Hello, I have the following user in the database: mysql> SELECT * FROM radcheck; +----+----------+--------------------+----+---------+ | id | username | attribute | op | value | +----+----------+--------------------+----+---------+ | 1 | sqltest | Cleartext-Password | := | testpwd | | 2 | sqltest | Max-All-Session | := | 600 | +----+----------+--------------------+----+---------+ 2 rows in set (0.00 sec)
Well, freeRADIUS should allow this user to connect and stay online for 10 minutes but I can't even connect. Here is the freeRADIUS debug log: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host xx.xx.72.127 port 33451, id=15, length=135 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "sqltest" MS-CHAP-Challenge = 0xd237c3a9ecf61e669d362193cfb6b33b MS-CHAP2-Response = 0x6600d5135b141fa0f0fb3671adef9107716a000000000000000061a6f1db763fb3554c35008e7dec3f57936ca9ca1d2375b7 NAS-IP-Address = 127.0.1.1 NAS-Port = 0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok ++[digest] returns noop [suffix] No '@' in User-Name = "sqltest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> sqltest [sql] sql_set_user escaped user --> 'sqltest' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id rlm_sql: Failed to create the pair: Invalid octet string "600" for attribute name "Max-All-Session" rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 3 ++[sql] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> sqltest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 15 to xx.xx.72.127 port 33451 Waking up in 4.9 seconds. Cleaning up request 0 ID 15 with timestamp +25 Ready to process requests. rlm_sql: Failed to create the pair: Invalid octet stringrad_recv: Access-Request packet from host xx.xx.72.127 port 40062, id=16, length=135 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "sqltest" MS-CHAP-Challenge = 0x6214c3aad82e064f6e9118c3aa9751d2 MS-CHAP2-Response = 0x280073eab0bdcb6b149e34b5d5a3be5dd7dc0000000000000000c9652cb77bbd8cf74273f9aa924c7dbe8b6a53968ffb7c6a NAS-IP-Address = 127.0.1.1 NAS-Port = 0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok ++[digest] returns noop [suffix] No '@' in User-Name = "sqltest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> sqltest [sql] sql_set_user escaped user --> 'sqltest' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id rlm_sql: Failed to create the pair: Invalid octet string "600" for attribute name "Max-All-Session" rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 2 ++[sql] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> sqltest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 16 to xx.xx.72.127 port 40062 Waking up in 4.9 seconds. Cleaning up request 1 ID 16 with timestamp +93 Ready to process requests. rad_recv: Access-Request packet from host xx.xx.72.127 port 40203, id=17, length=135 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "sqltest" MS-CHAP-Challenge = 0x470c8b8089c5b8a4a322d16b51ab1a91 MS-CHAP2-Response = 0x3300c3bac8e9819c7a7e962f3611fad2cda20000000000000000c8e0d842bdff8a8183104ac176bb16835ea6626028a146da NAS-IP-Address = 127.0.1.1 NAS-Port = 0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok ++[digest] returns noop [suffix] No '@' in User-Name = "sqltest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> sqltest [sql] sql_set_user escaped user --> 'sqltest' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id rlm_sql: Failed to create the pair: Invalid octet string "600" for attribute name "Max-All-Session" rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 1 ++[sql] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> sqltest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 17 to xx.xx.72.127 port 40203 Waking up in 4.9 seconds. Cleaning up request 2 ID 17 with timestamp +469 Ready to process requests. I was so happy that I could install freeRADIUS last week! I can't disconnect users using freeRADIUS cause there is no NAS in my network and if I can't get time and traffic limits to work I would have to code a script to do it myself maybe. I would be thankful if someone helps to work it out. PS: I have just noticed that radacct table is empty. I had the session logs in this table when pptpd and freeRADIUS servers where on the same machine but I can't see anything in this table now. Do I have to setup something on the pptpd server to have to session logs in freeRADIUS database?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html