Freeradius not sending traffic-shaping attributes randomly (Works when in debug mode)
Alan DeKok
aland at deployingradius.com
Thu Dec 16 15:35:27 CET 2021
On Dec 16, 2021, at 6:39 AM, Antônio Modesto <modesto at hubsoft.com.br> wrote:
> The attributes are coming from the database, from the radgroupreply table.
It shouldn't take 4 rounds of messages for you to say this.
The more information you give, the easier it is for us to help you. If you don't give any useful information, we're left guessing.
> My configuration is basically the default one with minor adjustments. I use attr_filter to not send attributes from one vendor to another, but I already checked that and it is not the source of the problem. I think it may be caused by the bug reported by our friend in a previous message.
Except that when the SQL module can't get the group membership information, the module returns "fail". Which results in an Access-Reject.
The ONLY way for it to return Access-Accept is if you edited the configuration, so that the server ignored the sql module "fail".
So again, you should understand what you did to your local configuration. The server works exactly as you *want*, in that failed group lookups result in reject. However, the server also works exactly how you *configured* it, which is to over-ride the default, and instead return "accept" when group lookups fail.
The lesson here is (a) describe what you're doing in detail, and (b) understand what you've configured the server to do.
Alan DeKok.
More information about the Freeradius-Users
mailing list