Re: Unlang Condition Wrong Value !
Hi Arran,
I think i have managed to make the datacounter working. It may not be
the best counter but it is the best i have ever done in freeradius.
Below posted is the configs :
Post-Auth {
sql
# Unlang Data-Counter. Sends Mikrotik-Recv-Limit to NAS
update control {
Tmp-Integer-0 = "%{sql:SELECT ((SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
WHERE
tbl_usergroup.username = '%{User-Name}') > (SELECT
IFNULL(SUM(AcctInputOctets) \
+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}'
\
AND
MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
YEAR(NOW(}"
Tmp-Integer-1 = "%{sql:SELECT ((SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
WHERE
tbl_usergroup.username = '%{User-Name}') - (SELECT
IFNULL(SUM(AcctInputOctets) \
+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}'
\
AND
MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
YEAR(NOW(}"
}
if ("%{control:Tmp-Integer-0}" == "1") {
update reply{
Mikrotik-Recv-Limit :=
"%{control:Tmp-Integer-1}"
}
}
if ("%{control:Tmp-Integer-0}" == "0") {
update reply{
Reply-Message := "Fair
Usage Policy Enforced, Bandwidth Limited"
Mikrotik-Rate-Limit :=
"128K/256K 128K/256K 128K/256K 180/180 8"
}
}
The caveats :
It will return a negative value if Max-used-Traffic is more than
Max-Monthly-Limit but we don't need that negative value as we will
enforce Mikrotik-Rate-Limit (i.e Fair Usage Policy)
If Max-Monthly-Limit - Max-used-Limit > 32bit Integer, The
Mikrotik-Recv-Limit will be wrapped and user will have a rough of 2GB
per session limit. If user disconnects again and connects , the same
thing applies.
However, user will be able to use 100% of Max-Monthly-Traffic
allocated in multiple sessions.
I hope someone can make a hybrid of this counter.
Regards
Suman
On Mon, Aug 8, 2011 at 8:04 PM, Arran Cudbard-Bell
wrote:
>
> On 8 Aug 2011, at 16:29, Suman Dash wrote:
>
>> Just another small question before i jump into testing. If output from
>> sub-query is less than 32bit, I can easily store it in Tmp-Integer ,
>> But sometimes when the user data usage is null, the sub-query will
>> output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes.
>>
>> In that condition it is impossible to store it in Tmp-Integer . So
>> ultimately the Integer passed by xlat and the stored in Tmp-Integer
>> will differ.
>
> Yes. I'd imagine it'd be truncated.
>
> -Arran
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 16:29, Suman Dash wrote: > Just another small question before i jump into testing. If output from > sub-query is less than 32bit, I can easily store it in Tmp-Integer , > But sometimes when the user data usage is null, the sub-query will > output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. > > In that condition it is impossible to store it in Tmp-Integer . So > ultimately the Integer passed by xlat and the stored in Tmp-Integer > will differ. Yes. I'd imagine it'd be truncated. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Just another small question before i jump into testing. If output from sub-query is less than 32bit, I can easily store it in Tmp-Integer , But sometimes when the user data usage is null, the sub-query will output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. In that condition it is impossible to store it in Tmp-Integer . So ultimately the Integer passed by xlat and the stored in Tmp-Integer will differ. Regards Suman Dash On Mon, Aug 8, 2011 at 7:45 PM, Arran Cudbard-Bell wrote: > > On 8 Aug 2011, at 16:11, Suman Dash wrote: > >> So what you say is that i do all comparision within sql sub-query and >> whatever output i need to define if less than 32bit store it into an >> Integer and do Unlang control / reply updates ? >> >> Seems quite right .. Will try and get back with results. > > Exactly :) > > Feel free to post some samples if you get it working and i'll put them up on > the wiki. > > -Arran >> >> On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell >> wrote: >>> Unfortunately I am not much of a programmer . >>> >>> Ok... but you know SQL right? Which is why i'm suggesting to do the >>> comparison in the SQL database. >>> Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . >>> >>> http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html >>> >>> Use SELECT COUNT(*) for the outer query and then compare that value in >>> unlang. >>> >>> -Arran >>> >>> Arran Cudbard-Bell >>> a.cudba...@freeradius.org >>> >>> RADIUS - Half the complexity of Diameter >>> >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 16:11, Suman Dash wrote: > So what you say is that i do all comparision within sql sub-query and > whatever output i need to define if less than 32bit store it into an > Integer and do Unlang control / reply updates ? > > Seems quite right .. Will try and get back with results. Exactly :) Feel free to post some samples if you get it working and i'll put them up on the wiki. -Arran > > On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell > wrote: >> >>> Unfortunately I am not much of a programmer . >> >> Ok... but you know SQL right? Which is why i'm suggesting to do the >> comparison in the SQL database. >> >>> Therefore if you can put >>> some examples / pointers based on my requirement, it will be a >>> headstart for me . >> >> http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html >> >> Use SELECT COUNT(*) for the outer query and then compare that value in >> unlang. >> >> -Arran >> >> Arran Cudbard-Bell >> a.cudba...@freeradius.org >> >> RADIUS - Half the complexity of Diameter >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
So what you say is that i do all comparision within sql sub-query and whatever output i need to define if less than 32bit store it into an Integer and do Unlang control / reply updates ? Seems quite right .. Will try and get back with results. Thanks for the tip.. Regards Suman On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell wrote: > >> Unfortunately I am not much of a programmer . > > Ok... but you know SQL right? Which is why i'm suggesting to do the > comparison in the SQL database. > >> Therefore if you can put >> some examples / pointers based on my requirement, it will be a >> headstart for me . > > http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html > > Use SELECT COUNT(*) for the outer query and then compare that value in unlang. > > -Arran > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
> Unfortunately I am not much of a programmer . Ok... but you know SQL right? Which is why i'm suggesting to do the comparison in the SQL database. > Therefore if you can put > some examples / pointers based on my requirement, it will be a > headstart for me . http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html Use SELECT COUNT(*) for the outer query and then compare that value in unlang. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 11:32, Arran Cudbard-Bell wrote: > > On 8 Aug 2011, at 11:09, Suman Dash wrote: > >> What i mean to say is that i am not using an integer to store the >> value as integer is limited to 32bit, Instead i am directly comparing >> output from sql query in Unlanf but it doesn't seems to work either. Because what comes back from XLAT is a string, and FreeRADIUS needs to do the conversion to an integer before it can compare the result to another integer. As there's no 64bit attribute type in the RADIUS protocol, it's probably going to do the conversion to a 32bit integer even if 64bit integers are available. Just compare the results of the two subqueries in an SQL statement. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Hi Arran,
Unfortunately I am not much of a programmer . Therefore if you can put
some examples / pointers based on my requirement, it will be a
headstart for me . I had also read somewhere that if we can strip the
last 3 octet then atleast 4TB of traffic can be managed in replying
back .
However, there are a lot of solutions but no examples or a working
config which can be tweaked.
Regards
Suman
On Mon, Aug 8, 2011 at 3:02 PM, Arran Cudbard-Bell
wrote:
>
> On 8 Aug 2011, at 11:09, Suman Dash wrote:
>
>> What i mean to say is that i am not using an integer to store the
>> value as integer is limited to 32bit, Instead i am directly comparing
>> output from sql query in Unlanf but it doesn't seems to work either.
>
> Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In
> general performance is valued over completeness when it comes to things like
> unlang.
>
> Here are some workarounds:
>
> * You could store the result as a string and use an external utility to do
> the comparison.
> * You could also try expr xlat, but i'm not sure if it supports arbitrary
> precision either.
> * If you're just doing an equality check, then just write the value to a
> string and do a straight string comparison.
> * You could do the comparison in SQL and return a boolean value (i've used
> this as a workaround in the past).
> * You could write an xlat wrapper around one of the arbitrary precision
> libraries.
>
> -Arran
>
>
>>
>> It returns false where it should be returning true.
>>
>> Regards
>>
>> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
>> wrote:
>>>
>>> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>>>
So it is not possible to store values more than 32 bit in Tmp-Integer.
How about direct sql statements in Unlang not involving the
Tmp-Integer. It is also not working in my scenario.
>>>
>>> You mean a comparison of two integers from two SQL statements?
>>>
Attached is the logs.
>>>
>>> More useful would be the config...
>>>
>>> -Arran
>>>
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
id=55, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 60
NAS-Port-Type = Ethernet
User-Name = "10021"
Calling-Station-Id = "F4:EC:38:BA:8A:3B"
Called-Station-Id = "Internet"
NAS-Port-Id = "LAN"
User-Password = "10021"
NAS-Identifier = "NTL.X"
NAS-IP-Address = xxx.xx.xx.xx
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "10021", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} -> 10021
[sql] sql_set_user escaped user --> '10021'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '10021' ORDER BY
id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '10021' ORDER BY
id
[sql] expand: SELECT groupname FROM tbl_usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM tbl_usergroup WHERE username
= '10021' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM tbl_groupcheck WHERE groupname =
'TEST-10G' ORDER BY id
[sql] User found in group TEST-10G
[sql] expand: SELECT id, groupname, attribute, value, op
FROM tbl_groupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM tbl_groupreply WHERE groupname =
'TEST-10G' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
rlm_checkval: Value Name: Calling-Station-Id, Valu
Re: Unlang Condition Wrong Value !
Undermentioned is the complete config. This is a direct approach
without storing the results in Tmp-Integer . I assume that this direct
approach has nothing to do with 32bit length of Freeradius Attributes.
What i am looking to accomplish is a data counter which does not wraps
at 4GB, Checks whether total used traffic is less than
Max-Monthly-Traffic and based on the result it updates the reply
attribute.
I have read a lot in mailing lists that people have accomplished it
with rlm_perl but i unable to find a similar script in freeradius
mailing list.
I understand that this feature will be beneficial to a lot of people
in community as a lot of people have done hacks and tricks to make it
work. So till now official Session counter is available but no data
counter.
if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}") {
update reply {
Mikrotik-Recv-Limit := "%{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE
tbl_usergroup.username = '%{User-Name}'}" - "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}"
}
else {
update reply {
Reply-Message := "Fair
Usage Policy Enforced, Bandwidth Limited"
Mikrotik-Rate-Limit :=
"128K/256K"
}
}
}
Regards
Suman
On Mon, Aug 8, 2011 at 2:39 PM, Suman Dash wrote:
> What i mean to say is that i am not using an integer to store the
> value as integer is limited to 32bit, Instead i am directly comparing
> output from sql query in Unlanf but it doesn't seems to work either.
>
> It returns false where it should be returning true.
>
> Regards
>
> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
> wrote:
>>
>> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>>
>>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>>> How about direct sql statements in Unlang not involving the
>>> Tmp-Integer. It is also not working in my scenario.
>>>
>>
>> You mean a comparison of two integers from two SQL statements?
>>
>>> Attached is the logs.
>>
>> More useful would be the config...
>>
>> -Arran
>>
>>>
>>>
>>> Going to the next request
>>> Ready to process requests.
>>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>>> id=55, length=132
>>> Service-Type = Framed-User
>>> Framed-Protocol = PPP
>>> NAS-Port = 60
>>> NAS-Port-Type = Ethernet
>>> User-Name = "10021"
>>> Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>> Called-Station-Id = "Internet"
>>> NAS-Port-Id = "LAN"
>>> User-Password = "10021"
>>> NAS-Identifier = "NTL.X"
>>> NAS-IP-Address = xxx.xx.xx.xx
>>> # Executing section authorize from file
>>> /etc/freeradius/sites-enabled/default
>>> +- entering group authorize {...}
>>> ++[preprocess] returns ok
>>> ++[chap] returns noop
>>> ++[mschap] returns noop
>>> ++[digest] returns noop
>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>> [suffix] No such realm "NULL"
>>> ++[suffix] returns noop
>>> [eap] No EAP-Message, not doing EAP
>>> ++[eap] returns noop
>>> [files] users: Matched entry DEFAULT at line 172
>>> ++[files] returns ok
>>> [sql] expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> rlm_sql (sql): Reserving sql socket id: 1
>>> [sql] expand: SELECT id, username, attribute, value, op
>>> FROM tbl_check WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_check WHERE username = '10021' ORDER BY
>>> id
>>> [sql] User found in radcheck table
>>> [sql] expand: SELECT id, username, attribute, value, op
>>> FROM tbl_reply WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_reply WHERE username = '10021' ORDER BY
>>> id
>>> [sql] expand: SELECT groupname FROM tbl_usergroup
>>> WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
>>> SELECT groupname FROM tbl_usergroup WHERE username
>>> = '10021' ORDER BY priority
>>> [sql] expand: SELECT id, groupname, attribute, Value, op
>>> FROM tbl
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 11:09, Suman Dash wrote:
> What i mean to say is that i am not using an integer to store the
> value as integer is limited to 32bit, Instead i am directly comparing
> output from sql query in Unlanf but it doesn't seems to work either.
Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In
general performance is valued over completeness when it comes to things like
unlang.
Here are some workarounds:
* You could store the result as a string and use an external utility to do the
comparison.
* You could also try expr xlat, but i'm not sure if it supports arbitrary
precision either.
* If you're just doing an equality check, then just write the value to a string
and do a straight string comparison.
* You could do the comparison in SQL and return a boolean value (i've used this
as a workaround in the past).
* You could write an xlat wrapper around one of the arbitrary precision
libraries.
-Arran
>
> It returns false where it should be returning true.
>
> Regards
>
> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
> wrote:
>>
>> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>>
>>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>>> How about direct sql statements in Unlang not involving the
>>> Tmp-Integer. It is also not working in my scenario.
>>>
>>
>> You mean a comparison of two integers from two SQL statements?
>>
>>> Attached is the logs.
>>
>> More useful would be the config...
>>
>> -Arran
>>
>>>
>>>
>>> Going to the next request
>>> Ready to process requests.
>>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>>> id=55, length=132
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
>>>NAS-Port = 60
>>>NAS-Port-Type = Ethernet
>>>User-Name = "10021"
>>>Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>>Called-Station-Id = "Internet"
>>>NAS-Port-Id = "LAN"
>>>User-Password = "10021"
>>>NAS-Identifier = "NTL.X"
>>>NAS-IP-Address = xxx.xx.xx.xx
>>> # Executing section authorize from file
>>> /etc/freeradius/sites-enabled/default
>>> +- entering group authorize {...}
>>> ++[preprocess] returns ok
>>> ++[chap] returns noop
>>> ++[mschap] returns noop
>>> ++[digest] returns noop
>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>> [suffix] No such realm "NULL"
>>> ++[suffix] returns noop
>>> [eap] No EAP-Message, not doing EAP
>>> ++[eap] returns noop
>>> [files] users: Matched entry DEFAULT at line 172
>>> ++[files] returns ok
>>> [sql] expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> rlm_sql (sql): Reserving sql socket id: 1
>>> [sql] expand: SELECT id, username, attribute, value, op
>>> FROM tbl_check WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_check WHERE username = '10021' ORDER BY
>>> id
>>> [sql] User found in radcheck table
>>> [sql] expand: SELECT id, username, attribute, value, op
>>> FROM tbl_reply WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_reply WHERE username = '10021' ORDER BY
>>> id
>>> [sql] expand: SELECT groupname FROM tbl_usergroup
>>> WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
>>> SELECT groupname FROM tbl_usergroup WHERE username
>>> = '10021' ORDER BY priority
>>> [sql] expand: SELECT id, groupname, attribute, Value, op
>>>FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
>>> ORDER BY id -> SELECT id, groupname, attribute,
>>> Value, op FROM tbl_groupcheck WHERE groupname =
>>> 'TEST-10G' ORDER BY id
>>> [sql] User found in group TEST-10G
>>> [sql] expand: SELECT id, groupname, attribute, value, op
>>>FROM tbl_groupreply WHERE groupname = '%{Sql-Group}'
>>> ORDER BY id -> SELECT id, groupname, attribute,
>>> value, op FROM tbl_groupreply WHERE groupname =
>>> 'TEST-10G' ORDER BY id
>>> rlm_sql (sql): Released sql socket id: 1
>>> ++[sql] returns ok
>>> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>>> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>>> ++[checkval] returns ok
>>> [expiration] Checking Expiration time: '1 Sep 2011'
>>> ++[expiration] returns ok
>>> ++[logintime] returns noop
>>> ++[pap] returns updated
>>> Found Auth-Type = PAP
>>> # Executing group from file /etc/freeradius/sites-enabled/default
>>> +- entering group PAP {...}
>>> [pap] login attempt with password "x"
>>> [pap] Using CRYPT password "Wh1vvjSX72NI6"
>>> [pap] User authenticated successfully
>>> ++[pap] returns ok
>>> # Executing section session from file /etc/freeradius/sites-enabled/default
>>> +- entering gr
Re: Unlang Condition Wrong Value !
What i mean to say is that i am not using an integer to store the
value as integer is limited to 32bit, Instead i am directly comparing
output from sql query in Unlanf but it doesn't seems to work either.
It returns false where it should be returning true.
Regards
On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
wrote:
>
> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>
>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>> How about direct sql statements in Unlang not involving the
>> Tmp-Integer. It is also not working in my scenario.
>>
>
> You mean a comparison of two integers from two SQL statements?
>
>> Attached is the logs.
>
> More useful would be the config...
>
> -Arran
>
>>
>>
>> Going to the next request
>> Ready to process requests.
>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>> id=55, length=132
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> NAS-Port = 60
>> NAS-Port-Type = Ethernet
>> User-Name = "10021"
>> Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>> Called-Station-Id = "Internet"
>> NAS-Port-Id = "LAN"
>> User-Password = "10021"
>> NAS-Identifier = "NTL.X"
>> NAS-IP-Address = xxx.xx.xx.xx
>> # Executing section authorize from file /etc/freeradius/sites-enabled/default
>> +- entering group authorize {...}
>> ++[preprocess] returns ok
>> ++[chap] returns noop
>> ++[mschap] returns noop
>> ++[digest] returns noop
>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>> [suffix] No such realm "NULL"
>> ++[suffix] returns noop
>> [eap] No EAP-Message, not doing EAP
>> ++[eap] returns noop
>> [files] users: Matched entry DEFAULT at line 172
>> ++[files] returns ok
>> [sql] expand: %{User-Name} -> 10021
>> [sql] sql_set_user escaped user --> '10021'
>> rlm_sql (sql): Reserving sql socket id: 1
>> [sql] expand: SELECT id, username, attribute, value, op
>> FROM tbl_check WHERE username = '%{SQL-User-Name}'
>> ORDER BY id -> SELECT id, username, attribute, value, op
>> FROM tbl_check WHERE username = '10021' ORDER BY
>> id
>> [sql] User found in radcheck table
>> [sql] expand: SELECT id, username, attribute, value, op
>> FROM tbl_reply WHERE username = '%{SQL-User-Name}'
>> ORDER BY id -> SELECT id, username, attribute, value, op
>> FROM tbl_reply WHERE username = '10021' ORDER BY
>> id
>> [sql] expand: SELECT groupname FROM tbl_usergroup
>> WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
>> SELECT groupname FROM tbl_usergroup WHERE username
>> = '10021' ORDER BY priority
>> [sql] expand: SELECT id, groupname, attribute, Value, op
>> FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
>> ORDER BY id -> SELECT id, groupname, attribute,
>> Value, op FROM tbl_groupcheck WHERE groupname =
>> 'TEST-10G' ORDER BY id
>> [sql] User found in group TEST-10G
>> [sql] expand: SELECT id, groupname, attribute, value, op
>> FROM tbl_groupreply WHERE groupname = '%{Sql-Group}'
>> ORDER BY id -> SELECT id, groupname, attribute,
>> value, op FROM tbl_groupreply WHERE groupname =
>> 'TEST-10G' ORDER BY id
>> rlm_sql (sql): Released sql socket id: 1
>> ++[sql] returns ok
>> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>> ++[checkval] returns ok
>> [expiration] Checking Expiration time: '1 Sep 2011'
>> ++[expiration] returns ok
>> ++[logintime] returns noop
>> ++[pap] returns updated
>> Found Auth-Type = PAP
>> # Executing group from file /etc/freeradius/sites-enabled/default
>> +- entering group PAP {...}
>> [pap] login attempt with password "x"
>> [pap] Using CRYPT password "Wh1vvjSX72NI6"
>> [pap] User authenticated successfully
>> ++[pap] returns ok
>> # Executing section session from file /etc/freeradius/sites-enabled/default
>> +- entering group session {...}
>> [radutmp] expand: /var/log/freeradius/radutmp ->
>> /var/log/freeradius/radutmp
>> [radutmp] expand: %{User-Name} -> 10021
>> ++[radutmp] returns ok
>> # Executing section post-auth from file /etc/freeradius/sites-enabled/default
>> +- entering group post-auth {...}
>> [sql] expand: %{User-Name} -> 10021
>> [sql] sql_set_user escaped user --> '10021'
>> [sql] expand: %{User-Password} -> x
>> [sql] expand: INSERT INTO tbl_postauth
>> (username, pass, reply, authdate) VALUES (
>> '%{User-Name}',
>> '%{%{User-Password}:-%{Chap-Password}}',
>> '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth
>> (username, pass, reply, authdate)
>> VALUES ( '10021',
>> '10021', 'Access-Accept', '2011-08-08
>> 01:31:49')
>> r
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 09:32, Suman Dash wrote:
> So it is not possible to store values more than 32 bit in Tmp-Integer.
> How about direct sql statements in Unlang not involving the
> Tmp-Integer. It is also not working in my scenario.
>
You mean a comparison of two integers from two SQL statements?
> Attached is the logs.
More useful would be the config...
-Arran
>
>
> Going to the next request
> Ready to process requests.
> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
> id=55, length=132
>Service-Type = Framed-User
>Framed-Protocol = PPP
>NAS-Port = 60
>NAS-Port-Type = Ethernet
>User-Name = "10021"
>Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>Called-Station-Id = "Internet"
>NAS-Port-Id = "LAN"
>User-Password = "10021"
>NAS-Identifier = "NTL.X"
>NAS-IP-Address = xxx.xx.xx.xx
> # Executing section authorize from file /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "10021", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> [files] users: Matched entry DEFAULT at line 172
> ++[files] returns ok
> [sql] expand: %{User-Name} -> 10021
> [sql] sql_set_user escaped user --> '10021'
> rlm_sql (sql): Reserving sql socket id: 1
> [sql] expand: SELECT id, username, attribute, value, op
> FROM tbl_check WHERE username = '%{SQL-User-Name}'
> ORDER BY id -> SELECT id, username, attribute, value, op
> FROM tbl_check WHERE username = '10021' ORDER BY
> id
> [sql] User found in radcheck table
> [sql] expand: SELECT id, username, attribute, value, op
> FROM tbl_reply WHERE username = '%{SQL-User-Name}'
> ORDER BY id -> SELECT id, username, attribute, value, op
> FROM tbl_reply WHERE username = '10021' ORDER BY
> id
> [sql] expand: SELECT groupname FROM tbl_usergroup
> WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
> SELECT groupname FROM tbl_usergroup WHERE username
> = '10021' ORDER BY priority
> [sql] expand: SELECT id, groupname, attribute, Value, op
>FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
> ORDER BY id -> SELECT id, groupname, attribute,
> Value, op FROM tbl_groupcheck WHERE groupname =
> 'TEST-10G' ORDER BY id
> [sql] User found in group TEST-10G
> [sql] expand: SELECT id, groupname, attribute, value, op
>FROM tbl_groupreply WHERE groupname = '%{Sql-Group}'
> ORDER BY id -> SELECT id, groupname, attribute,
> value, op FROM tbl_groupreply WHERE groupname =
> 'TEST-10G' ORDER BY id
> rlm_sql (sql): Released sql socket id: 1
> ++[sql] returns ok
> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
> ++[checkval] returns ok
> [expiration] Checking Expiration time: '1 Sep 2011'
> ++[expiration] returns ok
> ++[logintime] returns noop
> ++[pap] returns updated
> Found Auth-Type = PAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group PAP {...}
> [pap] login attempt with password "x"
> [pap] Using CRYPT password "Wh1vvjSX72NI6"
> [pap] User authenticated successfully
> ++[pap] returns ok
> # Executing section session from file /etc/freeradius/sites-enabled/default
> +- entering group session {...}
> [radutmp] expand: /var/log/freeradius/radutmp ->
> /var/log/freeradius/radutmp
> [radutmp] expand: %{User-Name} -> 10021
> ++[radutmp] returns ok
> # Executing section post-auth from file /etc/freeradius/sites-enabled/default
> +- entering group post-auth {...}
> [sql] expand: %{User-Name} -> 10021
> [sql] sql_set_user escaped user --> '10021'
> [sql] expand: %{User-Password} -> x
> [sql] expand: INSERT INTO tbl_postauth
> (username, pass, reply, authdate) VALUES (
>'%{User-Name}',
> '%{%{User-Password}:-%{Chap-Password}}',
> '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth
> (username, pass, reply, authdate)
> VALUES ( '10021',
> '10021', 'Access-Accept', '2011-08-08
> 01:31:49')
> rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth
>(username, pass, reply, authdate)
> VALUES ( '10021',
>'10021', 'Access-Accept',
> '2011-08-08 01:31:49')
> rlm_sql (sql): Reserving sql socket id: 0
> rlm_sql (sql): Released sql socket id: 0
> ++[sql] returns ok
> ++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
>
Re: Unlang Condition Wrong Value !
So it is not possible to store values more than 32 bit in Tmp-Integer.
How about direct sql statements in Unlang not involving the
Tmp-Integer. It is also not working in my scenario.
Attached is the logs.
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
id=55, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 60
NAS-Port-Type = Ethernet
User-Name = "10021"
Calling-Station-Id = "F4:EC:38:BA:8A:3B"
Called-Station-Id = "Internet"
NAS-Port-Id = "LAN"
User-Password = "10021"
NAS-Identifier = "NTL.X"
NAS-IP-Address = xxx.xx.xx.xx
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "10021", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} -> 10021
[sql] sql_set_user escaped user --> '10021'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '10021' ORDER BY
id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '10021' ORDER BY
id
[sql] expand: SELECT groupname FROM tbl_usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM tbl_usergroup WHERE username
= '10021' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
Value, op FROM tbl_groupcheck WHERE groupname =
'TEST-10G' ORDER BY id
[sql] User found in group TEST-10G
[sql] expand: SELECT id, groupname, attribute, value, op
FROM tbl_groupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute,
value, op FROM tbl_groupreply WHERE groupname =
'TEST-10G' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
++[checkval] returns ok
[expiration] Checking Expiration time: '1 Sep 2011'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "x"
[pap] Using CRYPT password "Wh1vvjSX72NI6"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section session from file /etc/freeradius/sites-enabled/default
+- entering group session {...}
[radutmp] expand: /var/log/freeradius/radutmp ->
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> 10021
++[radutmp] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> 10021
[sql] sql_set_user escaped user --> '10021'
[sql] expand: %{User-Password} -> x
[sql] expand: INSERT INTO tbl_postauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth
(username, pass, reply, authdate)
VALUES ( '10021',
'10021', 'Access-Accept', '2011-08-08
01:31:49')
rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth
(username, pass, reply, authdate)
VALUES ( '10021',
'10021', 'Access-Accept',
'2011-08-08 01:31:49')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) =
MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}")
sql_xlat
expand: %{User-Name} -> 1002
Re: Unlang Condition Wrong Value !
RFC 2865:
integer 32 bit unsigned value, most significant octet first.
FreeRADIUS is just a RADIUS server, and the temporary integer attributes are
just RADIUS attributes.
-Arran
On 8 Aug 2011, at 09:11, Suman Dash wrote:
> I am trying to replace sqlcounter with Unland expression in Post Auth
> Section. The values are successfully called but while storing in
> Tmp-Interger those are stripped. Below are the logs .
> As you can see from the logs that Mysql returns a value of 20989570594
> But it's stored as 3557549056 for Tmp-Integer-0
>
> The same happens to Tmp-Integer-1 due to which the expression output
> becomes FALSE instead of TRUE.
>
> Is this the limitation of Tmp-Integer as it is an 32bit int ?
>
> ##Post-Auth Section
>
> sql
> update control{
>Tmp-Integer-0 := "%{sql:SELECT
> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
>FROM tbl_acct WHERE
> UserName='%{User-Name}' \
>AND
> MONTH(acctstoptime) = MONTH(NOW()) \
>AND YEAR(acctstoptime)
> = YEAR(NOW())}"
>Tmp-Integer-1 := "%{sql:SELECT
> tbl_groupcheck.value from tbl_groupcheck \
>JOIN tbl_usergroup on
> tbl_groupcheck.groupname = tbl_usergroup.groupname \
>where
> tbl_usergroup.username = '%{User-Name}'}"
> }
>if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") {
>update reply {
>Mikrotik-Recv-Limit :=
> "%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}"
> }
> }
>if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") {
>update reply {
>Reply-Message := "Fair Usage
> Policy Enforced, Bandwidth Limited"
>Mikrotik-Rate-Limit :=
> "128K/256K 128K/256K 128K/256K 180/180 8"
> }
> }
> ##MySQL Table
>
>
>
> mysql> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
> -> FROM tbl_acct WHERE UserName='10021'
> -> AND MONTH(acctstoptime) = MONTH(NOW())
> -> AND YEAR(acctstoptime) = YEAR(NOW());
>
> +--+
> | IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) |
> +--+
> | 20989570594 |
> +--+
> 1 row in set (0.00 sec)
>
> mysql> SELECT tbl_groupcheck.value from tbl_groupcheck
> ->JOIN tbl_usergroup on tbl_groupcheck.groupname =
> tbl_usergroup.groupname
> ->where tbl_usergroup.username = '10021';
>
> +-+
> | value |
> +-+
> | 20737418240 |
> +-+
> 1 row in set (0.00 sec)
>
>
> ##RADIUS DEBUG LOG
>
>
> Finished request 4.
> Cleaning up request 4 ID 176 with timestamp +15
> Going to the next request
> Ready to process requests.
> rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198,
> id=236, length=132
>Service-Type = Framed-User
>Framed-Protocol = PPP
>NAS-Port = 56
>NAS-Port-Type = Ethernet
>User-Name = "10021"
>Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
>Called-Station-Id = "Internet"
>NAS-Port-Id = "LAN"
>User-Password = "10021"
>NAS-Identifier = "XXX.XXX"
>NAS-IP-Address = XXX.XX.XX.86
> # Executing section authorize from file /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "10021", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> [files] users: Matched entry DEFAULT at line 172
> ++[files] returns ok
> [sql] expand: %{User-Name} -> 10021
> [sql] sql_set_user escaped user --> '10021'
> rlm_sql (sql): Reserving sql socket id: 3
> [sql] expand: SELECT id, username, attribute, value, op
> FROM tbl_check WHERE username = '%{SQL-User-Name}'
> ORDER BY id -> SELECT id, username, attribute, value, op
> FROM tbl_check
Unlang Condition Wrong Value !
I am trying to replace sqlcounter with Unland expression in Post Auth
Section. The values are successfully called but while storing in
Tmp-Interger those are stripped. Below are the logs .
As you can see from the logs that Mysql returns a value of 20989570594
But it's stored as 3557549056 for Tmp-Integer-0
The same happens to Tmp-Integer-1 due to which the expression output
becomes FALSE instead of TRUE.
Is this the limitation of Tmp-Integer as it is an 32bit int ?
##Post-Auth Section
sql
update control{
Tmp-Integer-0 := "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
FROM tbl_acct WHERE
UserName='%{User-Name}' \
AND
MONTH(acctstoptime) = MONTH(NOW()) \
AND YEAR(acctstoptime)
= YEAR(NOW())}"
Tmp-Integer-1 := "%{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
where
tbl_usergroup.username = '%{User-Name}'}"
}
if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") {
update reply {
Mikrotik-Recv-Limit :=
"%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}"
}
}
if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") {
update reply {
Reply-Message := "Fair Usage
Policy Enforced, Bandwidth Limited"
Mikrotik-Rate-Limit :=
"128K/256K 128K/256K 128K/256K 180/180 8"
}
}
##MySQL Table
mysql> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
-> FROM tbl_acct WHERE UserName='10021'
-> AND MONTH(acctstoptime) = MONTH(NOW())
-> AND YEAR(acctstoptime) = YEAR(NOW());
+--+
| IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) |
+--+
| 20989570594 |
+--+
1 row in set (0.00 sec)
mysql> SELECT tbl_groupcheck.value from tbl_groupcheck
-> JOIN tbl_usergroup on tbl_groupcheck.groupname =
tbl_usergroup.groupname
-> where tbl_usergroup.username = '10021';
+-+
| value |
+-+
| 20737418240 |
+-+
1 row in set (0.00 sec)
##RADIUS DEBUG LOG
Finished request 4.
Cleaning up request 4 ID 176 with timestamp +15
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198,
id=236, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 56
NAS-Port-Type = Ethernet
User-Name = "10021"
Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
Called-Station-Id = "Internet"
NAS-Port-Id = "LAN"
User-Password = "10021"
NAS-Identifier = "XXX.XXX"
NAS-IP-Address = XXX.XX.XX.86
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "10021", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} -> 10021
[sql] sql_set_user escaped user --> '10021'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '10021' ORDER BY
id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '10021' ORDER BY
id
[sql] expand: SELECT groupname FROM tbl_usergroup
WHERE username = '%{SQL-User-N
