On Thu, 2010-01-07 at 11:32 +0100, Bjørn Mork wrote: > Michel Bulgado <mic...@casa.co.cu> writes: > > > Try this way, remember the operator. > > > > |312|t...@internet.quimefa.cu|Calling-Station-Id | += | "72061490" > > |298|t...@internet.quimefa.cu|MD5-Password | := | password > > |313|t...@internet.quimefa.cu|Calling-Station-Id | += | "72061490" > > > Please read the manual. In this case, that's users(5): > > Attribute += Value > Always matches as a check item, and adds the current attribute > with value to the list of configuration items. > As a reply item, it has an identical meaning, but the attribute > is added to the reply items. > > > This means that the 3 lines > > |312|t...@internet.quimefa.cu|Calling-Station-Id | += | "72061490" > |298|t...@internet.quimefa.cu|MD5-Password | := | password > |313|t...@internet.quimefa.cu|Calling-Station-Id | += | "72061490" > > are identical to the single line > > |298|t...@internet.quimefa.cu|MD5-Password | := | password > > and the user will be accepted regardless of Calling-Station-Id. > > > > suffix] Looking up realm "internet.quimefa.cu" for User-Name = > > "t...@internet.quimefa.cu" > > [suffix] No such realm "internet.quimefa.cu" > > This is normal, and no problem. You may define a realm using LOCAL > authentication to avoid it, but it won't change anything except remove > the debug message. > > > sql] User t...@internet.quimefa.cu not found > > ++[sql] returns notfound > > The sql module returns notfound if the check items don't match. This is > expected in this case as I explained: Two different equality tests on a > single attribute will never match. > > > > But in the end because it connects the user's which is declared in the file > > "users". apparently > > you have stated that locate the user in the database and also in this > > file, you must define where you will store your users and then put the > > phone number. > This time I used:
|298|t...@internet.quimefa.cu|MD5-Password | := | password |313|t...@internet.quimefa.cu|Calling-Station-Id | =~ | 6480342|555555 and it still accepts the user from regardless of the phone number it's using. this is what comes up in the debug. rad_recv: Access-Request packet from host 192.168.25.10 port 17968, id=239, length=148 User-Name = "t...@internet.quimefa.cu" User-Password = "password" NAS-IP-Address = 192.168.25.10 NAS-Port = 98 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "60110" Calling-Station-Id = "72061490" NAS-Identifier = "BVISTA" NAS-Port-Type = Async Connect-Info = "41333/31200 V90/V42bis/LAPM" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "internet.quimefa.cu" for User-Name = "t...@internet.quimefa.cu" [suffix] No such realm "internet.quimefa.cu" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok expand: %{User-Name} -> t...@internet.quimefa.cu [sql] sql_set_user escaped user --> 't...@internet.quimefa.cu' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 't...@internet.quimefa.cu' ORDER BY id expand: %{Calling-Station-Id} -> 72061490 [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 't...@internet.quimefa.cu' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 't...@internet.quimefa.cu' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing MD5-Password from hex encoding ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "password" [pap] Using MD5 encryption. [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} expand: %{User-Name} -> t...@internet.quimefa.cu [sql] sql_set_user escaped user --> 't...@internet.quimefa.cu' as you can see the phone number that user test is using is different from the ones I have specified in the radcheck table and it comes up with the sql module returning ok and accepts the user in. I notice that the pap module also works and returns ok, but I read that this is mandatory, otherwise no user will be accepted no matter what. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html