[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnu-radius] problem of authorisation of users on radius 1.6 (Fedor
From: |
Васильев Александр |
Subject: |
[Help-gnu-radius] problem of authorisation of users on radius 1.6 (Fedora 11) |
Date: |
Tue, 25 Aug 2009 11:27:11 +0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) Gecko/20090814 Fedora/3.0-2.6.b3.fc11 Thunderbird/3.0b3 |
Hello!
At transition with radius 1.4 (CentOS 5) on radius 1.6 (Fedora 11) there
was a problem of authorisation of users.
*
File "rewrite" identical on both servers:*
integer
cisco_pid(string A)
{
<------>if (A =~ ".*\([0-9][0-9]*\):[A-Z]:\([0-9][0-9]*\)") {
<------><------>return (integer)\2;
<------>}
<------>return -1;
}
integer
set_service() {
# Unknown service
%[Auth-Data] = "0";
return 1;
}
#<-----> if ( substr(%[Calling-Station-Id],0,7) == "8902430" ) {
# logit(substr(%[Calling-Station-Id],0,7));
integer
set_service1() {
....
# logit("Radius hangs without this -)");
if ( %[User-Name] == "" ) {
<------># Empty logins: will check CLI
<------>%[User-Name] = "cli#" + %[Calling-Station-Id];
}
# Private fix
if ( %[Called-Station-Id] == "221285" ) { %[Called-Station-Id] =
"86121285"; }
if ( %[Called-Station-Id] == "228285" ) { %[Called-Station-Id] =
"86128285"; }
# DialUp
if ( %[NAS-Port-Type] == 0 ) { %[Auth-Data] = "1"; return 1; }
# PPPoE
if ( %[NAS-Port-Type] == 5 ) { %[Auth-Data] = "2"; return 1; }
# ISDN
if ( %[NAS-Port-Type] == 2 ) { %[Auth-Data] = "3"; return 1; }
# Unknown service
%[Auth-Data] = "0";
return 1;
}
integer
set_service2() {
# Known fixed service
%[Auth-Data] = "1";
return 1;
}
*File "hint" identical on both servers:*
DEFAULT Rewrite-Function = restore_nas_ip Fall-Through = Yes
# check if user still alowed and break sessions otherwise
DEFAULT NULL Acct-Ext-Program = "/home/stbs/radius/checkrad
%C{Acct-Session-Id} %C{NAS-IP-Address} %R{Acct-Status-Type} %C{Class:=0}
\"%D\""
*
File checkrad identical on both servers:*
LOG=/home/stbs/radius/log/podclient.log
PODDIR=/usr/sbin
PODBIN=podclient
ROOT=/home/stbs/radius
#ROOT=$PWD
#Обрывать сессии
[ -f "$ROOT/killflag" ] || echo 0 > $ROOT/killflag
DOKILL=$(cat $ROOT/killflag)
#echo "$@" >> $LOG
pushd $ROOT > /dev/null
. connect
[ -f "$ROOT/checkrad.stop" ] || . podclient.sh $@
popd > /dev/null
radius-debug.log on radius 1.6
Aug 19 16:43:45 [21801]: debug: auth.c:761:rad_authenticate: auth:
53orgremgaz
Aug 19 16:43:45 [21801]: debug: postgres.c:250:rad_postgres_exec: query:
SELECT AtrName, Value, Cmp from rad_check('53orgremgaz', '', '2009-08-19
16:43:45','')
Aug 19 16:43:45 [21801]: debug: postgres.c:264:rad_postgres_exec:
status: PGRES_TUPLES_OK
Aug 19 16:43:45 [21801]: debug: postgres.c:250:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 0, '2009-08-19
16:43:45','')
Aug 19 16:43:45 [21801]: debug: postgres.c:264:rad_postgres_exec:
status: PGRES_TUPLES_OK
Aug 19 16:43:45 [21801]: debug: postgres.c:174:rad_postgres_getpwd:
query: SELECT rad_password('53orgremgaz', 'xxx');
Aug 19 16:43:45 [21801]: debug: postgres.c:188:rad_postgres_getpwd:
status: PGRES_TUPLES_OK
Aug 19 16:43:45 [21801]: debug: auth.c:602:rad_check_password:
auth_type=0, userpass=xxx, name=53orgremgaz, password=xxx
Aug 19 16:43:45 [21801]: debug: auth.c:648:rad_check_password: auth: Local
Aug 19 16:43:45 [21801]: debug: auth.c:1233:sfn_ack: ACK: 53orgremgaz
radius-debug.log on radius 1.4
Aug 19 16:45:50 [4795]: debug: auth.c:762:rad_authenticate:
auth:53orgremgaz
Aug 19 16:45:50 [4795]: debug: postgres.c:251:rad_postgres_exec: query:
SELECT AtrName, Value, Cmp from rad_check('53orgremgaz', '',
'2009-08-1916:45:50','')
Aug 19 16:45:50 [4795]: debug: postgres.c:267:rad_postgres_exec:
status:PGRES_TUPLES_OK
Aug 19 16:45:50 [4795]: debug: postgres.c:251:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 2,
'2009-08-1916:45:50','')
Aug 19 16:45:50 [4795]: debug: postgres.c:267:rad_postgres_exec:
status:PGRES_TUPLES_OK
Aug 19 16:45:50 [4795]: debug: postgres.c:173:rad_postgres_getpwd:
query: SELECT rad_password('53orgremgaz', 'xxx');
Aug 19 16:45:50 [4795]: debug: postgres.c:189:rad_postgres_getpwd:
status:PGRES_TUPLES_OK
Aug 19 16:45:50 [4795]: debug: auth.c:603:rad_check_password:
auth_type=0, userpass=xxx, name=53orgremgaz, password=xxx
Aug 19 16:45:50 [4795]: debug: auth.c:649:rad_check_password: auth:Local
Aug 19 16:45:50 [4795]: debug: auth.c:1235:sfn_ack: ACK: 53orgremgaz
*On a server radius 1.4 such line comes*
Aug 19 16:45:50 [4795]: debug: postgres.c:251:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 2,
'2009-08-1916:45:50','')
*And on a server 1.6 such line comes*
Aug 19 16:43:45 [21801]: debug: postgres.c:250:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 0, '2009-08-19
16:43:45','')
Why function rewrite returns "0" instead of "2" for PPPoE connection?
What options are still necessary to help me
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Help-gnu-radius] problem of authorisation of users on radius 1.6 (Fedora 11),
Васильев Александр <=