Evaluation of Service-Type.
Jorge Pereira
jpereira at freeradius.org
Fri May 3 19:41:48 CEST 2019
Nicolas,
Have you opened the RFC https://tools.ietf.org/html/rfc2865#page-31? so,
the Framed-User is a constant, not a string.
Integer = https://en.wikipedia.org/wiki/Integer_(computer_science)
Constant = https://en.wikipedia.org/wiki/Constant_(computer_programming)
String = https://en.wikipedia.org/wiki/String_(computer_science)
On Fri, May 3, 2019 at 2:34 PM Nicolas Breuer <Nicolas.Breuer at belcenter.biz>
wrote:
> Hi Jorge,
>
> Are you sure because I can see the standard is Service-Type=Framed-User ,
> no ?
> That works perfectly on v2.2 but OK
>
>
> -----Message d'origine-----
> De : Freeradius-Users <freeradius-users-bounces+nicolas.breuer=
> belcenter.biz at lists.freeradius.org> De la part de Jorge Pereira
> Envoyé : vendredi 3 mai 2019 19:26
> À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Objet : Re: Evaluation of Service-Type.
>
> Nicolas,
>
> As described in rfc2865, the field Service-Type should be integer not
> string as you are trying to do.
>
> On Fri, May 3, 2019 at 2:21 PM Nicolas Breuer <
> Nicolas.Breuer at belcenter.biz>
> wrote:
>
> > Ok sorry it's a basic auth packet. Also the if section check the reply
> and
> > not what he received.
> >
> > Plz find all the output
> >
> > (0) Received Access-Request Id 21
> > (0) User-Name = "user1"
> > (0) User-Password = "pwd"
> > (0) # Executing section authorize from file
> /root/test/etc/raddb/CORE.conf
> > (0) authorize {
> > (0) [preprocess] = ok
> > (0) [chap] = noop
> > (0) [mschap] = noop
> > (0) suffix: Checking for suffix after "@"
> > (0) suffix: No '@' in User-Name = "user1", looking up realm NULL
> > (0) suffix: No such realm "NULL"
> > (0) [suffix] = noop
> > (0) files: users: Matched entry user1 at line 224
> > (0) [files] = ok
> > (0) [expiration] = noop
> > (0) [logintime] = noop
> > (0) [pap] = updated
> > (0) } # authorize = updated
> > (0) Found Auth-Type = PAP
> > (0) # Executing group from file /root/test/etc/raddb/CORE.conf
> > (0) Auth-Type PAP {
> > (0) pap: Login attempt with password
> > (0) pap: Comparing with "known good" Cleartext-Password
> > (0) pap: User authenticated successfully
> > (0) [pap] = ok
> > (0) } # Auth-Type PAP = ok
> > (0) # Executing section post-auth from file
> /root/test/etc/raddb/CORE.conf
> > (0) post-auth {
> >
> > (0) if (&reply:Service-Type == test) {
> >
> > (0) ERROR: Failed retrieving values required to evaluate condition
> >
> > ------------------
> > The users file :
> >
> > user1 Cleartext-Password:= "pwd"
> > Service-Type == "test"
> >
> >
> > Thanks for your help !
> >
> >
> >
> > -----Message d'origine-----
> > De : Freeradius-Users <freeradius-users-bounces+nicolas.breuer=
> > belcenter.biz at lists.freeradius.org> De la part de Alan DeKok
> > Envoyé : vendredi 3 mai 2019 18:29
> > À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org
> >
> > Objet : Re: Evaluation of Service-Type.
> >
> >
> >
> > > On May 3, 2019, at 12:20 PM, Nicolas Breuer <
> > Nicolas.Breuer at belcenter.biz> wrote:
> > >
> > > Sorry i don't see :
> > >
> > > (0) post-auth {
> >
> > So when I tell you to look at the PACKET, you look at the post-auth
> > section? Why?
> >
> > You should be aware that FreeRADIUS receives PACKETS. It also PRINTS
> > those packets when running in debug mode. This printing even includes
> the
> > LIST OF ATTRIBUTES THAT CAME IN THE PACKET.
> >
> > Now, if you READ THE DEBUG OUTPUT, you will see the LIST OF
> ATTRIBUTES.
> >
> > There's even DOCUMENTATION DESCRIBING THIS.
> >
> > http://wiki.freeradius.org/radiusd-X
> >
> > At this point, I have to ask what's going on. It's like you're working
> > hard to be obstructive.
> >
> > Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list