upgraded freeradius from 1.x to 2.x version and some parts of radgroupcheck are now refusing to work as they did in first version.
1. i have user '[email protected]' in usergroup it has 'LTK' group. 2. in radgroupcheck group 'LTK' has been given the attribute 'Calling-Station-Id' so the look is LTK|Calling-Station-Id|=~|14703371 The meaning of this(how i understend it) is that if calling-station-id in radgroupcheck differs from incoming calling-station-id it would give reject. But it doesnt. How can i limit one pool of Calling-Station-Ids from using different logins ? ------------------ Debug of how entered wrong calling-station-id(LTK|Calling-Station-Id|=~|14703371) to radgroupcheck, and it still returned ok --- rad_recv: Access-Request packet from host 192.168.145.1 port 1812, id=74, length=180 3GPP2-Correlation-Id = "36267509" 3GPP2-Service-Option = 59 User-Name = "[email protected]" CHAP-Challenge = 0x66853bea6d3cb9565a0fcdfcf212ac37 CHAP-Password = 0x01c9f14ad379679686d83e343590d84910 NAS-Port-Type = Virtual Calling-Station-Id = "247033715800852" Service-Type = Framed-User Framed-Protocol = PPP NAS-IP-Address = 192.168.145.1 Framed-IP-Address = 0.0.0.0 Framed-IP-Netmask = 0.0.0.0 Event-Timestamp = "Jan 19 2009 10:12:58 EET" 3GPP2-Prepaid-acct-Capability = 0x010600000003 +- entering group authorize {...} [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop [suffix] Looking up realm "evdo.lattelecom" for User-Name = "[email protected]" [suffix] No such realm "evdo.lattelecom" ++[suffix] returns noop [sql] expand: %{User-Name} -> [email protected] [sql] sql_set_user escaped user --> '[email protected]' rlm_sql (sql): Reserving sql socket id: 18 [sql] expand: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[email protected]' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' union SELECT id, UserName, Attribute, Value, op FROM station_id WHERE Username = '%{Calling-Station-Id}' ORDER BY id -> SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[email protected]' union SELECT id, UserName, Attribute, Value, op FROM station_id WHERE Username = '247033715800852' ORDER BY id [sql] expand: SELECT GroupName FROM usergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY id -> SELECT GroupName FROM usergroup WHERE UserName = '[email protected]' ORDER BY id [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'LTK' ORDER BY id [sql] expand: %{Calling-Station-Id} -> 247033715800852 [sql] User found in group LTK [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'LTK' ORDER BY id rlm_sql (sql): Released sql socket id: 18 ++[sql] returns ok [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = CHAP ---------------------- queries are: -------------- nas_query = "SELECT id,nasname,shortname,type,secret FROM nas" authorize_check_query = "SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' union SELECT id, UserName, Attribute, Value, op FROM station_id WHERE Username = '%{Calling-Station-Id}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" accounting_onoff_query = "" accounting_update_query = "" accounting_update_query_alt = "" accounting_start_query = "" accounting_start_query_alt = "" accounting_stop_query = "" accounting_stop_query_alt = "" group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName = '%{SQL-User-Name}' ORDER BY id" -- View this message in context: http://www.nabble.com/radgroupcheck-v1.x-and-v2.x-difference---tp21538835p21538835.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
