Calling-Station-Id Issue
Ammad Ali
ammad.ali at rapidcompute.com
Fri Mar 11 09:11:54 UTC 2022
Hi,
Some more testing's I have done.
If the value of Calling-Station-Id with operator =~ is empty then
authentication fails. But it was working in FR 3.0.4 might be something has
changed in FR 3.0.25.
If I explicitly add value of Calling-Station-Id, then client authenticated
successfully.
So, is there a way to make Calling-Station-Id attribute with empty value and
=~ operator work initially by some policy or configuration in authorize or
authenticate section ?
Ammad
-----Original Message-----
From: Freeradius-Users
<freeradius-users-bounces+ammad.ali=rapidcompute.com at lists.freeradius.org>
On Behalf Of Ammad Ali
Sent: Friday, March 11, 2022 11:46 AM
To: 'FreeRadius users mailing list' <freeradius-users at lists.freeradius.org>
Subject: RE: Calling-Station-Id Issue
Hi Alan,
I have put two attributes in SQL radcheck table.
+---------+----------+--------------------+---------+----+
| id | username | attribute | value | op |
+---------+----------+--------------------+---------+----+
| 2882016 | noctest | Cleartext-Password | noctest | := |
| 2882017 | noctest | Calling-Station-Id | | =~ |
+---------+----------+--------------------+---------+----+
The Calling-Station-Id attribute mentioned in documentation.
https://freeradius.org/rfc/rfc2865.html#Calling-Station-Id
I am using operator =~ to match the Calling-Station-Id of client. What our
scenario is that the value of Calling-Station-Id is empty initially. When
client authenticate first time, our SQL trigger puts its MAC address
Calling-Station-Id value to restrict its MAC address.
The debug logs says SQL expression empty.
Thu Mar 10 13:47:43 2022 : ERROR: (0) sql:
Thu Mar 10 13:47:43 2022 : ERROR: (0) sql: ^ Empty expression Thu Mar 10
13:47:43 2022 : WARNING: (0) sql: check items do not match.
Ammad
-----Original Message-----
From: Freeradius-Users
<freeradius-users-bounces+ammad.ali=rapidcompute.com at lists.freeradius.org>
On Behalf Of Alan DeKok
Sent: Thursday, March 10, 2022 10:03 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Calling-Station-Id Issue
On Mar 10, 2022, at 11:28 AM, Ammad Ali <ammad.ali at rapidcompute.com> wrote:
> We are currently using FR 3.0.4 on CentOS7 with SQL backend. Now we
> are planning to migrate it to 3.0.25 installed from
> https://networkradius.com/packages/#:~:text=number%20of%20platforms-,U
> BUNTU,
> -Add%20the%20APT
Hmm... mangled URLs. OK...
> Currently the authentication is getting failed with below logs.
> ...
> Thu Mar 10 13:47:43 2022 : Debug: (0) sql: User found in radcheck
> table
>
> Thu Mar 10 13:47:43 2022 : ERROR: (0) sql:
>
> Thu Mar 10 13:47:43 2022 : ERROR: (0) sql: ^ Empty expression
So... you have garbage in your SQL database. Why?
Put attributes and values into SQL. Follow the documentation for how to
do this.
> Full logs are here.
>
> https://pastebin.com/7xvgukiq
Case the logs in the message, as suggested by the documentation. The
harder you make it for people to help you, the less likely people are to
help you.
> With my current production setup I am using Calling-Station-Id to
> restrict MAC for authentication and I want to use the same with
> 3.0.25. How to achieve this ?
Read the docs.
The issue here is that you're not saying what you want to do. You're not
saying what you put into SQL. But you want us to help you.
We need more information. Until you post that information, there's very
little advice we can give you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list