W dniu 10.08.2011 14:42, Alan DeKok pisze:
Łukasz Kostka wrote:
i have 2 virtual servers active:
default
dynamic-clients
No, you don't. The debug log clearly shows this.
ls -l /etc/freeradius/sites-enabled/
razem 0
lrwxrwxrwx 1 root freerad 26 05-17 12:08 default ->
../sites-available/default
lrwxrwxrwx 1 root freerad 34 08-10 11:00 dynamic-clients ->
../sites-available/dynamic-clients
i wan to lookup every nas via sql dynamic-clients.
my dynamic-clients configuration file
client dynamic {
ipaddr = 0.0.0.0
netmask = 0
lifetime = 3600
}
This is wrong. See raddb/sites-available/dynamic-clients.
This is documented. Use the example that ships with the server. It
works.
no. it doesn't
i have copied the file raddb/sites-available/dynamic-client.
rad_recv: Access-Request packet from host 10.194.3.239 port 44962,
id=38, length=85
Service-Type = Login-User
User-Name = "ukasz"
User-Password = "x\031\251\363\263}{\326($\010ь\372%\375"
Calling-Station-Id = "10.194.3.230"
NAS-Identifier = "admini-pokoj"
NAS-IP-Address = 10.194.3.239
server something {
No such virtual server "something"
} # server something
Using Post-Auth-Type Reject
No such virtual server "something"
2 things doesn't fit. secret and FreeRADIUS-Client-Virtual-Server =
"something"
doesn't matter if i have NULL or just empty string or default in column
server in table nas freeradius in -X mode says:
rad_recv: Access-Request packet from host 10.194.3.239 port 35419,
id=31, length=85
Service-Type = Login-User
User-Name = "ukasz"
User-Password = "dupa"
Calling-Station-Id = "10.194.3.230"
NAS-Identifier = "admini-pokoj"
NAS-IP-Address = 10.194.3.239
server {
No such virtual server ""
} # server
Using Post-Auth-Type Reject
No such virtual server ""
if i comment the line with #
FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT server FROM nas WHERE
nasname = '%{Packet-Src-IP-Address}'}"
freeradius lookups the default server but it is not whot i want.
What does that mean? If you have a NULL field in the "server" column,
it means "use the default server". But here you say using the default
server isn't what you want.
Which one is true?
it means that if i comment out
FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT server FROM nas WHERE
nasname = '%{Packet-Src-IP-Address}'}"
i will not be able to send different clients to different virtual
servers (even if i have set server collumn in sql) becouse it will
always select default one.
i have found a dirty hack how to solve this problem:
i have basicly created a file default-default file in
/etc/sites-enabled/ and it countains:
server default-default {
$INCLUDE ${confdir}/sites-available/default
}
DON'T DO THAT. It's wrong. It's broken. It's not needed.
i know. that is why i have called it dirty hack.
and when i type default-default in sql collumn server, my authentication
requests goes to default server.
maybe i am doing something worong. i could not find any info how to
refer to default virtual server in sql.
Yes, you're doing something wrong. This is documented. Lots. The
examples work. Use them.
Even after 10+ years of doing this, I'm still amazed at the amount of
effort people put into breaking the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
this is how my config file looks:
client dynamic {
ipaddr = 10.0.0.0
netmask = 8
dynamic_clients = dynamic_client_server
lifetime = 3600
}
server dynamic_client_server {
authorize {
if ("%{sql: SELECT nasname FROM nas WHERE nasname =
'%{Packet-Src-IP-Address}'}") {
update control {
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
FreeRADIUS-Client-Shortname = "%{sql: SELECT shortname
FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
FreeRADIUS-Client-Secret = "%{sql: SELECT secret FROM
nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
FreeRADIUS-Client-NAS-Type = "%{sql: SELECT type FROM
nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT
server FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
}
}
ok
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
