Don't take your ball, not good. ;)
Here's informations:
## radcheck
+----+-----------+--------------------+----+---------+
|
id | UserName | Attribute
| op | Value |
+----+-----------+--------------------+----+---------+
| 3 |
test-pap | Cleartext-Password | := | pw123 |
+----+-----------+--------------------+----+---------+
## radreply
+----+-----------+---------------------+----+-------+
| id
| UserName | Attribute
| op | Value |
+----+-----------+---------------------+----+-------+
| 6 |
test-pap | Upstream-Speed | = | 800
|
| 7 | test-pap | Downstream-Speed |
= | 800 |
+----+-----------+---------------------+----+-------+
## radgroupcheck
+----+----------------+--------------------+----+-------+
| id | GroupName | Attribute
| op | Value |
+----+----------------+--------------------+----+-------+
|
5 | f_pppoe_250k | Auth-Type
| = | PAP |
| 6 | f_pppoe_250k |
Simultaneous-Use | = | 1 |
+----+----------------+--------------------+----+-------+
## radgroupreply
+----+--------------+-----------------------+----+----------------------+
|
id | GroupName | Attribute
| op |
Value
|
+----+--------------+-----------------------+----+----------------------+
|
13 | f_pppoe_250k | Framed-Protocol | = |
PPP
|
| 14 | f_pppoe_250k |
Framed-MTU | = |
1492
|
| 15 | f_pppoe_250k |
Framed-Compression | = | Van-Jacobsen-TCP-IP |
| 16 | f_pppoe_250k |
Service-Type | = |
Framed-User |
+---+----------------+----------------------+----+----------------------+
## radusergroup (same usergroup table in 1.3 version freeradius, I have both tables)
+-----------+----------------+----------+
| UserName |
GroupName | priority |
+-----------+----------------+----------+
| teste-pap | f_pppoe_250k
| 1 |
+-----------+----------------+----------+
## radiusd -X
rad_recv: Access-Request packet from host 7.7.7.1 port 32790, id=163,
length=73
Service-Type =
Framed-User
Framed-Protocol =
PPP
User-Name =
"test-pap"
User-Password
= "pw123"
NAS-IP-Address
=
NAS-Port = 0
Processing the authorize section of radiusd.conf
+- entering group
authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
radius_xlat: 'test-pap'
rlm_sql (sql):
sql_set_user escaped user --> 'test-pap'
rlm_sql (sql): Reserving sql
socket id: 3
radius_xlat: 'SELECT id, UserName, Attribute, Value,
op FROM
radcheck WHERE Username
= 'test-pap' ORDER BY
id' ######## loading radcheck table ##########
rlm_sql
(sql): User found in radcheck table
radius_xlat: 'SELECT id, UserName,
Attribute, Value, op
FROM radreply WHERE
Username = 'test-pap'
ORDER BY id' ####### loading radreply table ##########
rlm_sql
(sql): Released sql socket id:
3
#### if found "Fall-Through = Yes" attribute, radgroupcheck is loaded,
but not radgroupreply #########
++[sql] returns ok
++[expiration]
returns noop
++[logintime] returns noop
++[pap] returns updated
+- group authorize returns updated
rad_check_password: Found
Auth-Type
auth: type "PAP"
Processing the authenticate
section of radiusd.conf
+- entering group PAP
rlm_pap: login attempt
with password ngc0bqi
rlm_pap: Using clear text password.
rlm_pap: User
authenticated successfully
++[pap] returns ok
+- group PAP returns
ok
Processing the post-auth section of radiusd.conf
+- entering
group post-auth
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql):
sql_set_user escaped user --> 'test-pap'
radius_xlat: 'INSERT into
radpostauth (id, user, pass, reply, date) values ('', 'test-pap', 'ngc0bqi',
'Access-Accept', '2008-01-15 20:33:58')'
rlm_sql (sql) in sql_postauth: query
is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'test-pap',
'pw123', 'Access-Accept', '2008-01-15 20:33:58')
rlm_sql (sql): Reserving sql
socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns
ok
+- group post-auth returns ok
Sending Access-Accept of id 163 to
7.7.7.1 port 32790 ############# Here is
when radius server send "items reply" to radiusclient
#################
Upstream-Speed =
800 ######## attribute in
radreply ########
Downstream-Speed
= 800 ###### attribute in radreply ########
Finished
request 0 state 5
Going to the next request
rad_recv:
Accounting-Request packet from host 7.7.7.1 port 32790, id=164, length=101
Acct-Session-Id =
"478D34D61E1F00"
User-Name = "test-pap"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
NAS-Port-Type = Virtual
Framed-IP-Address = 7.7.7.123
NAS-IP-Address = 7.7.7.1
NAS-Port
= 0
Acct-Delay-Time = 0
Processing the preacct section of radiusd.conf
+- entering group
preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port =
0,Framed-IP-Address = 7.7.7.123,NAS-IP-Address = 7.7.7.1,Acct-Session-Id =
"478D34D61E1F00",User-Name = "test-pap"'
rlm_acct_unique:
Acct-Unique-Session-ID = "a5e052f9f07c2f6f".
++[acct_unique]
returns ok
+- group preacct returns ok
Processing the accounting
section of radiusd.conf
+- entering group accounting
radius_xlat:
'/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/7.7.7.1/detail-20080115
radius_xlat:
'Tue Jan 15 20:33:58 2008'
++[detail] returns ok
radius_xlat:
'/usr/local/var/log/radius/radutmp'
radius_xlat: 'test-pap'
++[radutmp] returns ok
radius_xlat: 'test-pap'
rlm_sql (sql):
sql_set_user escaped user --> 'test-pap'
radius_xlat: 'INSERT into
radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('478D34D61E1F00',
'a5e052f9f07c2f6f', 'test-pap', '', '7.7.7.1', '0', 'Virtual', '2008-01-15
20:33:58', '0', '0', 'RADIUS', '', '', '0', '0', '', '', '', 'Framed-User', 'PPP',
'7.7.7.123', '0', '0')'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
radius_xlat: 'test-pap'
attr_filter: Matched entry DEFAULT at
line 12
++[attr_filter.accounting_response] returns updated
+- group
accounting returns updated
Sending Accounting-Response of id 164 to 7.7.7.1
port 32790
Finished request 1 state 6
Going to the next request
Cleaning up request 1 ID 164 with timestamp +15
Waking up in 4 seconds...
Cleaning up request 0 ID 163 with timestamp +15
Nothing to do.
Sleeping until we see a request.
################################
In freeradius documentation say (http://wiki.freeradius.org/Rlm_sql):
- The user IS NOT found in radcheck
- The user IS found in radcheck, but the check items don't match
- The user IS found in radcheck, the check items DO match AND Fall-Through is set in the radreply table
- The user IS found in radcheck, the check items DO match AND the read_groups directive is set to 'yes'
###################
My case matches with last condition, the user is found in radcheck, the check items DO match AND the read_groups directive is set to 'yes'. But... I've testing the read_groups and it don't work. I made an invalid directive and it is ignored by radiusd, it's not appers in debug log. read_groups don't too.
I have testing the Fall-Through in radreply and it work, but don't load the radgroupreply table. I need this table, because its attributes are replied to radiusclient, and my scripts in NAS side can work it.
Note: In freeradius 1.3 don't have read_groups directive, but all tables are loaded.
--------------------------------------------------------------------------------
OK, can we see database entries for a user (and group he belongs to) and
the debug of the access request? Or should I get my crystal ball back
from
the polisher?
Ivan Kalik
Kalik Informatika ISP
Dana 15/1/2008, "Arlinelson Fernandes dos Santos" pi¹e:
>Yes! I did. And I put attributes into all tables ckeck and reply.
--------------------------------------------------------------------------------
Did you put something in usergroup table to link users and groups?
------------------------------------------------------------------------------------------------------
Acelerador POP
Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu.
http://www.pop.com.br/acelerador
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html