Forgive me as it's been quite some time since I've had to do any heavy duty Radiator config.
We are getting ready to start testing a new Fiber Service in our hometown. My boss did the initial config in FREERADIUS. He has a database structure he wants to use, here's how things will go. Our client CPE will send a mac address as a username with no password. I want to look in my database table (called radcheck) to see if their value is set to accept. IF so, I will authenticate them. If not I need to send an access reject.... How do I do that. Here is what my table looks like:
MariaDB [radius]> select * from radcheck;
+----+-------------------+--------------------+----+--------------+
| id | username | attribute | op | value |
+----+-------------------+--------------------+----+--------------+
| 1 | radiustest | Cleartext-Password | := | testpassword |
| 2 | 8C:C1:21:A4:39:89 | Auth-Type | := | Accept |
+----+-------------------+--------------------+----+--------------+
Here's a trace 4 debug of my auth file on my test machine. I am using radpwtst with no password provided:
Fri Apr 20 11:00:58 2018: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 54661 ....
Code: Access-Request
Identifier: 223
Authentic: <254>4.<16><226><228><165><238>yA<133>J<142><191><220>C
Attributes:
User-Name = "8C:C1:21:A4:39:89"
Service-Type = Framed-User
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "127.0.0.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <168>SH<205><171><207><137><21>y<239><20><224>u<144><246>K
Fri Apr 20 11:00:58 2018: DEBUG: Handling request with Handler 'Client-Identifier=Fast-Fiber', Identifier ''
Fri Apr 20 11:00:58 2018: DEBUG: Handling with Radius::AuthSQL: Fast-Fiber
Fri Apr 20 11:00:58 2018: DEBUG: Handling with Radius::AuthSQL: Fast-Fiber
Fri Apr 20 11:00:58 2018: DEBUG: Connecting to 'dbi:mysql:hostname=localhost;database=radius Connection id: 0-00000'
Fri Apr 20 11:00:58 2018: DEBUG: Query to 'dbi:mysql:hostname=localhost;database=radius Connection id: 0-00000': 'select username, value from radcheck where username='8C:C1:21:A4:39:89' and value = Accept':
Fri Apr 20 11:00:58 2018: ERR: Execute failed for 'select username, value from radcheck where username='8C:C1:21:A4:39:89' and value = Accept': Unknown column 'Accept' in 'where clause'
Fri Apr 20 11:00:58 2018: DEBUG: Connecting to 'dbi:mysql:hostname=localhost;database=radius Connection id: 0-00000'
Fri Apr 20 11:00:58 2018: DEBUG: Query to 'dbi:mysql:hostname=localhost;database=radius Connection id: 0-00000': 'select username, value from radcheck where username='8C:C1:21:A4:39:89' and value = Accept':
Fri Apr 20 11:00:58 2018: ERR: Execute failed for 'select username, value from radcheck where username='8C:C1:21:A4:39:89' and value = Accept': Unknown column 'Accept' in 'where clause'
Fri Apr 20 11:00:58 2018: DEBUG: Radius::AuthSQL looks for match with 8C:C1:21:A4:39:89 [8C:C1:21:A4:39:89]
Fri Apr 20 11:00:58 2018: DEBUG: Radius::AuthSQL REJECT: No such user: 8C:C1:21:A4:39:89 [8C:C1:21:A4:39:89]
Fri Apr 20 11:00:58 2018: DEBUG: AuthBy SQL result: REJECT, No such user
Fri Apr 20 11:00:58 2018: INFO: Access rejected for 8C:C1:21:A4:39:89: No such user
Fri Apr 20 11:00:58 2018: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 54661 ....
Code: Access-Reject
Identifier: 223
Authentic: <200><31>t<184><144><213><234><183>0<19><211>@<178><13><240><194>
Attributes:
Reply-Message = "Request Denied"
Here's my AuthBy Statement:
<AuthBy SQL>
Identifier Fast-Fiber
DBSource dbi:mysql:hostname=localhost;database=radius
DBUsername user
DBAuth secretpass
FailureBackoffTime 5
NoDefault
Timeout 10
#AuthSelect select value where USERNAME='%n'
AuthSelect select username, value from radcheck where username=%0 and value = Accept
</AuthBy>
If anybody could point me in the right direction I'd appreciate it!
I have another question too, currently we have a seperate table setup with reply attributes (multiples). The table name is radreply and it's structure looks something like this:
Dynamic IP:
Id username attribute op value
1 8C:C1:21:A4:39:89 Mikrotik-Rate-Limit := 25M/50M 0/0 0/0 0/0 8
2 8C:C1:21:A4:39:89 Mikrotik-Address-List := permitted_users
3 8C:C1:21:A4:39:89 Session-Timeout := 60
4 8C:C1:21:A4:39:89 Framed-Pool := users_pool
Static IP:
Id username attribute op value
1 8C:C1:21:A4:39:89 Mikrotik-Rate-Limit := 25M/50M 0/0 0/0 0/0 8
2 8C:C1:21:A4:39:89 Mikrotik-Address-List := permitted_users
3 8C:C1:21:A4:39:89 Session-Timeout := 60
4 8C:C1:21:A4:39:89 Framed-IP-Address := 192.168.2.10
What do I do to select and reply back with those bad boys?
Best,
Brandon Shiers
_______________________________________________ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator