I'm using the FreeRadius module and testing some PPPoE authentication. I have my Mikrotik setup as a PPPoE server and it's forwarding the requests over to RADIATOR.
I receive the request but the password it says is null if I'm reading the output right? I verified in the device that it DOES have the correct password entered. Here is what's in my radcheck table for the user I'm testing with:
MariaDB [fiber]> select * from radcheck;
+----+-------------------+--------------------+----+--------------+
| id | username | attribute | op | value |
+----+-------------------+--------------------+----+--------------+
| 1 | fibertest | Cleartext-Password | := | testpassword |
Here's the radreply table:
12 | fibertest | Mikrotik-Rate-Limit | := | 25M/50M 0/0 0/0 0/0 8 |
| 13 | fibertest | Mikrotik-Address-List | := | permitted_users |
| 14 | fibertest | Session-Timeout | := | 60
Here is the error I'm getting:
Mon May 21 17:07:03 2018: DEBUG: Packet dump:
*** Received from 216.67.161.1 port 39338 ....
Code: Access-Request
Identifier: 141
Authentic: <189><140><240>|Q9GI5<30><20><127>dR;<28>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15734819
NAS-Port-Type = Ethernet
User-Name = "fibertest"
Calling-Station-Id = "78:32:1B:10:78:85"
Called-Station-Id = "GPONPPPOE"
NAS-Port-Id = "VLAN4 - GPON"
User-Password = <133>2.<187><131><16>,<242>i<159><193><216>t:<163><244>
NAS-Identifier = "Riverton - Century CO MKT01"
NAS-IP-Address = 216.67.161.1
Mon May 21 17:07:03 2018: DEBUG: Rewrote user name to fibertest
Mon May 21 17:07:03 2018: DEBUG: Handling request with Handler 'Client-Identifier=Fast-Fiber', Identifier ''
Mon May 21 17:07:03 2018: DEBUG: SDB-cluster Deleting session for fibertest, 216.67.161.1, 15734819
Mon May 21 17:07:03 2018: DEBUG: do query to 'dbi:mysql:hostname=localhost;database=radius Connection id: 0-00000': 'DELETE FROM radonline WHERE username='fibertest' AND nasidentifier='216.67.161.1'':
Mon May 21 17:07:03 2018: DEBUG: Handling with Radius::AuthFREERADIUSSQL: Fast-Fiber
Mon May 21 17:07:03 2018: DEBUG: Handling with Radius::AuthFREERADIUSSQL: Fast-Fiber
Mon May 21 17:07:03 2018: DEBUG: Query to 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username=? ORDER BY id': fibertest
Mon May 21 17:07:03 2018: DEBUG: Got user check row: 1 fibertest Cleartext-Password testpassword :=
Mon May 21 17:07:03 2018: DEBUG: Query to 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = ? ORDER BY id': fibertest
Mon May 21 17:07:03 2018: DEBUG: Got user reply row: 12 fibertest Mikrotik-Rate-Limit 25M/50M 0/0 0/0 0/0 8 :=
Mon May 21 17:07:03 2018: DEBUG: Got user reply row: 13 fibertest Mikrotik-Address-List permitted_users :=
Mon May 21 17:07:03 2018: DEBUG: Got user reply row: 14 fibertest Session-Timeout 60 :=
Mon May 21 17:07:03 2018: DEBUG: Query to 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,radusergroup WHERE radusergroup.Username = ? AND radusergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id': fibertest
Mon May 21 17:07:03 2018: DEBUG: Query to 'dbi:mysql:hostname=localhost;database=fiber Connection id: 3-00000': 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,radusergroup WHERE radusergroup.Username = ? AND radusergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id': fibertest
Mon May 21 17:07:03 2018: DEBUG: Radius::AuthFREERADIUSSQL looks for match with fibertest [fibertest]
Mon May 21 17:07:03 2018: DEBUG: Radius::AuthFREERADIUSSQL REJECT: Check item Cleartext-Password _expression_ 'testpassword' does not match '' in request: fibertest [fibertest]
Mon May 21 17:07:03 2018: DEBUG: AuthBy FREERADIUSSQL result: REJECT, Check item Cleartext-Password _expression_ 'testpassword' does not match '' in request
Mon May 21 17:07:03 2018: INFO: Access rejected for fibertest: Check item Cleartext-Password _expression_ 'testpassword' does not match '' in request
Mon May 21 17:07:03 2018: DEBUG: Packet dump:
*** Sending to 216.67.161.1 port 39338 ....
Code: Access-Reject
Identifier: 141
Authentic: <139><233><17><215>6<31><183>d$d<138><135>T<242>~<234>
Attributes:
Reply-Message = "Request Denied"
I'm sure I'm missing something but I can't see it. Is it since I have the op infront of value in the DB I need to do a custom SQL statement? I'm using the default FreeRadius module stuff:
<Handler Client-Identifier=Fast-Fiber>
<AuthBy FREERADIUSSQL>
Identifier Fast-Fiber
DBSource dbi:mysql:hostname=localhost;database=fiber
DBUsername foo
DBAuth bar
FailureBackoffTime 5
NoDefault
Timeout 10
</AuthBy>
</Handler>
This was working with a non-PPPoE setup (just using the MKT to authenticate DHCP requests when a MAC address was coming in as the username).
I'd appreciate any feedback. Like I said I'm sure it's something simple I'm missing :)
_______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
