After some 4 years, I'm back to looking at freeradius, and while I found
the configuration daunting at first, I quickly got it trimmed down to
the bare essentials of what I need (which is authorization only).  Great
job, the configuration syntax is fairly easy to get once all the
commentary and useless crap has been cut out of the config files.

On with my problem, which an hour with Google didn't help me with.

Authentication reqeusts are being successfully proxied out to the master
servers (the VISP), but the freeradius server is ignoring the attributes
set in the users file (such as static IPs), even though it clearly says
it matched.  Here's the applicable lines from  my users file (which is
the same as I'm using in Cistron 1.6.something).  My login is on line 8,
the DEFAULT entry is line 101.

  [EMAIL PROTECTED]
        Framed-Address = "10.20.30.40",
        Framed-Netmask = "255.255.255.255",
        Fall-Through = Yes

  DEFAULT
        Reply-Message = "Welcome to Pulaski Networks"


Here's what I'm getting from radiusd -X:

  rad_recv: Access-Request packet from host 127.0.0.1:2645, id=102,
length=67
          User-Name = "[EMAIL PROTECTED]"
          User-Password = "youwish"
          Service-Type = Framed-User
          Framed-Protocol = PPP
  rad_lowerpair:  User-Name now '[EMAIL PROTECTED]'
  modcall: entering group authorize for request 0
    modcall[authorize]: module "preprocess" returns ok for request 0
  radius_xlat:  '/var/log/radius/radacct/2004/auth-detail-0214'
  rlm_detail: /var/log/radius/radacct/%Y/auth-detail-%m%d expands to
/var/log/radius/radacct/2004/auth-detail-0214
    modcall[authorize]: module "auth_log" returns ok for request 0
      rlm_realm: Looking up realm "psknet.com" for User-Name =
"[EMAIL PROTECTED]"
      rlm_realm: Found realm "psknet.com"
      rlm_realm: Proxying request from user troy to realm psknet.com
      rlm_realm: Adding Realm = "psknet.com"
      rlm_realm: Preparing to proxy authentication request to realm
"psknet.com" 
    modcall[authorize]: module "suffix" returns updated for request 0
      users: Matched [EMAIL PROTECTED] at 8
      users: Matched DEFAULT at 101
    modcall[authorize]: module "files" returns ok for request 0
  modcall: group authorize returns updated for request 0
  Sending Access-Request of id 1 to 63.171.251.nn:1812
          User-Name = "[EMAIL PROTECTED]"
          User-Password = "youwish"
          Service-Type = Framed-User
          Framed-Protocol = PPP
          NAS-IP-Address = 127.0.0.1
          Proxy-State = 0x313032
  --- Walking the entire request list ---
  Waking up in 6 seconds...
  rad_recv: Access-Accept packet from host 63.171.251.nn:1812, id=1,
length=54
          Reply-Message = "Welcome to Pulaski Networks"
          Proxy-State = 0x313032
  modcall: entering group post-proxy for request 0
    attr_filter: Matched entry DEFAULT at line 85
    modcall[post-proxy]: module "attr_filter" returns updated for
request 0
  modcall: group post-proxy returns updated for request 0
  rad_lowerpair:  User-Name now '[EMAIL PROTECTED]'
   authorize: Skipping authorize in post-proxy stage
    rad_check_password:  Found Auth-Type 
    rad_check_password: Auth-Type = Accept, accepting the user
  Login OK: [EMAIL PROTECTED] (from client localhost port 0)
  Sending Access-Accept of id 102 to 127.0.0.1:2645
  Finished request 0


Finally, here's the output of radclient:

  $ cat testlogin | radclient localhost auth testing123
  Received response ID 102, code 2, length = 20

Note that the Reply-Message received from the other server was filtered
out with the attr_filter.


Thanks for any help anyone can give on this.

--
  Troy Settle
  Pulaski Networks
  http://www.psknet.com
  866.477.5638


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to