There is a typo in usergroup table. Group is set as teste-pap, while other tables have group test-pap.
Ivan Kalik Kalik Informatika ISP Dana 15/1/2008, "Arlinelson Fernandes dos Santos" <[EMAIL PROTECTED]> piše: >Don't take your ball, not good. ;) Here's informations:## >radcheck+----+-----------+--------------------+----+---------+| >id | UserName | Attribute > | op | Value > |+----+-----------+--------------------+----+---------+| 3 | >test-pap | Cleartext-Password | := | pw123 >|+----+-----------+--------------------+----+---------+## >radreply+----+-----------+---------------------+----+-------+| id > | UserName | Attribute > | op | Value |+----+-----------+---------------------+----+-------+| 6 | >test-pap | Upstream-Speed | = | 800 >|| 7 | test-pap | Downstream-Speed | >= | 800 |+----+-----------+---------------------+----+-------+## >radgroupcheck+----+----------------+--------------------+----+-------+| id | >GroupName | Attribute > | op | Value > |+----+----------------+--------------------+----+-------+| >5 | f_pppoe_250k | Auth-Type > | = | PAP || 6 | f_pppoe_250k | >Simultaneous-Use | = | 1 >|+----+----------------+--------------------+----+-------+ ## >radgroupreply >+----+--------------+-----------------------+----+----------------------+| >id | GroupName | Attribute > | op | >Value > > |+----+--------------+-----------------------+----+----------------------+| >13 | f_pppoe_250k | Framed-Protocol | = | >PPP > || 14 | f_pppoe_250k | >Framed-MTU | = | >1492 > || 15 | f_pppoe_250k | >Framed-Compression | = | Van-Jacobsen-TCP-IP || 16 | f_pppoe_250k | >Service-Type | = | >Framed-User >|+---+----------------+----------------------+----+----------------------+ >## radusergroup (same usergroup table in 1.3 version freeradius, I have both >tables) +-----------+----------------+----------+ | UserName | >GroupName | priority | >+-----------+----------------+----------+ | teste-pap | f_pppoe_250k >| 1 | >+-----------+----------------+----------+ ## radiusd -X > rad_recv: Access-Request packet from host 7.7.7.1 port 32790, id=163, >length=73 Service-Type = >Framed-User Framed-Protocol = >PPP User-Name = >"test-pap" User-Password >= "pw123" NAS-IP-Address >= NAS-Port = 0 >Processing the authorize section of radiusd.conf +- entering group >authorize ++[preprocess] returns ok ++[chap] returns noop >++[mschap] returns noop rlm_eap: No EAP-Message, not doing EAP >++[eap] returns noop radius_xlat: 'test-pap' rlm_sql (sql): >sql_set_user escaped user --> 'test-pap' rlm_sql (sql): Reserving sql >socket id: 3 radius_xlat: 'SELECT id, UserName, Attribute, Value, >op FROM >radcheck WHERE Username >= 'test-pap' ORDER BY >id' ######## loading radcheck table ########## rlm_sql >(sql): User found in radcheck table radius_xlat: 'SELECT id, UserName, >Attribute, Value, op >FROM radreply WHERE >Username = 'test-pap' >ORDER BY id' ####### loading radreply table ########## rlm_sql >(sql): Released sql socket id: >3 >#### if found "Fall-Through = Yes" attribute, radgroupcheck is loaded, >but not radgroupreply ######### ++[sql] returns ok ++[expiration] >returns noop ++[logintime] returns noop ++[pap] returns updated >+- group authorize returns updated rad_check_password: Found >Auth-Type auth: type "PAP" Processing the authenticate >section of radiusd.conf +- entering group PAP rlm_pap: login attempt >with password ngc0bqi rlm_pap: Using clear text password. rlm_pap: User >authenticated successfully ++[pap] returns ok +- group PAP returns >ok Processing the post-auth section of radiusd.conf +- entering >group post-auth rlm_sql (sql): Processing sql_postauth rlm_sql (sql): >sql_set_user escaped user --> 'test-pap' radius_xlat: 'INSERT into >radpostauth (id, user, pass, reply, date) values ('', 'test-pap', 'ngc0bqi', >'Access-Accept', '2008-01-15 20:33:58')' rlm_sql (sql) in sql_postauth: query >is INSERT into radpostauth (id, user, pass, reply, date) values ('', >'test-pap', >'pw123', 'Access-Accept', '2008-01-15 20:33:58') rlm_sql (sql): Reserving sql >socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns >ok +- group post-auth returns ok Sending Access-Accept of id 163 to >7.7.7.1 port 32790 ############# Here is >when radius server send "items reply" to radiusclient >################# Upstream-Speed = >800 ######## attribute in >radreply ######## Downstream-Speed >= 800 ###### attribute in radreply ######## Finished >request 0 state 5 Going to the next request rad_recv: >Accounting-Request packet from host 7.7.7.1 port 32790, id=164, length=101 > Acct-Session-Id = >"478D34D61E1F00" >User-Name = "test-pap" >Acct-Status-Type = Start >Service-Type = Framed-User >Framed-Protocol = PPP >Acct-Authentic = RADIUS >NAS-Port-Type = Virtual >Framed-IP-Address = 7.7.7.123 >NAS-IP-Address = 7.7.7.1 NAS-Port >= 0 Acct-Delay-Time = 0 > Processing the preacct section of radiusd.conf +- entering group >preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = >0,Framed-IP-Address = 7.7.7.123,NAS-IP-Address = 7.7.7.1,Acct-Session-Id = >"478D34D61E1F00",User-Name = "test-pap"' rlm_acct_unique: >Acct-Unique-Session-ID = "a5e052f9f07c2f6f". ++[acct_unique] >returns ok +- group preacct returns ok Processing the accounting >section of radiusd.conf +- entering group accounting radius_xlat: >'/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115' rlm_detail: >/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to >/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115 radius_xlat: >'Tue Jan 15 20:33:58 2008' ++[detail] returns ok radius_xlat: >'/usr/local/var/log/radius/radutmp' radius_xlat: 'test-pap' >++[radutmp] returns ok radius_xlat: 'test-pap' rlm_sql (sql): >sql_set_user escaped user --> 'test-pap' radius_xlat: 'INSERT into >radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, >NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, >ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, >CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, >FramedProtocol, >FramedIPAddress, AcctStartDelay, AcctStopDelay) values('478D34D61E1F00', >'a5e052f9f07c2f6f', 'test-pap', '', '7.7.7.1', '0', 'Virtual', '2008-01-15 >20:33:58', '0', '0', 'RADIUS', '', '', '0', '0', '', '', '', 'Framed-User', >'PPP', >'7.7.7.123', '0', '0')' rlm_sql (sql): Reserving sql socket id: 1 >rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok >radius_xlat: 'test-pap' attr_filter: Matched entry DEFAULT at >line 12 ++[attr_filter.accounting_response] returns updated +- group >accounting returns updated Sending Accounting-Response of id 164 to 7.7.7.1 >port 32790 Finished request 1 state 6 Going to the next request >Cleaning up request 1 ID 164 with timestamp +15 Waking up in 4 seconds... >Cleaning up request 0 ID 163 with timestamp +15 Nothing to do. >Sleeping until we see a request. ################################ >In freeradius documentation say (http://wiki.freeradius.org/Rlm_sql): >Search the radcheck table for any check attributes specific to the user >If check attributes are found, and there's a match, pull the reply items >from the radreply table for this user and add them to the reply Group >processing then begins if any of the following conditions are met: The user >IS NOT found in radcheck The user IS found in radcheck, but the check >items don't match The user IS found in radcheck, the check items DO match >AND Fall-Through is set in the radreply table The user IS found in >radcheck, the check items DO match AND the read_groups >directive is set to 'yes' If groups are to be processed for >this user, the first thing that is done is the list of groups this user is a >member >of is pulled from the usergroup table ordered by the priority field. The >priority >field of the usergroup table allows us to control the order in which groups are >processed, so that we can emulate the ordering in the users file. >################### My case matches with last condition, the user is >found in radcheck, the check items DO match AND the read_groups directive is >set to >'yes'. But... I've testing the read_groups and it don't work. I made an invalid >directive and it is ignored by radiusd, it's not appers in debug log. >read_groups >don't too. I have testing the Fall-Through in radreply and it work, but >don't load the radgroupreply table. I need this table, because its attributes >are >replied to radiusclient, and my scripts in NAS side can work it. Note: In >freeradius 1.3 don't have read_groups directive, but all tables are loaded. >-------------------------------------------------------------------------------- > OK, can we see database entries for a user (and group he belongs to) and >the debug of the access request? Or should I get my crystal ball back from >the polisher? Ivan Kalik Kalik Informatika ISP Dana 15/1/2008, "Arlinelson >Fernandes dos Santos" pi¹e: > >Yes! I did. And I put attributes into all tables ckeck and reply. >-------------------------------------------------------------------------------- >Did you put something in usergroup table to link users and groups? > > > >------------------------------------------------------------------------------------------------------ >Acelerador POP >Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É >grátis, pegue já o seu. >http://www.pop.com.br/acelerador > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html