Virtual Servers & nas_table Server Column Problem
Ali Arslan
e066377 at yahoo.com
Wed Jul 29 12:49:03 CEST 2020
Hello,
I use freeradius 3.0.20 on ubuntu server 20.04 virtual machines with mssql backend accessed by freetds.
I had 3 virtual machines just for freeradius, so i wanted to run them all on a single machine to make better use of resources and decided to make use of Virtual Server capability of freeradius.
i kept the defualt site as the server of main ISP and added 2 more virtual servers, namely WISPServer and HotspotServer (for hotels and cafes) whose listen sections are as follows:
server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
listen {
type = auth
ipv6addr = :: # any. ::1 == localhost
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 0
type = acct
limit {
}
}
...
}
server WISPServer {
listen {
type = auth
ipaddr = *
port = 2812
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 2813
type = acct
limit {
}
}
listen {
type = auth
ipv6addr = :: # any. ::1 == localhost
port = 2812
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 2813
type = acct
limit {
}
}
...
}
server HotspotServer {
listen {
type = auth
ipaddr = *
port = 3812
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 3813
type = acct
limit {
}
}
listen {
type = auth
ipv6addr = :: # any. ::1 == localhost
port = 3812
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 3813
type = acct
limit {
}
}
...
}
And sql module definitions are all similar except database names.
sql { # default server
# sql WISPSQL{ for WISPServer
# sql HotspotSQL{ for HotspotServer
dialect = "mssql"
driver = "rlm_sql_freetds"
server = "SQLServer"
port = 1433
login = "sa"
password = "<<servet>>"
radius_db = "ISP"
# radius_db = "WISP" for WISPServer
# radius_db = "Hotspot" for HotspotServer
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
groupcheck_table = "radgroupcheck"
authreply_table = "radreply"
groupreply_table = "radgroupreply"
usergroup_table = "radcheck"
delete_stale_sessions = yes
pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
}
read_clients = yes
client_table = "nas"
group_attribute = "SQL-Group"
$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
}
Here i use radcheck GroupName custom column to define groups, a user can only have a singe group and it is a calculated field.
nas_table has a Server column to define virtual server name:
nas_query = " SELECT Id, IPAddress, ShortName, 'other', Secret, ISNULL(Server, '') FROM ${nas_table}"
The attached debug file shows that the client added to WISPServer clients list:
rlm_sql (WISPSQL): Adding client 192.168.1.1 (ofis) to WISPServer clients list
rlm_sql (192.168.1.1): Client "ofis" (WISPSQL) added
But when the client ( 92.168.1.1 ) sends an accountig request i get error:
Ignoring request to acct address * port 2813 bound to server WISPServer from unknown client 192.168.1.1 port 41272 proto udp
To make it work i needed to do one two things, remove Server column from nas query or make it NULL (actually empty string, NULL does not work either), in this case it adds clients to global client list saying
rlm_sql ( WISPSQL): Adding client 192.168.1.1 (ofis) to global clients list
For security reasons i wan to define client for a Virtual Server, how can i make it work?
An example debug oupt is attached.
Thaks.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ViertualServerDebug.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200729/55dce192/attachment-0001.txt>
More information about the Freeradius-Users
mailing list