users file woes

Sun, 28 Sep 2003 19:54:59 -0700

i've been happily running freeradius 0.7.1 for quiet some time and have had several issues crop up that are preventing me from upgrading. i have a relatively unremarkable configuration that relies on plain-vanilla users file for authorization and i'm quiet certain i'm not the only one using users files these days, so hopefully someone help me figure out what i'm doing wrong.

if i try upgrading a from a functioning 0.7.1 install, i get the following errors that force radiusd to bail out before completing a proper start-up [ users.special is specified as an $INCLUDE in the users file ] :

Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
/usr/local/etc/raddb/users.special[2]: Parse error (reply) for entry foo: Non-hex characters at l
/usr/local/etc/raddb/users[3]: Could not open included file /usr/local/etc/raddb
/users.special: Numerical result out of range
Errors reading /usr/local/etc/raddb/users
radiusd.conf[790]: files: Module instantiation failed.

the entry in the users file looks like the following:

foo Auth-Type:=Local, User-Password=="bar" Class="0x0"

the check item line ends with a newline and the reply item line starts with a tab. if i delete the tab, then the error disappears and radiusd will start as expected, but the reply item won't be returned.

doing a little sleuthing, i can track down the "Non-hex characters" debug message is coming from modified code in valuepairs.c; if i can compile 0.9.1 code with valuepairs.c from 0.7.1 i find that radiusd will start properly and process the entry from the users file correctly. from radtest, i get the following:

radtest foo bar localhost 0 testing123

Sending Access-Request of id 88 to 127.0.0.1:1812
       User-Name = "foo"
       User-Password = "bar"
       NAS-IP-Address = localhost.localdomain
       NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=88, length=23
       Class = 0x00

unfortunately, it doesn't appear my problems are solved. if i try a more complicated users file entry with multiple custom AV-Pairs, which works properly with 0.7.1, it seems that the server only wants to return one of the reply items.

for example, if i try the following users entry:

foo Auth-Type:=Local, User-Password=="bar" Colubris-AVPair= "logo=http://my.domain.com/colubris/img/logo.gif";, Colubris-AVPair= "login-page=http://my.domain.com/colubris/upload/login.html";,
Colubris-AVPair= "transport-page=http://my.domain.com/colubris/upload/transport.html";,
Colubris-AVPair= "session-page=http://my.domain.com/colubris/upload/session.html";,
Colubris-AVPair= "fail-page=http://my.domain.com/colubris/upload/fail.html";,
Colubris-AVPair= "login-error-url=http://my.domain.com/colubris/login-error.php";,
Colubris-AVPair= "goodbye-url=http://my.domain.com/colubris/goodbye.php

the corresponding radtest output:

radtest foo bar localhost 0 testing123
Sending Access-Request of id 127 to 127.0.0.1:1812
       User-Name = "foo"
       User-Password = "bar"
       NAS-IP-Address = localhost.localdomain
       NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=127, length=74
       Colubris-AVPair = "logo=http://my.domain.com/colubris/img/logo.gif";


at this point, i'm beginning to suspect that i'm just doing something supremely dopey and digging myself into a bigger and bigger hole. if anyone could give me a little clarity, i'd be mighty obliged.


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to