Gnu
 » 
Gnu - Radius
 » 
Gnu - Radius - General

problem of authorisation of users on radius 1.6 (Fedora 11)

View: New views
1 Messages — Rating Filter:   Alert me  

problem of authorisation of users on radius 1.6 (Fedora 11)

by Васильев Александр :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hello!

At transition with radius 1.4 (CentOS 5) on radius 1.6 (Fedora 11) there
was a problem of authorisation of users.
*
File "rewrite" identical on both servers:*
integer
cisco_pid(string A)
{
<------>if (A =~ ".*\([0-9][0-9]*\):[A-Z]:\([0-9][0-9]*\)") {
<------><------>return (integer)\2;
<------>}
<------>return -1;
}

integer
set_service() {
     # Unknown service
     %[Auth-Data] = "0";
     return 1;
}

#<----->    if ( substr(%[Calling-Station-Id],0,7) == "8902430" ) {
#   logit(substr(%[Calling-Station-Id],0,7));

integer
set_service1() {
....
#    logit("Radius hangs without this -)");

     if ( %[User-Name] == "" ) {
<------># Empty logins: will check CLI
<------>%[User-Name] = "cli#" + %[Calling-Station-Id];
     }

     # Private fix
     if ( %[Called-Station-Id] == "221285" ) { %[Called-Station-Id] =
"86121285"; }
     if ( %[Called-Station-Id] == "228285" ) { %[Called-Station-Id] =
"86128285"; }

     # DialUp
     if ( %[NAS-Port-Type] == 0 ) { %[Auth-Data] = "1"; return 1; }

     # PPPoE
     if ( %[NAS-Port-Type] == 5 ) { %[Auth-Data] = "2"; return 1; }

     # ISDN
     if ( %[NAS-Port-Type] == 2 ) { %[Auth-Data] = "3"; return 1; }

     # Unknown service
     %[Auth-Data] = "0";
     return 1;
}

integer
set_service2() {
     # Known fixed service
     %[Auth-Data] = "1";
     return 1;
}


*File "hint" identical on both servers:*
DEFAULT Rewrite-Function = restore_nas_ip       Fall-Through = Yes

# check if user still alowed and break sessions otherwise
DEFAULT NULL Acct-Ext-Program = "/home/stbs/radius/checkrad
%C{Acct-Session-Id} %C{NAS-IP-Address} %R{Acct-Status-Type} %C{Class:=0}
\"%D\""

*
File checkrad identical on both servers:*
LOG=/home/stbs/radius/log/podclient.log

PODDIR=/usr/sbin
PODBIN=podclient


ROOT=/home/stbs/radius
#ROOT=$PWD


#Обрывать сессии
[ -f "$ROOT/killflag" ] || echo 0 > $ROOT/killflag
DOKILL=$(cat $ROOT/killflag)

#echo "$@" >> $LOG
pushd $ROOT > /dev/null
. connect
[ -f "$ROOT/checkrad.stop" ] || . podclient.sh $@
popd > /dev/null



radius-debug.log on radius 1.6
Aug 19 16:43:45 [21801]: debug: auth.c:761:rad_authenticate: auth:
53orgremgaz
Aug 19 16:43:45 [21801]: debug: postgres.c:250:rad_postgres_exec: query:
SELECT AtrName, Value, Cmp from rad_check('53orgremgaz', '', '2009-08-19
16:43:45','')
Aug 19 16:43:45 [21801]: debug: postgres.c:264:rad_postgres_exec:
status: PGRES_TUPLES_OK
Aug 19 16:43:45 [21801]: debug: postgres.c:250:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 0, '2009-08-19
16:43:45','')
Aug 19 16:43:45 [21801]: debug: postgres.c:264:rad_postgres_exec:
status: PGRES_TUPLES_OK
Aug 19 16:43:45 [21801]: debug: postgres.c:174:rad_postgres_getpwd:
query: SELECT rad_password('53orgremgaz', 'xxx');
Aug 19 16:43:45 [21801]: debug: postgres.c:188:rad_postgres_getpwd:
status: PGRES_TUPLES_OK
Aug 19 16:43:45 [21801]: debug: auth.c:602:rad_check_password:
auth_type=0, userpass=xxx, name=53orgremgaz, password=xxx
Aug 19 16:43:45 [21801]: debug: auth.c:648:rad_check_password: auth: Local
Aug 19 16:43:45 [21801]: debug: auth.c:1233:sfn_ack: ACK: 53orgremgaz


radius-debug.log on radius 1.4
Aug 19 16:45:50 [4795]: debug: auth.c:762:rad_authenticate:
auth:53orgremgaz
Aug 19 16:45:50 [4795]: debug: postgres.c:251:rad_postgres_exec: query:
SELECT AtrName, Value, Cmp from rad_check('53orgremgaz', '',
'2009-08-1916:45:50','')
Aug 19 16:45:50 [4795]: debug: postgres.c:267:rad_postgres_exec:
status:PGRES_TUPLES_OK
Aug 19 16:45:50 [4795]: debug: postgres.c:251:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 2,
'2009-08-1916:45:50','')
Aug 19 16:45:50 [4795]: debug: postgres.c:267:rad_postgres_exec:
status:PGRES_TUPLES_OK
Aug 19 16:45:50 [4795]: debug: postgres.c:173:rad_postgres_getpwd:
query: SELECT rad_password('53orgremgaz', 'xxx');
Aug 19 16:45:50 [4795]: debug: postgres.c:189:rad_postgres_getpwd:
status:PGRES_TUPLES_OK
Aug 19 16:45:50 [4795]: debug: auth.c:603:rad_check_password:
auth_type=0, userpass=xxx, name=53orgremgaz, password=xxx
Aug 19 16:45:50 [4795]: debug: auth.c:649:rad_check_password:   auth:Local
Aug 19 16:45:50 [4795]: debug: auth.c:1235:sfn_ack: ACK: 53orgremgaz


*On a server radius 1.4 such line comes*
Aug 19 16:45:50 [4795]: debug: postgres.c:251:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 2,
'2009-08-1916:45:50','')

*And on a server 1.6 such line comes*
Aug 19 16:43:45 [21801]: debug: postgres.c:250:rad_postgres_exec: query:
SELECT AtrName, Value from rad_reply('53orgremgaz', '', 0, '2009-08-19
16:43:45','')



Why function rewrite returns "0" instead of "2" for PPPoE connection?

What options are still necessary to help me
_______________________________________________
Help-gnu-radius mailing list
Help-gnu-radius@...
http://lists.gnu.org/mailman/listinfo/help-gnu-radius
Free embeddable forum powered by Nabble Forum Help