FreeRADIU:在 SQL 中传递 Max-All-Session
FreeRADIU: passing Max-All-Session in SQL
我在 FreeRADIUS 中传递 Max-All-Session 时遇到问题,我在 SQL 中设置属性后,调试报告在 SQL
中找不到用户
这是我的调试报告,在 SQL 中没有 Max-All-Session 属性:
rad_recv: Access-Request packet from host 127.0.0.1 port 49463, id=23, length=78
User-Name = "prashant"
User-Password = "123456"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0xf58baae621fc7536617f652eada3de31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "prashant", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[sql] expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
rlm_sql (sql): Reserving sql socket id: 30
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'prashant' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'prashant' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'prashant' ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "123456"
[pap] Using clear text password "123456"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
[sql] expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
[sql] expand: %{User-Password} -> 123456
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'prashant', '123456', 'Access-Accept', '2017-03-09 12:44:28')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'prashant', '123456', 'Access-Accept', '2017-03-09 12:44:28')
rlm_sql (sql): Reserving sql socket id: 29
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 23 to 127.0.0.1 port 49463
Mikrotik-Rate-Limit = "3024k/2024k"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 23 with timestamp +279
Ready to process requests.
这是我在 radcheck 中使用 Max-All-Session 进行的调试 table:
rad_recv: Access-Request packet from host 127.0.0.1 port 51439, id=9, length=78
User-Name = "prashant"
User-Password = "123456"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x064a3f0008561b84a3c81be39b750048
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "prashant", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[sql] expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
rlm_sql (sql): Reserving sql socket id: 31
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'prashant' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'prashant' ORDER BY priority
rlm_sql (sql): Released sql socket id: 31
[sql] User prashant not found
++[sql] = notfound
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject] expand: %{User-Name} -> prashant
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 9 to 127.0.0.1 port 51439
Waking up in 4.9 seconds.
Cleaning up request 0 ID 9 with timestamp +4
Ready to process requests.
这是我的 SQL 两个条目的样子:
SQL screenshot
已解决!
所以我能够解决问题,问题是我使用了错误的操作数而不是使用“==”我应该使用“:=”
我在 FreeRADIUS 中传递 Max-All-Session 时遇到问题,我在 SQL 中设置属性后,调试报告在 SQL
中找不到用户这是我的调试报告,在 SQL 中没有 Max-All-Session 属性:
rad_recv: Access-Request packet from host 127.0.0.1 port 49463, id=23, length=78
User-Name = "prashant"
User-Password = "123456"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0xf58baae621fc7536617f652eada3de31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "prashant", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[sql] expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
rlm_sql (sql): Reserving sql socket id: 30
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'prashant' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'prashant' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'prashant' ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "123456"
[pap] Using clear text password "123456"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
[sql] expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
[sql] expand: %{User-Password} -> 123456
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'prashant', '123456', 'Access-Accept', '2017-03-09 12:44:28')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'prashant', '123456', 'Access-Accept', '2017-03-09 12:44:28')
rlm_sql (sql): Reserving sql socket id: 29
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 23 to 127.0.0.1 port 49463
Mikrotik-Rate-Limit = "3024k/2024k"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 23 with timestamp +279
Ready to process requests.
这是我在 radcheck 中使用 Max-All-Session 进行的调试 table:
rad_recv: Access-Request packet from host 127.0.0.1 port 51439, id=9, length=78
User-Name = "prashant"
User-Password = "123456"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x064a3f0008561b84a3c81be39b750048
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "prashant", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[sql] expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
rlm_sql (sql): Reserving sql socket id: 31
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'prashant' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'prashant' ORDER BY priority
rlm_sql (sql): Released sql socket id: 31
[sql] User prashant not found
++[sql] = notfound
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject] expand: %{User-Name} -> prashant
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 9 to 127.0.0.1 port 51439
Waking up in 4.9 seconds.
Cleaning up request 0 ID 9 with timestamp +4
Ready to process requests.
这是我的 SQL 两个条目的样子: SQL screenshot
已解决!
所以我能够解决问题,问题是我使用了错误的操作数而不是使用“==”我应该使用“:=”