hi again... i try to get suffix work but i guess missing something... here some debugs and confs
rad_recv: Access-Request packet from host 10.10.64.67 port 16829, id=53, length=208 Framed-Protocol = PPP User-Name = "*usert...@my.domain.cu*" User-Password = "*secret*" NAS-Port-Type = Async Calling-Station-Id = "123456789" Called-Station-Id = "987654321" Connect-Info = "44000/28800 V90/V44/LAPM" Cisco-AVPair = "v92-info=V.92 QC/QC Short Train Success/0/0" NAS-Port = 443 NAS-Port-Id = "Async3/11*E1 7/0:7" Service-Type = Framed-User NAS-IP-Address = 10.10.64.67 # Executing section authorize from file /etc/freeradius/sites-available/default +- entering group authorize {...} [preprocess] hints: Matched DEFAULT at 36 ++[preprocess] returns ok ++- entering policy filter_username {...} +++? if (User-Name =~ /^ /) ? Evaluating (User-Name =~ /^ /) -> FALSE +++? if (User-Name =~ /^ /) -> FALSE +++? if (User-Name =~ / $$/) ? Evaluating (User-Name =~ / $$/) -> FALSE +++? if (User-Name =~ / $$/) -> FALSE +++? if (User-Name != "%{tolower:%{User-Name}}") expand: %{User-Name} -> *usert...@my.domain.cu* expand: %{tolower:%{User-Name}} -> *usert...@my.domain.cu* ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE +++? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE ++- policy filter_username returns ok *[suffix] No '@' in User-Name = "usertest", looking up realm NULL <---why not found '@' if is coming in radius packet and check in the conf???* [suffix] No such realm "NULL" ++[suffix] returns noop [ldap] performing user authorization for *usertest* [ldap] expand: %{Stripped-User-Name} -> *usertest* [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=* usertest*) *<---------- this works stripped-user-name OK* [ldap] expand: ou=group,ou=my,dc=domain,dc=cu -> ou=group,ou=my,dc=domain,dc=cu . *checking user/pass works fine... now check monthlycounter to compare hours..* . [monthlycounter1] sql_xlat [monthlycounter1] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [monthlycounter1] expand: %{Stripped-User-Name:-%{User-Name:-DEFAULT}} -> *usertest* [monthlycounter1] sql_set_user escaped user --> '*usertest*' *IF stripped-user-name works here at monthlycounter why the query not use it! and use user with realm??/* [monthlycounter1] expand: SELECT SUM(acctsessiontime - GREATEST((1346472000 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='*usert...@my.domain.cu*' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1346472000' -> SELECT SUM(acctsessiontime - GREATEST((1346472000 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='*usert...@my.domain.cu*' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1346472000' rlm_sql (sql1): Reserving sql socket id: 4 [monthlycounter1] row[0] returned NULL rlm_sql (sql1): Released sql socket id: 4 [monthlycounter1] expand: %{sql1:SELECT SUM(acctsessiontime - GREATEST((1346472000 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username='*usert...@my.domain.cu*' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1346472000'} -> *rlm_sqlcounter: No integer found in string "" <------------- must be found integer to compare with max-monthly-session, in database i have only usernames, not with realms* +++[monthlycounter1] returns noop hints confs *DEFAULT Suffix == "@my.domain.cu", Strip-User-Name = Yes* Hint = "userdefault", Service-Type = Framed-User, Framed-Protocol = PPP, site-available/default # cat sites-available/default | egrep -v '\#|^$' authorize { preprocess filter_username *suffix* ldap redundant-load-balance { monthlycounter1 monthlycounter2 } checkval1 checkval2 checkval3 expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type LDAP { ldap } } preacct { preprocess acct_unique *suffix* } accounting { redundant-load-balance { sql1 sql2 } } session { load-balance { sql1 sql2 } } post-auth { Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { } thanxs for any help. -- Antonio Peña Secure email with PGP 0x8B021001 available at http://pgp.mit.edu Fingerprint: 74E6 2974 B090 366D CE71 7BB2 6476 FA09 8B02 1001
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html