FreeRadius 3.0.12 - Select radreply but dont send them

Alan DeKok aland at deployingradius.com
Fri Sep 27 16:13:34 CEST 2019


On Sep 27, 2019, at 10:09 AM, Thibault Lansiaux <thibault.lansiaux at wiconnect.fr> wrote:
> We are having a problem with a freeradius migration, from two different servers.
> The first (old) 1.x : is OK
> On the new server (freeradius 3.0.12) FreeRadius select the user's radreply but don't send them in the "Access-Accept"
> 
> We compared "sites-enabled/default" from the old and new, and didn't find differences in "authorize {" and "preprocess {"
> 
> Bellow the Freeradius -X request :

  As you were told on GitHub:

> (0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
> (0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'MY-NAS-ID' ORDER BY id
> (0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'MY-NAS-ID' ORDER BY id
> (0) sql: User found in radreply table, merging reply items
> (0) sql: Colubris-AVPair == "access-list=loginserver,DENY,all,192.168.0.0/18,all"
> (0) sql: Colubris-AVPair == "access-list=loginserver,DENY,all,172.16.0.0/12,all"
> (0) sql: Colubris-AVPair == "access-list=loginserver,DENY,all,10.0.0.0/8,all"
> (0) sql: Colubris-AVPair == "access-list=loginserver,ACCEPT,tcp,www.mydomain.com,all"
> (0) sql: Colubris-AVPair == "use-access-list=loginserver"
> (0) sql: Colubris-AVPair == "logo=https://webportail.mydomain.com/directory/logo.gif"
> (0) sql: Colubris-AVPair == "fail-page=https://webportail.mydomain.com/directory/fail.html"
> (0) sql: Colubris-AVPair == "session-page=https://webportail.mydomain.com/directory/session.html"
> (0) sql: Colubris-AVPair == "messages=https://webportail.mydomain.com/directory/messages.txt"
> (0) sql: Colubris-AVPair == "transport-page=https://webportail.mydomain.com/directory/transport.html"
> (0) sql: Colubris-AVPair == "login-err-url=https://webportail.mydomain.com/directory/login-error.php"
> (0) sql: Colubris-AVPair == "goodbye-url=https://webportail.mydomain.com/directory/goodbye.php"
> (0) sql: Colubris-AVPair == "login-url=https://webportail.mydomain.com/directory/index.php?mac=%m"

  '==' is NOT the operator you use for the reply.  See the rlm_sql documentation.

  Alan DeKok.




More information about the Freeradius-Users mailing list