Hi All
I still have problem in huntgroup with Freeradius 1.0.1 and little
investigate about it.
In the 1st, I add 'auth_log' setting at authorize section in 'radiusd.conf'
file for collect more information.
In the 2nd, I chheck current User information at our MySQL server by using
SQL Query which describe sql.conf.
|SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,
|radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
|usergroup.Username='test1' AND usergroup.GroupName = radgroupcheck.GroupName
|ORDER BY radgroupcheck.id;
|+----+-----------+----------------+---------+----+
|| id | GroupName | Attribute | Value | op |
|+----+-----------+----------------+---------+----+
|| 2 | dynamic | Huntgroup-Name | dynamic | == |
|+----+-----------+----------------+---------+----+
|mysql> select * from radcheck where UserName='test1';
|+----+----------+-----------+----+-------+
|| id | UserName | Attribute | op | Value |
|+----+----------+-----------+----+-------+
|| 1 | test1 | Password | == | pass1 |
|+----+----------+-----------+----+-------+
|1 row in set (0.00 sec)
# /usr/local/etc/raddb/huntgroups
--------------------------------------------
static NAS-IP-Address == 127.0.0.1
dynamic NAS-IP-Address == 127.0.0.1
In the Last, I start Freeradius with debug mode (-sxxf) and query.
(But rejected)
|svr3# /usr/local/bin/radtest test1 pass1 localhost 0 secret ppp 127.0.0.1
|Sending Access-Request of id 243 to 127.0.0.1:1645
| User-Name = "test1"
| User-Password = "pass1"
| NAS-IP-Address = 127.0.0.1
| NAS-Port = 0
| Framed-Protocol = PPP
|rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=243, length=20
"auth-detail" file says, radius treat 'test1' user as Group=static.
(Actually, 'dynamic')
|Packet-Type = Access-Request
|Thu Nov 18 11:52:22 2004
| User-Name = "test1"
| User-Password = "pass1"
| NAS-IP-Address = 127.0.0.1
| NAS-Port = 0
| Framed-Protocol = PPP
| Service-Type = Framed-User
| Client-IP-Address = 127.0.0.1
| Huntgroup-Name = "static"
Below is radius detail log. I hope someone's kindly help.
---------------------------------------------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:54456, id=239, length=65
User-Name = "test1"
User-Password = "pass1"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Framed-Protocol = PPP
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '@' in User-Name = "test1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
radius_xlat: '/var/log/radacct/auth-detail-20041118'
rlm_detail: /var/log/radacct/auth-detail-%Y%m%d expands to
/var/log/radacct/auth-detail-20041118
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "attr_filter" returns noop for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
users: Matched DEFAULT at 12
users: Matched DEFAULT at 18
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: 'masaru1'
rlm_sql (sql): sql_set_user escaped user --> 'test1'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test1' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test1' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'test1' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'test1' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): No matching entry in the database for request from user [test1]
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No password configured for the user
auth: Failed to validate the user.
Processing the post-auth section of radiusd.conf
modcall: entering group Post-Auth-Type for request 0
radius_xlat: '/var/log/radacct/reply-detail-20041118'
---------------------------------------------------------------------------
(end)
On Mon, 15 Nov 2004 23:10:21 +0900
Masaru Yoshihama <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I have been to use FreeRadius 0.9.1 while a year and would like to
> upgtade to ver 1.0.1. What i need to modfy setting is only Dictionary
> section. New version FreeRadius 1.0.1 works smoothly expect huntgroup
> settings.
>
> I setup FreeRadius with MySQL relationship at FreeBSD 5.3 Release.
> Below is my settings.
>
> mysql> select * from radcheck;
> +----+----------+-----------+----+-------+
> | id | UserName | Attribute | op | Value |
> +----+----------+-----------+----+-------+
> | 1 | test1 | Password | == | pass1 |
> | 2 | test2 | Password | == | pass2 |
> +----+----------+-----------+----+-------+
>
> mysql> select * from usergroup;
> +----+----------+-----------+
> | id | UserName | GroupName |
> +----+----------+-----------+
> | 1 | test1 | dynamic |
> | 2 | test2 | static |
> +----+----------+-----------+
>
> mysql> select * from radgroupcheck;
> +----+-----------+----------------+----+---------+
> | id | GroupName | Attribute | op | Value |
> +----+-----------+----------------+----+---------+
> | 1 | static | Huntgroup-Name | == | static |
> | 2 | dynamic | Huntgroup-Name | == | dynamic |
> +----+-----------+----------------+----+---------+
>
> # /usr/local/etc/raddb/huntgroups
> --------------------------------------------
> static NAS-IP-Address == 127.0.0.1
> dynamic NAS-IP-Address == 127.0.0.1
>
> I am checking behavior with below command.
>
> /usr/local/bin/radtest test1 pass1 localhost 0 secret123 ppp 127.0.0.1
> /usr/local/bin/radtest test2 pass2 localhost 0 secret123 ppp 127.0.0.1
>
> When I use ver 0.9.1, it work properly( Each result is Accepted). But if
> i use ver 1.0.1, 1st query is Accepted and 2nd query is Denied.It seemes
> that only 1st row of huntgroup is proseeding normally, But the rest row
> is not processing.
>
> For the confirmation, I try to change huntgroups row (1st and 2nd) and
> query again. 1st query(User test1) rejected and 2nd query(User test2)
> accepted. What things possible to cause this problems? I thirst any
> information.
>
>
> --
> ----------------------------------------
> Masaru Yoshihama Email: [EMAIL PROTECTED]
> Okinawa FreeBSD Users Group http://www.ofug.net/
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
----------------------------------------
Masaru Yoshihama Email: [EMAIL PROTECTED]
Okinawa FreeBSD Users Group http://www.ofug.net/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
