deny_realms_captive {
(9)       if (!&User-Name) {
(9)       if (!&User-Name)  -> FALSE
(9)       if (&User-Name !~ /@((temp.)|(nodo.)|(alumnos.))?unex.es$/) {
(9)       if (&User-Name !~ /@((temp.)|(nodo.)|(alumnos.))?unex.es$/)  ->
FALSE
(9)     } # policy deny_realms_captive = notfound
(9)     policy filter_username_captive {
(9)       if (!&User-Name) {
(9)       if (!&User-Name)  -> FALSE
(9)       if (&User-Name !~ /^[A-Za-z0-9]{3,15}@/) {
(9)       if (&User-Name !~ /^[A-Za-z0-9]{3,15}@/)  -> FALSE
(9)     } # policy filter_username_captive = notfound
(9) auth_log: EXPAND
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
(9) auth_log:    --> /var/log/freeradius/radacct/
192.168.1.15/auth-detail-20160506
(9) auth_log:
/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.1.15/auth-detail-20160506
(9) auth_log: EXPAND %t
(9) auth_log:    --> Fri May  6 14:01:04 2016
(9)     [auth_log] = ok
(9) suffix: Checking for suffix after "@"
(9) suffix: Looking up realm "nodo.unex.es" for User-Name = "
nodowifi at nodo.unex.es"
(9) suffix: Found realm "nodo.unex.es"
(9) suffix: Adding Stripped-User-Name = "nodowifi"
(9) suffix: Adding Realm = "nodo.unex.es"
(9) suffix: Authentication realm is LOCAL
(9)     [suffix] = ok
(9) preprocess: hints: Matched DEFAULT at 31
(9) preprocess: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(9) preprocess:    --> nodowifi at nodo.unex.es
(9) preprocess: SQL-User-Name set to 'nodowifi at nodo.unex.es'
rlm_sql (sqllocal): Reserved connection (6)
(9) preprocess: EXPAND /var/log/freeradius/sqllog.sql
(9) preprocess:    --> /var/log/freeradius/sqllog.sql
(9) preprocess: Executing select query: SELECT username FROM radpostauth
WHERE client like 'PA%' and reply='Access-Accept' and mac='' and authdate >
(SELECT DATE_SUB(NOW(),INTERVAL 1 DAY)) order by authdate desc limit 1
(9) preprocess: SQL query returned no results
rlm_sql (sqllocal): Released connection (6)
(9) preprocess: EXPAND %{sqllocal:SELECT username FROM radpostauth WHERE
client like 'PA%%' and reply='Access-Accept' and
mac='%{Calling-Station-Id}' and authdate > (SELECT DATE_SUB(NOW(),INTERVAL
1 DAY)) order by authdate desc limit 1}
(9) preprocess:    -->
(9)     [preprocess] = ok
(9)     if (&Intentos-Reject > 10) {
(9)     ERROR: Failed retrieving values required to evaluate condition
(9)     if (&Tipo-Usuario == 'TEMPORAL') {
(9)     if (&Tipo-Usuario == 'TEMPORAL')  -> FALSE
(9)     elsif (&Tipo-Usuario == 'NODO') {
(9)     elsif (&Tipo-Usuario == 'NODO')  -> TRUE
(9)     elsif (&Tipo-Usuario == 'NODO')  {
(9)       [ok] = ok
(9)     } # elsif (&Tipo-Usuario == 'NODO')  = ok
(9)     ... skipping elsif for request 9: Preceding "if" was taken
(9)     if (&Tipo-Usuario == 'EMAIL') {
(9)     if (&Tipo-Usuario == 'EMAIL')  -> FALSE
(9)     if (fail) {
(9)     if (fail)  -> FALSE
(9)     elsif (notfound) {
(9)     elsif (notfound)  -> FALSE
(9)     if (&Tipo-Usuario != 'TEMPORAL') {
(9)     if (&Tipo-Usuario != 'TEMPORAL')  -> TRUE
(9)     if (&Tipo-Usuario != 'TEMPORAL')  {
(9) perlCheckRelaciones:   $RAD_REQUEST{'User-Name'} = &request:User-Name
-> 'nodowifi at nodo.unex.es'
(9) perlCheckRelaciones:   $RAD_REQUEST{'User-Password'} =
&request:User-Password -> 'pass'
(9) perlCheckRelaciones:   $RAD_REQUEST{'NAS-IP-Address'} =
&request:NAS-IP-Address -> '192.168.1.15'
(9) perlCheckRelaciones:   $RAD_REQUEST{'Reply-Message'} =
&request:Reply-Message -> ''
(9) perlCheckRelaciones:   $RAD_REQUEST{'Calling-Station-Id'} =
&request:Calling-Station-Id -> 'f0:f6:1c:58:da:cd'
(9) perlCheckRelaciones:   $RAD_REQUEST{'Event-Timestamp'} =
&request:Event-Timestamp -> 'May  6 2016 14:01:04 CEST'
(9) perlCheckRelaciones:   $RAD_REQUEST{'Stripped-User-Name'} =
&request:Stripped-User-Name -> 'nodowifi'
(9) perlCheckRelaciones:   $RAD_REQUEST{'Realm'} = &request:Realm -> '
nodo.unex.es'
(9) perlCheckRelaciones:   $RAD_REQUEST{'Module-Failure-Message'} =
&request:Module-Failure-Message -> 'Failed retrieving values required to
evaluate condition'
(9) perlCheckRelaciones:   $RAD_REQUEST{'Tipo-Usuario'} =
&request:Tipo-Usuario -> 'NODO'
rlm_perl: RAD_REQUEST: User-Password = pass
rlm_perl: RAD_REQUEST: Tipo-Usuario = NODO
rlm_perl: RAD_REQUEST: Module-Failure-Message = Failed retrieving values
required to evaluate condition
rlm_perl: RAD_REQUEST: Event-Timestamp = May  6 2016 14:01:04 CEST
rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.1.15
rlm_perl: RAD_REQUEST: Reply-Message =
rlm_perl: RAD_REQUEST: Calling-Station-Id = f0:f6:1c:58:da:cd
rlm_perl: RAD_REQUEST: User-Name = nodowifi at nodo.unex.es
rlm_perl: RAD_REQUEST: Realm = nodo.unex.es
rlm_perl: RAD_REQUEST: Stripped-User-Name = nodowifi
(9) perlCheckRelaciones: &request:User-Password =
$RAD_REQUEST{'User-Password'} -> 'pass'
(9) perlCheckRelaciones: &request:Tipo-Usuario =
$RAD_REQUEST{'Tipo-Usuario'} -> 'NODO'
(9) perlCheckRelaciones: &request:Module-Failure-Message =
$RAD_REQUEST{'Module-Failure-Message'} -> 'Failed retrieving values
required to evaluate condition'
(9) perlCheckRelaciones: &request:Event-Timestamp =
$RAD_REQUEST{'Event-Timestamp'} -> 'May  6 2016 14:01:04 CEST'
(9) perlCheckRelaciones: &request:NAS-IP-Address =
$RAD_REQUEST{'NAS-IP-Address'} -> '192.168.1.15'
(9) perlCheckRelaciones: &request:Reply-Message =
$RAD_REQUEST{'Reply-Message'} -> ''
(9) perlCheckRelaciones: &request:Calling-Station-Id =
$RAD_REQUEST{'Calling-Station-Id'} -> 'f0:f6:1c:58:da:cd'
(9) perlCheckRelaciones: &request:User-Name = $RAD_REQUEST{'User-Name'} -> '
nodowifi at nodo.unex.es'
(9) perlCheckRelaciones: &request:Realm = $RAD_REQUEST{'Realm'} -> '
nodo.unex.es'
(9) perlCheckRelaciones: &request:Stripped-User-Name =
$RAD_REQUEST{'Stripped-User-Name'} -> 'nodowifi'
(9)       [perlCheckRelaciones] = notfound
(9)       if (notfound) {
(9)       if (notfound)  -> TRUE
(9)       if (notfound)  {
(9)         update {
(9)           &reply:Codigo-Reject = Sin-Relacion-UEX
(9)         } # update = noop
(9)         [reject] = reject
(9)       } # if (notfound)  = reject
(9)     } # if (&Tipo-Usuario != 'TEMPORAL')  = reject
(9)   } # authorize = reject
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /etc/freeradius/sites-enabled/captive
(9)   Post-Auth-Type REJECT {
(9)     update {
(9)       &reply:Codigo-Reject = Credenciales-Erroneas
(9)     } # update = noop
(9) sqllocal: EXPAND .query
(9) sqllocal:    --> .query
(9) sqllocal: Using query template 'query'
rlm_sql (sqllocal): Reserved connection (6)
(9) sqllocal: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(9) sqllocal:    --> nodowifi
(9) sqllocal: SQL-User-Name set to 'nodowifi'
(9) sqllocal: EXPAND INSERT INTO radpostauth (username, mac, client, reply,
authdate, codreject, radauth) VALUES ( LOWER('%{User-Name}'),
UPPER('%{Calling-Station-Id}'), '%{Client-Shortname}',
'%{reply:Packet-Type}', '%S', '%{reply:Codigo-Reject}', 'radiusprueba')
(9) sqllocal:    --> INSERT INTO radpostauth (username, mac, client, reply,
authdate, codreject, radauth) VALUES ( LOWER('nodowifi at nodo.unex.es'),
UPPER('f0:f6:1c:58:da:cd'), 'cau1PC', 'Access-Reject', '2016-05-06
14:01:04', 'Sin-Relacion-UEX', 'radiusprueba')
(9) sqllocal: EXPAND /var/log/freeradius/post-auth.sql
(9) sqllocal:    --> /var/log/freeradius/post-auth.sql
(9) sqllocal: Executing query: INSERT INTO radpostauth (username, mac,
client, reply, authdate, codreject, radauth) VALUES ( LOWER('
nodowifi at nodo.unex.es'), UPPER('f0:f6:1c:58:da:cd'), 'cau1PC',
'Access-Reject', '2016-05-06 14:01:04', 'Sin-Relacion-UEX', 'radiusprueba')
(9) sqllocal: SQL query returned: success
(9) sqllocal: 1 record(s) updated
rlm_sql (sqllocal): Released connection (6)
(9)     [sqllocal] = ok
(9)     if (fail) {
(9)     if (fail)  -> FALSE
(9) attr_filter.access_reject: EXPAND %{User-Name}
(9) attr_filter.access_reject:    --> nodowifi at nodo.unex.es
(9) attr_filter.access_reject: Matched entry DEFAULT at line 18
(9)     [attr_filter.access_reject] = updated
(9)   } # Post-Auth-Type REJECT = updated
(9) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(9) <delay>: Sending delayed response
(9) <delay>: Sent Access-Reject Id 251 from 192.168.1.6:1812 to
192.168.1.15:34136 length 20
Waking up in 3.9 seconds.
(9) <delay>: Cleaning up request packet ID 251 with timestamp +122
Ready to process requests


::::::::::::::::::::::::::::::::::::
:: Ana Gallardo Gómez ::
::::::::::::::::::::::::::::::::::::


More information about the Freeradius-Users mailing list