--
Mark P. Hennessy [EMAIL PROTECTED]
I'm using freeradius 0.7 with mysql
I'm having a problem where for some unknown reason, the user dialing in to
a piece of equipment in the megapop huntgroup is being provided with an IP
address specified in the sql database rather than the one in the default
entry for megapop which has been given the operator to override the IP
address. It works fine with cistron, the only thing I can see that may
be slightly weird is the fact that the NAS-IP-Address listed in the
debug output is the individual NAS device and not the requestor of the
authentication (the proxy radius). Any ideas?
Here is a sample user from the sql database:
radcheck:
+-------+----------+-----------+--------+------+
| id | UserName | Attribute | Value | op |
+-------+----------+-----------+--------+------+
| 34867 | testauth | Auth-Type | System | := |
+-------+----------+-----------+--------+------+
radreply:
+-------+----------+-------------------+-----------------+------+
| id | UserName | Attribute | Value | op |
+-------+----------+-------------------+-----------------+------+
| 40868 | testauth | Framed-IP-Address | <snipped> | = |
| 40869 | testauth | Port-Limit | 1 | == |
+-------+----------+-------------------+-----------------+------+
Here is the users file:
DEFAULT Huntgroup-Name == "megapop"
Service-Type = Framed-User,
Framed-MTU = 1500,
Framed-IP-Address := 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Idle-Timeout = 600,
Session-Timeout = 28800
DEFAULT Framed-Protocol == PPP, Huntgroup-Name == "local"
Service-Type = Framed-User,
Framed-MTU = 1500,
Idle-Timeout = 1200,
Session-Timeout = 129600,
Framed-Routing = None,
Framed-Compression = Van-Jacobson-TCP-IP,
Framed-IP-Netmask = 255.255.255.255,
Framed-Protocol = PPP,
Login-IP-Host = <snipped>,
Login-Service = Rlogin
DEFAULT Auth-Type := Local, Framed-Protocol == PPP, Huntgroup-Name == "redback"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Idle-Timeout = 0
Here is the debug output of the session:
Cleaning up request 67 ID 147 with timestamp 3d63ceef
Waking up in 5 seconds...
rad_recv: Access-Request packet from host <megapop ip IN huntgroups, their proxy
radius>:1650, id=66, length=143
Framed-Protocol = PPP
User-Name = "[EMAIL PROTECTED]"
User-Password = "<snipped>"
Called-Station-Id = "calledtn"
Calling-Station-Id = "callingtn"
NAS-Port = 109
NAS-Port-Type = Async
Service-Type = Framed-User
NAS-IP-Address = <megapop ip NOT in huntgroups, actual NAS device IP>
Proxy-State =
0x3d63cef3d87e96ec066d5600fd38fc9e0d91abb4553a6b23eafc4c7a
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm cloud9.net for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm cloud9.net
rlm_realm: Adding Stripped-User-Name = "testauth"
rlm_realm: Proxying request from user testauth to realm cloud9.net
rlm_realm: Adding Realm = "cloud9.net"
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module "suffix" returns noop
radius_xlat: 'testauth'
sql_set_user: escaped user --> 'testauth'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'testauth' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testauth' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'testauth' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'testauth' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName =
'[EMAIL PROTECTED]' AND ( Attribute = 'User-Password' OR Attribute =
'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC'
rlm_sql: Released sql socket id: 4
rlm_sql_authorize: no rows returned from query (no such user)
modcall[authorize]: module "sql" returns ok
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 66 to <megapop radius proxy IP same as above>:1650
Framed-IP-Address = <snipped, same as the one in the sql database entry>
Port-Limit = 1
Proxy-State =
0x3d63cef3d87e96ec066d5600fd38fc9e0d91abb4553a6b23eafc4c7a
Finished request 68
Going to the next request
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
