Hi,
I've found another interesting issue in FreeRADIUS:
I have a user, with multiple Cisco-AVPair reply attributes:
SQL> SELECT
groupreply.id,groupreply.GroupName,groupreply.Attribute,groupreply.Value,gro
upreply.operator FROM groupreply,v_usergroup_freeradius WHERE
v_usergroup_freeradius.Username = '[EMAIL PROTECTED]' AND
v_usergroup_freeradius.GroupName = groupreply.GroupName ORDER BY
groupreply.id;
ID GROUPNAME
ATTRIBUTE VALUE
OPERATOR
--------------------------------------- -------------------------------- ---
------------------------------------------------------------- --------------
------------------------------------------------------------------ --------
700 FREEDIALUP
Service-Type Framed-User
=
701 FREEDIALUP
Framed-Routing None
=
702 FREEDIALUP
Framed-Protocol PPP
=
703 FREEDIALUP
Cisco-AVPair
ip:inacl#1=deny tcp any host xxx eq smtp =
704 FREEDIALUP
Cisco-AVPair
ip:inacl#2=deny tcp any host xxx eq smtp =
705 FREEDIALUP
Cisco-AVPair
ip:inacl#3=permit ip any any
=
706 FREEDIALUP
Cisco-AVPair
ip:dns-servers=xxx xxx =
707 FREEDIALUP
Cisco-AVPair
modem-on-hold*960
=
8 rows selected
FreeRADIUS executes the same query to find out user's reply items, but it's
sending only the first Cisco-AVPair to the NAS.
rad_recv: Access-Request packet from host xxx:64298, id=56, length=102
Thread 2 assigned request 1
--- Walking the entire request list ---
Threads: total/active/spare threads = 10/1/9
Waking up in 5 seconds...
Thread 2 handling request 1, (1 handled so far)
User-Name = "[EMAIL PROTECTED]"
User-Password = "xxx"
NAS-Port = 1
LE-Terminate-Detail = "test"
LE-Advice-of-Charge = "TiNC"
USR-Terminal-Type = "test"
NAS-IP-Address = x
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm freeweb.hu for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm freeweb.hu
modcall[authorize]: module "suffix" returns noop
radius_xlat: '[EMAIL PROTECTED]'
sql_set_user: escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,operator FROM
v_usercheck_freeradius WHERE Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql: Reserving sql socket id: 8
radius_xlat: 'SELECT
groupcheck.id,groupcheck.GroupName,groupcheck.Attribute,groupcheck.Value,
groupcheck.operator FROM groupcheck,v_usergroup_freeradius WHERE
v_usergroup_freeradius.Username = '[EMAIL PROTECTED]' AND
v_usergroup_freeradius.GroupName = groupcheck.GroupName ORDER BY
groupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,'' operator FROM
v_userreply_freeradius WHERE Username = '[EMAIL PROTECTED]' ORDER BY id'
radius_xlat: 'SELECT
groupreply.id,groupreply.GroupName,groupreply.Attribute,groupreply.Value,gro
upreply.operator FROM groupreply,v_usergroup_freeradius WHERE
v_usergroup_freeradius.Username = '[EMAIL PROTECTED]' AND
v_usergroup_freeradius.GroupName = groupreply.GroupName ORDER BY
groupreply.id'
radius_xlat: 'SELECT Value,Attribute FROM v_usercheck_freeradius WHERE
UserName = '[EMAIL PROTECTED]' AND ( Attribute = 'User-Password' OR
Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute
DESC'
rlm_sql: Released sql socket id: 8
modcall[authorize]: module "sql" returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [[EMAIL PROTECTED]] (from client xxx port 1)
Sending Access-Accept of id 56 to xxx:64298
Service-Type = Framed-User
Framed-Routing = None
Framed-Protocol = PPP
Cisco-AVPair = "ip:inacl#1=deny tcp any host xxx eq smtp"
Session-Timeout = 360
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 10/0/10
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 56 with timestamp 3d458183
Nothing to do. Sleeping until we see a request.
Is this a configuration problem or a bug (feature? :-)) in FreeRADIUS?
Thank You,
Felician
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
