passwd and unlang

macservo macservo at googlemail.com
Fri Feb 10 18:22:42 CET 2017 

Am I missing something here or have there been changes to the behavior
of passwd and unlang since 2.0.2?

If you could please have a look at the configuration (migrated from
2.0.2, where it was working)
and output below.

The username for the request is Mac284-1.
This username is NOT in the passwd-file, which explains the
"Failed retrieving values required to evaluate condition" part.

But then why is notfound -> FALSE?
Should´nt notfound be true and the request thus be rejected?


/etc/raddb/sites-enabled/default:
authorize {
  ...
  maclist
  if (notfound) {
    reject
  }
  if ( mac-add !~ /%{Calling-Station-ID}/i) {
   reject
  }
  ...
  }

/etc/raddb/mods-available/passwd:
passwd maclist {
  filename = /etc/raddb/maclist
  format = "*User-Name:~mac-add"
}

/etc/raddb/maclist:
Macxxx:00236C94ED49

And the output:

Fri Feb 10 19:10:31 2017 : Debug: (5) suffix: No '@' in User-Name =
"Mac284-1", looking up realm NULL

Fri Feb 10 19:10:31 2017 : Debug: (5) suffix: No such realm "NULL"

Fri Feb 10 19:10:31 2017 : Debug: (5)     modsingle[authorize]:
returned from suffix (rlm_realm)

Fri Feb 10 19:10:31 2017 : Debug: (5)     [suffix] = noop

Fri Feb 10 19:10:31 2017 : Debug: (5)     if (Called-Station-ID =~ /:test$/) {

Fri Feb 10 19:10:31 2017 : Debug: No matches

Fri Feb 10 19:10:31 2017 : Debug: Adding 1 matches

Fri Feb 10 19:10:31 2017 : Debug: (5)     if (Called-Station-ID =~
/:test$/)  -> TRUE

Fri Feb 10 19:10:31 2017 : Debug: (5)     if (Called-Station-ID =~ /:test$/)  {

Fri Feb 10 19:10:31 2017 : Debug: (5)       modsingle[authorize]:
calling eap (rlm_eap)

Fri Feb 10 19:10:31 2017 : Debug: (5) eap: Peer sent EAP Response
(code 2) ID 6 length 1276

Fri Feb 10 19:10:31 2017 : Debug: (5) eap: No EAP Start, assuming it's
an on-going EAP conversation

Fri Feb 10 19:10:31 2017 : Debug: (5)       modsingle[authorize]:
returned from eap (rlm_eap)

Fri Feb 10 19:10:31 2017 : Debug: (5)       [eap] = updated

Fri Feb 10 19:10:31 2017 : Debug: (5)       modsingle[authorize]:
calling files (rlm_files)

Fri Feb 10 19:10:31 2017 : Debug: (5)       modsingle[authorize]:
returned from files (rlm_files)

Fri Feb 10 19:10:31 2017 : Debug: (5)       [files] = noop

Fri Feb 10 19:10:31 2017 : Debug: (5)       modsingle[authorize]:
calling maclist (rlm_passwd)

Fri Feb 10 19:10:31 2017 : Debug: (5)       modsingle[authorize]:
returned from maclist (rlm_passwd)

Fri Feb 10 19:10:31 2017 : Debug: (5)       [maclist] = ok

Fri Feb 10 19:10:31 2017 : Debug: (5)       if (notfound) {

Fri Feb 10 19:10:31 2017 : Debug: (5)       if (notfound)  -> FALSE

Fri Feb 10 19:10:31 2017 : Debug: (5)       if ( mac-add !~
/%{Calling-Station-ID}/i) {

Fri Feb 10 19:10:31 2017 : ERROR: (5)       Failed retrieving values
required to evaluate condition

More information about the Freeradius-Users mailing list