Concurrency Check
Aurélio de Souza Ribeiro Neto
netolistas at mpc.com.br
Thu Jun 27 17:10:06 CEST 2019
Alan,
Em 27/06/2019 09:39, Alan DeKok escreveu:
> Whatever you put into the "session" section.
> The simplest way to check these things is to run it in debugging mode, and read the output.
>
Sorry, you could help? Is not working simultaneous-use check
Look Debug
(2) Received Access-Request Id 2 from 172.17.200.30:50147 to
XXX.XXX.XXX.XXX:1812 length 201
(2) Service-Type = Framed-User
(2) Framed-Protocol = PPP
(2) NAS-Port = 15728817
(2) NAS-Port-Type = Ethernet
(2) User-Name = "testepppoe"
(2) Calling-Station-Id = "0C:80:63:DC:00:8F"
(2) Called-Station-Id = "CE - TESTE PPPoE - 2"
(2) NAS-Port-Id = "ether2"
(2) MS-CHAP-Challenge = 0x01a06bf76bfe1ab2
(2) MS-CHAP-Response =
0x01010000000000000000000000000000000000000000000000007e76e5b738bee7b1f6e1ffd7642a0f2d70533b51ce42ceff
(2) NAS-Identifier = "CE-TESTE-ENCOL"
(2) NAS-IP-Address = 172.17.200.30
(2) # Executing section authorize from file
/etc/freeradius/sites-enabled/default
(2) authorize {
(2) [preprocess] = ok
(2) [chap] = noop
(2) mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
(2) [mschap] = ok
(2) sql: EXPAND %{User-Name}
(2) sql: --> testepppoe
(2) sql: SQL-User-Name set to 'testepppoe'
rlm_sql (sql): Reserved connection (0)
(2) sql: EXPAND SELECT DISTINCT (R.id), R.username, R.attribute,
R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'%{SQL-User-Name}' AND M.usuario_login
= BINARY '%{SQL-User-Name}' AND
N.nasname = '%{Nas-IP-Address}' AND
N.gw_id = (SELECT gateway_id FROM mpc_lw.maclist WHERE usuario_login =
BINARY '%{SQL-User-Name}' AND plano_id NOT IN (6,8,9,793) AND gateway_id
= ( SELECT gw_id FROM mpc_freeradius.nas WHERE nasname =
'%{Nas-IP-Address}' ) ORDER BY
ID) UNION
ALL SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'%{SQL-User-Name}' AND M.usuario_login
= BINARY '%{SQL-User-Name}' AND
M.grupocliente = 'ALL-POPS'
(2) sql: --> SELECT DISTINCT (R.id), R.username, R.attribute,
R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND N.nasname =
'172.17.200.30' AND N.gw_id = (SELECT
gateway_id FROM mpc_lw.maclist WHERE usuario_login = BINARY
'testepppoe' AND plano_id NOT IN (6,8,9,793) AND gateway_id = ( SELECT
gw_id FROM mpc_freeradius.nas WHERE nasname = '172.17.200.30'
) ORDER BY
ID) UNION
ALL SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND M.grupocliente
= 'ALL-POPS'
(2) sql: Executing select query: SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND N.nasname =
'172.17.200.30' AND N.gw_id = (SELECT
gateway_id FROM mpc_lw.maclist WHERE usuario_login = BINARY
'testepppoe' AND plano_id NOT IN (6,8,9,793) AND gateway_id = ( SELECT
gw_id FROM mpc_freeradius.nas WHERE nasname = '172.17.200.30'
) ORDER BY
ID) UNION
ALL SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND M.grupocliente
= 'ALL-POPS'
(2) sql: User found in radcheck table
(2) sql: Conditional check items matched, merging assignment check items
(2) sql: Simultaneous-Use := 1
(2) sql: Pool-Name := "main_pool"
(2) sql: Cleartext-Password := "testeppp"
(2) sql: EXPAND SELECT DISTINCT (R.id), R.username, R.attribute,
R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'%{SQL-User-Name}' AND M.usuario_login
= BINARY '%{SQL-User-Name}' AND
N.nasname = '%{Nas-IP-Address}' AND
N.gw_id = (SELECT gateway_id FROM mpc_lw.maclist WHERE usuario_login =
BINARY '%{SQL-User-Name}' AND plano_id NOT IN (6,8,9,793) AND gateway_id
= ( SELECT gw_id FROM mpc_freeradius.nas WHERE nasname =
'%{Nas-IP-Address}' ) ORDER BY
ID) UNION
ALL SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'%{SQL-User-Name}' AND M.usuario_login
= BINARY '%{SQL-User-Name}' AND
M.grupocliente = 'ALL-POPS'
(2) sql: --> SELECT DISTINCT (R.id), R.username, R.attribute,
R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND N.nasname =
'172.17.200.30' AND N.gw_id = (SELECT
gateway_id FROM mpc_lw.maclist WHERE usuario_login = BINARY
'testepppoe' AND plano_id NOT IN (6,8,9,793) AND gateway_id = ( SELECT
gw_id FROM mpc_freeradius.nas WHERE nasname = '172.17.200.30'
) ORDER BY
ID) UNION
ALL SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND M.grupocliente
= 'ALL-POPS'
(2) sql: Executing select query: SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND N.nasname =
'172.17.200.30' AND N.gw_id = (SELECT
gateway_id FROM mpc_lw.maclist WHERE usuario_login = BINARY
'testepppoe' AND plano_id NOT IN (6,8,9,793) AND gateway_id = ( SELECT
gw_id FROM mpc_freeradius.nas WHERE nasname = '172.17.200.30'
) ORDER BY
ID) UNION
ALL SELECT DISTINCT (R.id), R.username,
R.attribute, R.value, R.op FROM
mpc_freeradius.radcheck R, mpc_freeradius.nas N, mpc_lw.maclist
M WHERE R.username = BINARY
'testepppoe' AND M.usuario_login =
BINARY 'testepppoe' AND M.grupocliente
= 'ALL-POPS'
(2) sql: User found in radreply table, merging reply items
(2) sql: Simultaneous-Use := 1
(2) sql: Pool-Name := "main_pool"
(2) sql: Cleartext-Password := "testeppp"
rlm_sql (sql): Reserved connection (5)
rlm_sql (sql): Released connection (5)
Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (7), 1 of 25 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'mpc_freeradius' on
mysql.mpc.com.br via TCP/IP, server version 5.7.26-0ubuntu0.16.04.1-log,
protocol version 10
(2) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(2) sql: --> SELECT groupname FROM radusergroup WHERE username =
'testepppoe' ORDER BY priority
(2) sql: Executing select query: SELECT groupname FROM radusergroup
WHERE username = 'testepppoe' ORDER BY priority
(2) sql: User found in the group table
(2) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(2) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '749' ORDER BY id
(2) sql: Executing select query: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname = '749' ORDER BY id
(2) sql: Group "749": Conditional check items matched
(2) sql: Group "749": Merging assignment check items
(2) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(2) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '749' ORDER BY id
(2) sql: Executing select query: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname = '749' ORDER BY id
(2) sql: Group "749": Merging reply items
(2) sql: Framed-Compression := Van-Jacobson-TCP-IP
(2) sql: Framed-Protocol := PPP
(2) sql: Framed-Routing := Broadcast-Listen
(2) sql: Framed-MTU := 1500
(2) sql: Service-Type := Framed-User
(2) sql: Mikrotik-Rate-Limit := "100M/100M 100M/100M 100M/100M 10/10"
rlm_sql (sql): Released connection (0)
(2) [sql] = ok
(2) [expiration] = noop
(2) [logintime] = noop
(2) pap: WARNING: Auth-Type already set. Not setting to PAP
(2) [pap] = noop
(2) } # authorize = ok
(2) Found Auth-Type = mschap
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) Auth-Type mschap {
(2) mschap: Found Cleartext-Password, hashing to create NT-Password
(2) mschap: Found Cleartext-Password, hashing to create LM-Password
(2) mschap: Client is using MS-CHAPv1 with NT-Password
(2) mschap: adding MS-CHAPv1 MPPE keys
(2) [mschap] = ok
(2) if (reject) {
(2) if (reject) -> FALSE
(2) } # Auth-Type mschap = ok
(2) # Executing section session from file
/etc/freeradius/sites-enabled/default
(2) session {
(2) sql: EXPAND %{User-Name}
(2) sql: --> testepppoe
(2) sql: SQL-User-Name set to 'testepppoe'
rlm_sql (sql): Reserved connection (1)
(2) sql: EXPAND SELECT COUNT(*) FROM
radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS
NULL AND framedipaddress NOT REGEXP '^10\.'
(2) sql: --> SELECT COUNT(*) FROM
radacct WHERE username =
'testepppoe' AND acctstoptime IS
NULL AND framedipaddress NOT REGEXP '^10\.'
(2) sql: Executing select query: SELECT
COUNT(*) FROM
radacct WHERE username =
'testepppoe' AND acctstoptime IS
NULL AND framedipaddress NOT REGEXP '^10\.'
rlm_sql (sql): Released connection (1)
(2) [sql] = ok
(2) } # session = ok
(2) # Executing section post-auth from file
/etc/freeradius/sites-enabled/default
(2) post-auth {
(2) if (session-state:User-Name && reply:User-Name &&
request:User-Name && (reply:User-Name == request:User-Name)) {
(2) if (session-state:User-Name && reply:User-Name &&
request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE
(2) update {
(2) No attributes updated for RHS &session-state:
(2) } # update = noop
(2) sql: EXPAND .query
(2) sql: --> .query
(2) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (6)
(2) sql: EXPAND %{User-Name}
(2) sql: --> testepppoe
(2) sql: SQL-User-Name set to 'testepppoe'
(2) sql: EXPAND INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(2) sql: --> INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'testepppoe', '', 'Access-Accept', '2019-06-27 11:50:59')
(2) sql: Executing query: INSERT INTO radpostauth (username, pass,
reply, authdate) VALUES ( 'testepppoe', '', 'Access-Accept', '2019-06-27
11:50:59')
(2) sql: SQL query returned: success
(2) sql: 1 record(s) updated
rlm_sql (sql): Released connection (6)
(2) [sql] = ok
rlm_sql (sql): Reserved connection (2)
(2) sqlippool: EXPAND %{User-Name}
(2) sqlippool: --> testepppoe
(2) sqlippool: SQL-User-Name set to 'testepppoe'
(2) sqlippool: EXPAND START TRANSACTION
(2) sqlippool: --> START TRANSACTION
(2) sqlippool: Executing query: START TRANSACTION
(2) sqlippool: EXPAND UPDATE radippool SET nasipaddress = '', pool_key =
0, callingstationid = '', username = '', expiry_time = NULL WHERE
expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress =
'%{%{Nas-IP-Address}:-%{Nas-IPv6-Address}}'
(2) sqlippool: --> UPDATE radippool SET nasipaddress = '', pool_key =
0, callingstationid = '', username = '', expiry_time = NULL WHERE
expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress = '172.17.200.30'
(2) sqlippool: Executing query: UPDATE radippool SET nasipaddress = '',
pool_key = 0, callingstationid = '', username = '', expiry_time = NULL
WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress =
'172.17.200.30'
rlm_sql_mysql: Rows matched: 0 Changed: 0 Warnings: 0
(2) sqlippool: EXPAND COMMIT
(2) sqlippool: --> COMMIT
(2) sqlippool: Executing query: COMMIT
(2) sqlippool: EXPAND START TRANSACTION
(2) sqlippool: --> START TRANSACTION
(2) sqlippool: Executing query: START TRANSACTION
(2) sqlippool: EXPAND SELECT framedipaddress FROM radippool WHERE
pool_name = '%{control:Pool-Name}' AND (expiry_time < NOW() OR
expiry_time IS NULL) ORDER BY (username <> '%{User-Name}'),
(callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR
UPDATE
(2) sqlippool: --> SELECT framedipaddress FROM radippool WHERE
pool_name = 'main_pool' AND (expiry_time < NOW() OR expiry_time IS NULL)
ORDER BY (username <> 'testepppoe'), (callingstationid <>
'0C:80:63:DC:00:8F'), expiry_time LIMIT 1 FOR UPDATE
(2) sqlippool: Executing select query: SELECT framedipaddress FROM
radippool WHERE pool_name = 'main_pool' AND (expiry_time < NOW() OR
expiry_time IS NULL) ORDER BY (username <> 'testepppoe'),
(callingstationid <> '0C:80:63:DC:00:8F'), expiry_time LIMIT 1 FOR UPDATE
(2) sqlippool: Allocated IP 187.120.205.17
(2) sqlippool: EXPAND UPDATE radippool SET nasipaddress =
'%{NAS-IP-Address}', pool_key = '%{Calling-Station-Id}',
callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}',
expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress =
'187.120.205.17' AND expiry_time IS NULL
(2) sqlippool: --> UPDATE radippool SET nasipaddress =
'172.17.200.30', pool_key = '0C:80:63:DC:00:8F', callingstationid =
'0C:80:63:DC:00:8F', username = 'testepppoe', expiry_time = NOW() +
INTERVAL 3600 SECOND WHERE framedipaddress = '187.120.205.17' AND
expiry_time IS NULL
(2) sqlippool: Executing query: UPDATE radippool SET nasipaddress =
'172.17.200.30', pool_key = '0C:80:63:DC:00:8F', callingstationid =
'0C:80:63:DC:00:8F', username = 'testepppoe', expiry_time = NOW() +
INTERVAL 3600 SECOND WHERE framedipaddress = '187.120.205.17' AND
expiry_time IS NULL
rlm_sql_mysql: Rows matched: 1 Changed: 1 Warnings: 0
(2) sqlippool: EXPAND COMMIT
(2) sqlippool: --> COMMIT
(2) sqlippool: Executing query: COMMIT
rlm_sql (sql): Released connection (2)
(2) sqlippool: EXPAND Allocated IP: %{reply:Framed-IP-Address} from
%{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id}
port %{NAS-Port} user %{User-Name})
(2) sqlippool: --> Allocated IP: 187.120.205.17 from main_pool (did
CE - TESTE PPPoE - 2 cli 0C:80:63:DC:00:8F port 15728817 user testepppoe)
(2) [sqlippool] = ok
(2) log_post_auth: EXPAND %{reply:Packet-Type}
(2) log_post_auth: --> Access-Accept
(2) log_post_auth: EXPAND %t : Info: Allocated IP:
%{reply:Framed-IP-Address} from %{control:Pool-Name} (did
%{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user
%{User-Name})
(2) log_post_auth: --> Thu Jun 27 11:50:59 2019 : Info: Allocated IP:
187.120.205.17 from main_pool (did CE - TESTE PPPoE - 2 cli
0C:80:63:DC:00:8F port 15728817 user testepppoe)
(2) log_post_auth: EXPAND /var/log/freeradius/radius.log
(2) log_post_auth: --> /var/log/freeradius/radius.log
(2) [log_post_auth] = ok
(2) [exec] = noop
(2) } # post-auth = ok
(2) Login OK: [testepppoe] (from client ce-teste-rb port 15728817 cli
0C:80:63:DC:00:8F)
(2) Sent Access-Accept Id 2 from 187.120.197.133:1812 to
172.17.200.30:50147 length 0
(2) Framed-Compression = Van-Jacobson-TCP-IP
(2) Framed-Protocol = PPP
(2) Framed-Routing = Broadcast-Listen
(2) Framed-MTU = 1500
(2) Service-Type = Framed-User
(2) Mikrotik-Rate-Limit = "100M/100M 100M/100M 100M/100M 10/10"
(2) MS-CHAP-MPPE-Keys = 0x7718a5b4774be248d4e33da13ae39ae0762f4dd986aa50b2
(2) MS-MPPE-Encryption-Policy = Encryption-Allowed
(2) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(2) Framed-IP-Address = 187.120.205.17
(2) Finished request
More information about the Freeradius-Users
mailing list