Re: R: R: R: NAS-Identifier and radgroupcheck table
Hmm... that will cause all of the users to be rejected. Delete it. Yes I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and, *DEFAULT Auth-Type := Reject That's not necessary. It should be deleted from the page. Thanks -- Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: R: NAS-Identifier and radgroupcheck table
Hello Alan, thank you for your response.
Where is this coming from?
I put a default entry at the button of users file.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51143.html
My users file:
debian:/etc/freeradius# cat users
DEFAULT Auth-Type := Reject
bobCleartext-Password := hello
Reply-Message = Hola %{User-Name}
The default configuration has *no* Auth-Type = Reject setting. You
have added this locally.
I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and, at
the button said:
*Note: If you want to reject authentication by default then edit the
raddb/users file and add this: *
*DEFAULT Auth-Type := Reject
*
*Then add Auth-Type Accept with := as op in radgroupcheck for each group. *
Sorry to ask again about that, but I can't get the correct configuration.
Thank you.
--
Ana Gallardo Gómez
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: R: NAS-Identifier and radgroupcheck table
Ana Gallardo wrote: DEFAULT Auth-Type := Reject Hmm... that will cause all of the users to be rejected. Delete it. I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and, at the button said: *Note: If you want to reject authentication by default then edit the raddb/users file and add this: * *DEFAULT Auth-Type := Reject That's not necessary. It should be deleted from the page. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: R: NAS-Identifier and radgroupcheck table
Alan DeKok wrote: Ana Gallardo wrote: DEFAULT Auth-Type := Reject Hmm... that will cause all of the users to be rejected. Delete it. I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and, at the button said: *Note: If you want to reject authentication by default then edit the raddb/users file and add this: * *DEFAULT Auth-Type := Reject That's not necessary. It should be deleted from the page. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dear Ana, Could you tell me your name of NAS device which you are using ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: R: R: NAS-Identifier and radgroupcheck table
Hello,
sorry to ask again about this isuue, but I can't get the correct
configuration.
I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
I want to filter users login from fixed NAS,but I always get an reject.
I don't understand why in the example bellow:
++[request] returns notfound
Thank you very much.
EXAMPLE
My SQL database:
mysql select * from radcheck;
+++++-+
| id | username | attribute | op | value |
+++++-+
| 1 | ana| Cleartext-Password | := | claveAna|
+++++-+
1 rows in set (0.00 sec)
mysql select * from radreply;
++--+---++--+
| id | username | attribute | op | value|
++--+---++--+
| 1 | ana | Reply-Message | += | Hola Anita |
++--+---++--+
1 rows in set (0.00 sec)
mysql select * from radusergroup;
+--+---+--+
| username | groupname | priority |
+--+---+--+
| ana | CAU1 |0 |
+--+---+--+
1 rows in set (0.00 sec)
mysql select * from radgroupcheck;
++---++++
| id | groupname | attribute | op | value |
++---++++
| 1 | CAU1 | Huntgroup-Name | == | pccau1 |
| 2 | CAU1 | Auth-Type | := | Accept |
++---++++
2 rows in set (0.00 sec)
mysql select * from radgroupreply;
++---+---++--+
| id | groupname | attribute | op | value|
++---+---++--+
| 1 | CAU1 | Reply-Message | += | Hola miembros del grupo CAU1 |
++---+---++--+
1 rows in set (0.00 sec)
mysql select * from nas;
+++---+---+---+++---+---+
| id | nasname| shortname | type | ports | secret | server |
community | description |
+++---+---+---+++---+---+
| 1 | X.X.X.X | pcCAU1| other | NULL | cau123 | NULL |
NULL | CAU1 computer |
+++---+---+---+++---+---+
1 rows in set (0.00 sec)
In my users file:
debian:/etc/freeradius# cat users
DEFAULT Auth-Type := Reject
bobCleartext-Password := hello
Reply-Message = Hola %{User-Name}
My default server:
authorize {
update request {
Huntgroup-Name = %{sql:select shortname from nas where
nasname=\%{Client-IP-Address}\}
}
preprocess
mschap
suffix
eap {
ok = return
}
files
sql
expiration
pap
}
Request with radtest + ana + pcCAU1
rad_recv: Access-Request packet from host X.X.X.X port 45281, id=133,
length=55
User-Name = ana
User-Password = claveAna
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
+- entering group authorize {...}
sql_xlat
expand: %{User-Name} - ana
sql_set_user escaped user -- 'ana'
expand: select shortname from nas where nasname=%{Client-IP-Address}
- select shortname from nas where nasname=X.X.X.X
expand: /var/log/freeradius/sqltrace.sql -
/var/log/freeradius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: select shortname from nas where nasname=X.X.X.X
sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
expand: %{sql:select shortname from nas where
nasname=%{Client-IP-Address}} - pcCAU1
++[request] returns notfound
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = ana, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 9
++[files] returns ok
[sql] expand: %{User-Name} - ana
[sql] sql_set_user escaped user -- 'ana'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = BINARY '%{SQL-User-Name}' ORDER
BY id - SELECT id, username, attribute, value, op FROM
radcheck WHERE username = BINARY 'ana' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = BINARY 'ana' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = BINARY '%{SQL-User-Name}' ORDER
BY id - SELECT id, username, attribute, value, op FROM
radreply
Re: R: R: R: NAS-Identifier and radgroupcheck table
Ana Gallardo wrote: sorry to ask again about this isuue, but I can't get the correct configuration. I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO I want to filter users login from fixed NAS,but I always get an reject. ... [expiration] Checking Expiration time: '02 Dec 2010' ++[expiration] returns ok [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = Reject Where is this coming from? The default configuration has *no* Auth-Type = Reject setting. You have added this locally. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: R: NAS-Identifier and radgroupcheck table
On 04/26/2010 08:46 AM, Ana Gallardo wrote: Hello, sorry to ask again about this isuue, but I can't get the correct configuration. I follow your howto: http://wiki.freeradius.org/SQL_Huntgroup_HOWTO I want to filter users login from fixed NAS,but I always get an reject. I don't understand why in the example bellow: ++[request] returns notfound I believe rlm_sql is being invoked to satisfy the update request using a sql select and I believe the return code of notfound isn't meaningful in this context. You probably also should read doc/rlm_sql and make sure you understand the meanings of the operators, specifically the difference between =, == and := -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: R: R: NAS-Identifier and radgroupcheck table
You're right: putting the parameter in the first lines of the file everything is OK (and now I'm sure of that). Thanks. Arrigo -Messaggio originale- Da: freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org [mailto:freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org] Per conto di t...@kalik.net Inviato: mercoledì 7 gennaio 2009 12.52 A: FreeRadius users mailing list Oggetto: Re: R: R: NAS-Identifier and radgroupcheck table I followed your suggestion, but I still have the problem. I put DEFAULT Auth-Type := Reject at the bottom of users file. It should be on the same line: DEFAULT Auth-Type := Reject And it should go to the front of the users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
