Hi Alan,
On Tue, 2003-08-12 at 15:44, Alan DeKok wrote:
> Chris van Meerendonk <[EMAIL PROTECTED]> wrote:
> > As far as I can see now the problem is that in the acct_users I've got
> > the following:
> >
> > DEFAULT Huntgroup-Name == "huntgroup", Replicate-To-Realm := "realmname"
>
> Replicate-To-Realm doesn't work. Don't use it.
>
> Use Proxy-To-Realm.
Ok. I followed the example in raddb/acct_users. The problem is equal. I
found out that I only need attr-filter during preproxy authorize, not
for accounting. Is it possible to simply detect in rlm_attr_filter if it
was called from the authorize section?
The huntgroups are treated different between users and acct_users, looks
like during the accounting-stage the only thing checked in huntgroups is
Called-Station-Id. To make this clear follows here the (hopefully)
relevant part of my config and logging.
In huntgroups I've the following entries:
cust1 Called-Station-Id =~ "1230{2,3}12$", User-Name == chris
cust1 Called-Station-Id =~ "1230{2,3}12$", User-Name == peter
cust1 Realm == "customer1", Called-Station-Id =~ "1230{2,3}12$"
cust2 Called-Station-Id =~ "1230{2,3}12$"
In users:
DEFAULT Huntgroup-Name == cust1, Proxy-To-Realm =+ "customer1"
DEFAULT Huntgroup-Name == cust2, Proxy-To-Realm =+ "customer2"
In acct_users:
DEFAULT Huntgroup-Name == cust1, Proxy-To-Realm := "customer1"
DEFAULT Huntgroup-Name == cust2, Proxy-To-Realm := "customer2"
The strange thing is that if I dialin with user 'chris' I should be
treated as a Huntgroup cust1 user. Authentication says:
rad_recv: Access-Request packet from host 127.0.0.1:32795, id=84,
length=93
User-Name = "chris"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "0512300012"
Calling-Station-Id = "0523456789"
NAS-Port-Type = Sync
User-Password = "secret"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "attr_filter" returns noop
rlm_realm: No '@' in User-Name = "chris", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop
huntgroups: Matched cust1 at 35
huntgroups: Matched cust1 at 35
users: Matched DEFAULT at 139
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
modcall: entering group pre-proxy
attr_filter: Matched entry customer1 at line 29
modcall[pre-proxy]: module "pre_proxy_filter" returns updated
modcall: group pre-proxy returns updated
Accounting logging:
rad_recv: Accounting-Request packet from host 127.0.0.1:32795, id=5,
length=97
User-Name = "chris"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Sync
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "0512300012"
Calling-Station-Id = "0523456789"
Acct-Delay-Time = 0
modcall: entering group preacct
modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "chris", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop
huntgroups: Matched cust2 at 53
acct_users: Matched DEFAULT at 8
modcall[preacct]: module "files" returns ok
modcall: group preacct returns ok
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 127.0.0.1,NAS-IP-Address
= 203.63.154.1,Acct-Session-Id = "00001234",User-Name = "chris"'
rlm_acct_unique: Acct-Unique-Session-ID = "803936e096c5babd".
modcall[accounting]: module "acct_unique" returns ok
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/detail-20030813'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/127.0.0.1/detail-20030813
rlm_detail: Freeradius-Proxied-To set to 127.0.0.1
modcall[accounting]: module "detail" returns ok
modcall: group accounting returns ok
modcall: entering group pre-proxy
attr_filter: Matched entry customer2 at line 38
modcall[pre-proxy]: module "pre_proxy_filter" returns updated
modcall: group pre-proxy returns updated
I've really no idea why the huntgroups matching between these two are
different, any ideas?
Thanks,
Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
