FreeRADIU:在 SQL 中传递 Max-All-Session

FreeRADIU: passing Max-All-Session in SQL

我在 FreeRADIUS 中传递 Max-All-Session 时遇到问题,我在 SQL 中设置属性后,调试报告在 SQL

中找不到用户

这是我的调试报告,在 SQL 中没有 Max-All-Session 属性:

rad_recv: Access-Request packet from host 127.0.0.1 port 49463, id=23, length=78
User-Name = "prashant"
User-Password = "123456"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0xf58baae621fc7536617f652eada3de31
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "prashant", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[sql]   expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
rlm_sql (sql): Reserving sql socket id: 30
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'prashant'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'prashant'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'prashant'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "123456"
[pap] Using clear text password "123456"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
[sql]   expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
[sql]   expand: %{User-Password} -> 123456
[sql]   expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'prashant',                           '123456',                           'Access-Accept', '2017-03-09 12:44:28')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'prashant',                           '123456',                           'Access-Accept', '2017-03-09 12:44:28')
rlm_sql (sql): Reserving sql socket id: 29
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 23 to 127.0.0.1 port 49463
    Mikrotik-Rate-Limit = "3024k/2024k"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 23 with timestamp +279
Ready to process requests.

这是我在 radcheck 中使用 Max-All-Session 进行的调试 table:

rad_recv: Access-Request packet from host 127.0.0.1 port 51439, id=9, length=78
    User-Name = "prashant"
    User-Password = "123456"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 1812
    Message-Authenticator = 0x064a3f0008561b84a3c81be39b750048
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "prashant", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[sql]   expand: %{User-Name} -> prashant
[sql] sql_set_user escaped user --> 'prashant'
rlm_sql (sql): Reserving sql socket id: 31
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'prashant'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'prashant'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 31
[sql] User prashant not found
++[sql] = notfound
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] = noop
+} # group authorize = ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+group REJECT {
[attr_filter.access_reject]     expand: %{User-Name} -> prashant
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 9 to 127.0.0.1 port 51439
Waking up in 4.9 seconds.
Cleaning up request 0 ID 9 with timestamp +4
Ready to process requests.

这是我的 SQL 两个条目的样子: SQL screenshot

已解决!

所以我能够解决问题,问题是我使用了错误的操作数而不是使用“==”我应该使用“:=”