help
valeriobaroni
valerio.baroni at gmail.com
Wed Jan 27 12:56:24 CET 2021
Hi Alan,
if i try it without using attributest like (Tunnel-Type Tunnel-Medium-Type
Tunnel-Private-Group-Id ) my dhcp server assigns me IP correctly and i can
navigate when i put newly those parameters nothing happens:
i
freeradius -X
# Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) ->
FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ /@\./) {
(9) if (&User-Name =~ /@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "valerio", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 2 length 8
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) [files] = noop
(9) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(9) sql: --> valerio
(9) sql: SQL-User-Name set to 'valerio'
rlm_sql (sql): Reserved connection (8)
(9) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id
(9) sql: --> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'valerio' ORDER BY id
(9) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'valerio' ORDER BY id
(9) sql: User found in radcheck table
(9) sql: Conditional check items matched, merging assignment check items
(9) sql: Cleartext-Password := "valerio"
(9) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id
(9) sql: --> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'valerio' ORDER BY id
(9) sql: Executing select query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'valerio' ORDER BY id
rlm_sql (sql): Reserved connection (10)
rlm_sql (sql): Released connection (10)
Need 6 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (12), 1 of 27 pending slots
used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 8.0.22-0ubuntu0.20.10.2, protocol version 10
(9) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(9) sql: --> SELECT groupname FROM radusergroup WHERE username =
'valerio' ORDER BY priority
(9) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'valerio' ORDER BY priority
(9) sql: User found in the group table
(9) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(9) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Group "VLAN102": Conditional check items matched
(9) sql: Group "VLAN102": Merging assignment check items
(9) sql: Auth-Type := Accept
(9) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(9) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Group "VLAN102": Merging reply items
(9) sql: Tunnel-Type = VLAN
(9) sql: Tunnel-Medium-Type = IEEE-802
(9) sql: Tunnel-Private-Group-Id = "103"
(9) sql: Checking profile DEFAULT
(9) sql: EXPAND DEFAULT
(9) sql: --> DEFAULT
(9) sql: SQL-User-Name set to 'DEFAULT'
rlm_sql (sql): Reserved connection (11)
rlm_sql (sql): Released connection (11)
(9) sql: EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(9) sql: --> SELECT groupname FROM radusergroup WHERE username =
'DEFAULT' ORDER BY priority
(9) sql: Executing select query: SELECT groupname FROM radusergroup WHERE
username = 'DEFAULT' ORDER BY priority
(9) sql: User found in the group table
(9) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(9) sql: --> SELECT id, groupname, attribute, Value, op FROM
radgroupcheck WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Executing select query: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Group "VLAN102": Conditional check items matched
(9) sql: Group "VLAN102": Merging assignment check items
(9) sql: Auth-Type := Accept
(9) sql: EXPAND SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(9) sql: --> SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Executing select query: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'VLAN102' ORDER BY id
(9) sql: Group "VLAN102": Merging reply items
(9) sql: Tunnel-Type = VLAN
(9) sql: Tunnel-Medium-Type = IEEE-802
(9) sql: Tunnel-Private-Group-Id = "103"
rlm_sql (sql): Released connection (8)
(9) [sql] = ok
(9) [expiration] = noop
(9) [logintime] = noop
(9) pap: WARNING: Auth-Type already set. Not setting to PAP
(9) [pap] = noop
(9) } # authorize = updated
(9) Found Auth-Type = Accept
(9) Auth-Type = Accept, accepting the user
(9) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/default
(9) post-auth {
(9) if (session-state:User-Name && reply:User-Name && request:User-Name
&& (reply:User-Name == request:User-Name)) {
(9) if (session-state:User-Name && reply:User-Name && request:User-Name
&& (reply:User-Name == request:User-Name)) -> FALSE
(9) update {
(9) No attributes updated for RHS &session-state:
(9) } # update = noop
(9) sql: EXPAND .query
(9) sql: --> .query
(9) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (7)
(9) sql: EXPAND %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
(9) sql: --> valerio
(9) sql: SQL-User-Name set to 'valerio'
(9) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S.%M')
(9) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'valerio', '', 'Access-Accept', '2021-01-27 12:53:54.144905')
(9) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'valerio', '', 'Access-Accept', '2021-01-27
12:53:54.144905')
(9) sql: SQL query returned: success
(9) sql: 1 record(s) updated
rlm_sql (sql): Released connection (7)
(9) [sql] = ok
(9) [exec] = noop
(9) policy remove_reply_message_if_eap {
(9) if (&reply:EAP-Message && &reply:Reply-Message) {
(9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(9) else {
(9) [noop] = noop
(9) } # else = noop
(9) } # policy remove_reply_message_if_eap = noop
(9) } # post-auth = ok
(9) Sent Access-Accept Id 122 from 192.168.11.5:1812 to 192.168.14.250:50788
length 0
(9) Tunnel-Type = VLAN
(9) Tunnel-Medium-Type = IEEE-802
(9) Tunnel-Private-Group-Id = "103"
(9) Finished request
Is there something that is missing?
Thanks
Il giorno ven 22 gen 2021 alle ore 15:30 Alan DeKok <
aland at deployingradius.com> ha scritto:
>
>
> > On Jan 22, 2021, at 4:46 AM, valeriobaroni <valerio.baroni at gmail.com>
> wrote:
> >
> > HELP
> > Hi all, im trying to setup freeradius witch WLC cisco, but when i trying
> to
> > connect i cannot receive any IP from the vlan 102, can you help me?
>
> RADIUS doesn't do IP assignment. So the problem could be elsewhere.
>
> * did the NAS put the user into VLAN 102?
>
> * did the user send a DHCP request on that VLAN?
>
> * did the DHCP server receive that DHCP request?
>
> * did the DHCP server assign an IP?
>
> * did the DHCP reply make it back to the users system?
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list