Sorry for starting a new thread; I had subscribed to digest instead of individual e-mails.
> You should really upgrade to 1.0.2. Completed. radiusd: FreeRADIUS Version 1.0.2, for host , built on May 13 2005 at 09:43:36 (updated from 0.9.3) Now I get the line I had not been seeing! huntgroups: Matched wireless at 56 PROBLEMS: 1. Reply to a "wireless" NAS has the 'Dialup_Default' attributes/values (specifically "Session-Timeout := 14400") instead of 'Wireless_Default' atttibutes/values (specifically "Session-Timeout := 0") for a user who is part of both the "Wireless_Default" and "Dialup_Default" groups. 2. Reply to a "dialup" NAS is "Accept" for a user who is a member of only the "Wireless_Default" group. That should be "reject". The "Wireless_Default" attribute/values (specifically "Session-Timeout := 0") are returned. > How do you define those customers? select * from radgroupcheck; +----+-------------------+------------------+----+----------+ | id | GroupName | Attribute | op | Value | +----+-------------------+------------------+----+----------+ | 15 | DialUp_Default | Simultaneous-Use | := | 1 | | 6 | EmailOnly_Default | Auth-Type | := | Reject | | 7 | EmailOnly_Default | Simultaneous-Use | := | 0 | | 8 | LockOut_Billing | Auth-Type | := | Reject | | 9 | LockOut_Billing | Simultaneous-Use | := | 0 | | 14 | Wireless_Default | Simultaneous-Use | := | 1 | | 11 | Virus_Lockout | Auth-Type | := | Reject | | 24 | Wireless_Default | Huntgroup-Name | == | wireless | +----+-------------------+------------------+----+----------+ select * from radgroupreply; +----+-------------------+--------------------+----+--------------------------------------------------------+------+ | id | GroupName | Attribute | op | Value | prio | +----+-------------------+--------------------+----+--------------------------------------------------------+------+ | 16 | DialUp_Default | Session-Timeout | := | 14400 | 0 | | 15 | DialUp_Default | Service-Type | := | Framed-User | 0 | | 14 | DialUp_Default | Framed-Compression | := | Van-Jacobsen-TCP-IP | 0 | | 13 | DialUp_Default | Framed-MTU | := | 1500 | 0 | | 12 | DialUp_Default | Framed-IP-Address | := | 255.255.255.254 | 0 | | 23 | EmailOnly_Default | Reply-Message | = | "Email only accounts may not dial up." | 0 | | 11 | DialUp_Default | Framed-Protocol | := | PPP | 0 | | 25 | LockOut_Billing | Reply-Message | = | This account has been suspended due to billing issues. | 0 | | 27 | Virus_Lockout | Reply-Message | = | Account suspended for virus-spam complaints | 0 | | 31 | Wireless_Default | Framed-Protocol | := | PPP | 0 | | 32 | Wireless_Default | Framed-IP-Address | := | 255.255.255.254 | 0 | | 33 | Wireless_Default | Framed-MTU | := | 1500 | 0 | | 34 | Wireless_Default | Framed-Compression | := | Van-Jacobsen-TCP-IP | 0 | | 35 | Wireless_Default | Service-Type | := | Framed-User | 0 | | 36 | Wireless_Default | Session-Timeout | := | 0 | 0 | | 37 | Wireless_Default | Port-Limit | := | 1 | 0 | | 17 | DialUp_Default | Idle-Timeout | := | 1200 | 0 | | 18 | DialUp_Default | Port-Limit | := | 1 | 0 | +----+-------------------+--------------------+----+--------------------------------------------------------+------+ select * from usergroup where UserName='ME'; +------+----------+------------------+----------------+ | id | UserName | GroupName | LastMod | +------+----------+------------------+----------------+ | 6522 | ME | DialUp_Default | 20050511100844 | | 6523 | ME | Wireless_Default | 20050511100915 | +------+----------+------------------+----------------+ > See the FAQ, you can do group checking via Unix groups. See also > rlm_passwd in 1.0.2, for non-Unix group checks. I am NOT using Linux passwd/shadow/groups for RADIUS purposes -- only administrators have System accounts. 'huntgroups' includes: dialup NAS-IP-Address == 1.2.3.4 wireless NAS-IP-Address == 1.3.5.7 FROM THE TEST CLIENT: radtest ME SomeSillyPhrase 1.3.5.1 0 SecretPhrase 0 1.3.5.7 FROM THE RADIUS SERVER (using 'radius -X') (interrpted by the SQL data being returned): rad_recv: Access-Request packet from host 1.3.5.7:32873, id=205, length=66 User-Name = "ME" User-Password = "SomeSillyPhrase" NAS-IP-Address = 1.3.5.7 NAS-Port = 0 Framed-Protocol = PPP Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "ME", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 radius_xlat: 'ME' rlm_sql (sql): sql_set_user escaped user --> 'ME' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'ME' ORDER BY id' +------+----------+----------------+------------------------------------+----+ | id | UserName | Attribute | Value | op | +------+----------+----------------+------------------------------------+----+ | 8195 | ME | Crypt-Password | d5Sd4DsAIl9$zfcfVsda13sYYt9HrdBsd0 | := | +------+----------+----------------+------------------------------------+----+ rlm_sql (sql): Reserving sql socket id: 12 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ME' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' +----+------------------+------------------+----------+----+ | id | GroupName | Attribute | Value | op | +----+------------------+------------------+----------+----+ | 14 | Wireless_Default | Simultaneous-Use | 1 | := | | 15 | DialUp_Default | Simultaneous-Use | 1 | := | | 24 | Wireless_Default | Huntgroup-Name | wireless | == | +----+------------------+------------------+----------+----+ radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'ME' ORDER BY id' Empty set (0.00 sec) radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ME' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' +----+------------------+--------------------+---------------------+----+ | id | GroupName | Attribute | Value | op | +----+------------------+--------------------+---------------------+----+ | 11 | DialUp_Default | Framed-Protocol | PPP | := | | 12 | DialUp_Default | Framed-IP-Address | 255.255.255.254 | := | | 13 | DialUp_Default | Framed-MTU | 1500 | := | | 14 | DialUp_Default | Framed-Compression | Van-Jacobsen-TCP-IP | := | | 15 | DialUp_Default | Service-Type | Framed-User | := | | 16 | DialUp_Default | Session-Timeout | 14400 | := | | 17 | DialUp_Default | Idle-Timeout | 1200 | := | | 18 | DialUp_Default | Port-Limit | 1 | := | | 31 | Wireless_Default | Framed-Protocol | PPP | := | | 32 | Wireless_Default | Framed-IP-Address | 255.255.255.254 | := | | 33 | Wireless_Default | Framed-MTU | 1500 | := | | 34 | Wireless_Default | Framed-Compression | Van-Jacobsen-TCP-IP | := | | 35 | Wireless_Default | Service-Type | Framed-User | := | | 36 | Wireless_Default | Session-Timeout | 0 | := | | 37 | Wireless_Default | Port-Limit | 1 | := | +----+------------------+--------------------+---------------------+----+ huntgroups: Matched wireless at 56 rlm_sql (sql): Released sql socket id: 12 modcall[authorize]: module "sql" returns ok for request 1 modcall: group authorize returns ok for request 1 auth: type Crypt Processing the session section of radiusd.conf modcall: entering group session for request 1 radius_xlat: 'ME' rlm_sql (sql): sql_set_user escaped user --> 'ME' radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='ME' AND AcctStopTime = 0' +----------+ | COUNT(*) | +----------+ | 0 | +----------+ rlm_sql (sql): Reserving sql socket id: 11 radius_xlat: 'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='ME' AND AcctStopTime = 0' Empty set (0.00 sec) rlm_sql (sql): Released sql socket id: 11 modcall[session]: module "sql" returns ok for request 1 modcall: group session returns ok for request 1 Login OK: [ME] (from client MyClientName port 0) Sending Access-Accept of id 205 to 1.3.5.7:32873 Framed-Protocol := PPP Framed-IP-Address := 255.255.255.254 Framed-MTU := 1500 Framed-Compression := Van-Jacobson-TCP-IP Service-Type := Framed-User Session-Timeout := 14400 Idle-Timeout := 1200 Port-Limit := 1 Finished request 1 Going to the next request - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html