Hello, I have a environment with this situation, follow my confs:
mysql> select * from radcheck WHERE `username` = 'joao'; +----+----------+--------------------+----+---------+-------------------+-------------+----------+--------+ | id | username | attribute | op | value | macaddress | ip | download | upload | +----+----------+--------------------+----+---------+-------------------+-------------+----------+--------+ | 1 | joao | Cleartext-Password | := | prolinx | 78:44:76:07:f7:47 | 172.16.0.31 | 600 | 600 | +----+----------+--------------------+----+---------+-------------------+-------------+----------+--------+ 1 row in set (0.00 sec) mysql> select * from radreply WHERE `username` = 'joao'; +----+----------+-------------------+----+-------------+ | id | username | attribute | op | value | +----+----------+-------------------+----+-------------+ | 1 | joao | Framed-IP-Address | := | 172.16.0.31 | +----+----------+-------------------+----+-------------+ 1 row in set (0.00 sec) /etc/raddb/sql/mysql/dialup.conf (Specific check of Mac): authorize_check_query = "SELECT id, username, attribute, value, op \ FROM ${authcheck_table} \ WHERE username = '%{SQL-User-Name}' AND UPPER(macaddress) = UPPER('%{Calling-Station-Id}')\ ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op \ FROM ${authreply_table} \ WHERE username = '%{SQL-User-Name}' \ ORDER BY id" -----Mensagem original----- De: freeradius-users-bounces+angelo-listas=prolinx.com...@lists.freeradius.org [mailto:freeradius-users-bounces+angelo-listas=prolinx.com...@lists.freeradius.org] Em nome de S Adrian Enviada em: quarta-feira, 22 de fevereiro de 2012 18:57 Para: freeradius-users@lists.freeradius.org Assunto: again .. mac based auth + user/password for pppoe Hey again, I've searched the list for my old conversation here but couldn't find it .. still.. here it goes... I have rp-pppoe started in kernel mode ( the calling-station-id gets sent as I can see it ) You'll notice that even though I added in radcheck Calling-Station-Id to be 11:22:33:44:55:66, trying with radclient got me accepted ( even though I specified 11:22:33:44:55:77 ) The idea is that I want to also do a mac check ( if the Calling-Station-Id is present in sql ..) I don't want to bind the username/password combination to the mac address for all the users PPPoE ~ # cat dexter | radclient -x 127.0.0.1 auth r4d1usP4ssw0rd Sending Access-Request of id 61 to 127.0.0.1 port 1812 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "dexter" User-Password = "250896" Calling-Station-Id = "11:22:33:44:55:77" NAS-IP-Address = 127.0.0.1 NAS-Port = 242 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=61, length=50 Framed-Protocol = PPP Service-Type = Framed-User Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Framed-IP-Address = 10.10.0.82 mysql> select * from radcheck WHERE `username` = 'dexter'; +------+----------+--------------------+----+-------------------+ | id | username | attribute | op | value | +------+----------+--------------------+----+-------------------+ | 2298 | dexter | Cleartext-Password | := | 250896 | | 2299 | dexter | Simultaneous-Use | := | 1 | | 2300 | dexter | Pool-Name | := | main | | 2301 | dexter | Calling-Station-Id | := | 11:22:33:44:55:66 | +------+----------+--------------------+----+-------------------+ 4 rows in set (0.01 sec) mysql> select * from radreply WHERE `username` = 'dexter'; +------+----------+--------------------+----+---------------------+ | id | username | attribute | op | value | +------+----------+--------------------+----+---------------------+ | 4461 | dexter | Framed-MTU | := | 1500 | | 4459 | dexter | Service-Type | := | Framed-User | | 4458 | dexter | Framed-Protocol | := | PPP | | 4460 | dexter | Framed-Compression | := | Van-Jacobsen-TCP-IP | +------+----------+--------------------+----+---------------------+ radiusd -X reports this: rad_recv: Access-Request packet from host 127.0.0.1 port 52468, id=61, length=89 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "dexter" User-Password = "250896" Calling-Station-Id = "11:22:33:44:55:77" NAS-IP-Address = 127.0.0.1 NAS-Port = 242 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/127.0.0.1/auth-detail-20120222 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20120222 [auth_log] expand: %t -> Wed Feb 22 22:36:07 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [sql] expand: %{User-Name} -> dexter [sql] sql_set_user escaped user --> 'dexter' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'dexter' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'dexter' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'dexter' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id [sql] User found in group dynamic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. User-Password in the request is correct. +- entering group session {...} [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{User-Name} -> dexter ++[radutmp] returns ok Login OK: [dexter/250896] (from client localhost port 242 cli 11:22:33:44:55:77) +- entering group post-auth {...} [reply_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/127.0.0.1/reply-detail-20120222 [reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20120222 [reply_log] expand: %t -> Wed Feb 22 22:36:07 2012 ++[reply_log] returns ok [sql] expand: %{User-Name} -> dexter [sql] sql_set_user escaped user --> 'dexter' [sql] expand: %{User-Password} -> 250896 [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'dexter', '250896', 'Access-Accept', '2012-02-22 22:36:07') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'dexter', '250896', 'Access-Accept', '2012-02-22 22:36:07') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [sql_log] Processing sql_log_postauth [sql_log] expand: %{User-Name} -> dexter [sql_log] expand: %{%{User-Name}:-DEFAULT} -> dexter [sql_log] sql_set_user escaped user --> 'dexter' [sql_log] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [sql_log] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('dexter', '250896', 'Access-Accept', '2012-02-22 22:36:07'); [sql_log] expand: /var/log/radius/radacct/sql-relay -> /var/log/radius/radacct/sql-relay ++[sql_log] returns ok rlm_sql (sql): Reserving sql socket id: 0 [sqlippool] expand: %{User-Name} -> dexter [sqlippool] sql_set_user escaped user --> 'dexter' [sqlippool] expand: START TRANSACTION -> START TRANSACTION [sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress = '%{Nas-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress = '127.0.0.1' [sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time IS NULL ORDER BY RAND() LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'main' AND expiry_time IS NULL ORDER BY RAND() LIMIT 1 FOR UPDATE [sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 604800 SECOND WHERE framedipaddress = '10.10.0.82' AND expiry_time IS NULL -> UPDATE radippool SET nasipaddress = '127.0.0.1', pool_key = '242', callingstationid = '11:22:33:44:55:77', username = 'dexter', expiry_time = NOW() + INTERVAL 604800 SECOND WHERE framedipaddress = '10.10.0.82' AND expiry_time IS NULL [sqlippool] Allocated IP 10.10.0.82 [780fe5bc] [sqlippool] expand: COMMIT -> COMMIT rlm_sql (sql): Released sql socket id: 0 [sqlippool] expand: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> Allocated IP: 10.10.0.82 from main (did cli 11:22:33:44:55:77 port 242 user dexter) Allocated IP: 10.10.0.82 from main (did cli 11:22:33:44:55:77 port 242 user dexter) ++[sqlippool] returns ok Sending Access-Accept of id 61 to 127.0.0.1 port 52468 Framed-Protocol := PPP Service-Type := Framed-User Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 Framed-IP-Address = 10.10.0.82 Finished request 3. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html