I use freeradius 2.1.3 with oracle DB. Regexp works wrong in radgroupcheck table. What did I do wrong?
Usergrop table ------------------------------------------------------------------ 65658 testgroup testgroup1 15 65659 testgroup testgroup2 20 ------------------------------------------------------------------ Radgroupcheck table ------------------------------------------------------------------ 321 testgroup1 NAS-IP-Address !~ ^10.10 341 testgroup2 NAS-IP-Address =~ ^10.10 ------------------------------------------------------------------ Radgroupreply table ------------------------------------------------------------------ 682 testgroup1 Fall-Through = Yes 661 testgroup1 Cisco-AVPair += ip:addr-pool=test1 681 testgroup2 Fall-Through = Yes 662 testgroup2 Cisco-AVPair += ip:addr-pool=test2 ------------------------------------------------------------------ Sending Access-Request of id 250 to 127.0.0.1 port 1812 User-Name = "testgroup" User-Password = "test" NAS-IP-Address = 10.10.1.1 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=250, length=46 Cisco-AVPair = "ip:addr-pool=test2" Sending Access-Request of id 203 to 127.0.0.1 port 1812 User-Name = "testgroup" User-Password = "test" NAS-IP-Address = 10.11.1.1 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=203, length=46 Cisco-AVPair = "ip:addr-pool=test2" Debug from last request: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 6526, id=133, length=55 User-Name = "testgroup" User-Password = "test" NAS-IP-Address = 10.11.1.1 +- entering group authorize {...} [preprocess] expand: %{NAS-IP-Address} -> 10.11.1.1 ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205 [auth_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205 [auth_log] expand: %t -> Thu Feb 5 16:39:28 2009 ++[auth_log] returns ok ++[chap] returns noop [suffix] No '@' in User-Name = "testgroup", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Stripped-User-Name = "testgroup" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [files] users: Matched entry DEFAULT at line 2 ++[files] returns ok [sqlauth] expand: %{User-Name} -> testgroup [sqlauth] sql_set_user escaped user --> 'testgroup' rlm_sql (sqlauth): Reserving sql socket id: 7 [sqlauth] expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'testgroup' ORDER BY id WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. [sqlauth] User found in radcheck table [sqlauth] expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'testgroup' ORDER BY id [sqlauth] expand: SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' OR CLID='%{Calling-Station-Id}' order by priority -> SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority SELECT GroupName FROM usergroup WHERE UserName='testgroup' OR CLID='' order by priority [sqlauth] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup1' ORDER BY id ################################################### [sqlauth] expand: %{NAS-IP-Address} -> 10.11.1.1 ################################################### [sqlauth] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'testgroup2' ORDER BY id ################################################### [sqlauth] expand: %{NAS-IP-Address} -> 10.11.1.1 [sqlauth] User found in group testgroup2 ################################################### [sqlauth] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testgroup2' ORDER BY id rlm_sql (sqlauth): Released sql socket id: 7 ++[sqlauth] returns ok [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = Local !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. User-Password in the request is correct. Login OK: [testgroup] (from client local port 0) +- entering group post-auth {...} [reply_log] expand: /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205 [reply_log] /usr/local/var/log/radius/radacct/detail/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/detail/127.0.0.1/detail-20090205 [reply_log] expand: %t -> Thu Feb 5 16:39:28 2009 ++[reply_log] returns ok Sending Access-Accept of id 133 to 127.0.0.1 port 6526 Cisco-AVPair += "ip:addr-pool=test2" Finished request 7. Going to the next request Waking up in 4.9 seconds. Cleaning up request 7 ID 133 with timestamp +695 Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html