(RADIATOR) no such user in mysql blacklist

Hugh Irvine hugh at open.com.au
Tue Apr 22 02:52:01 CDT 2003


Hello Donald -

The problem is due to your AuthByPolicy ContinueWhileAccept, that  
expects the first check to return an Accept if the Calling-Station-Id  
is not found in the blacklist.

You should try adding "AcceptIfMissing" to your AuthBy SQL clause:

<AuthBy SQL>
	Identifier CheckSQLBlacklist
	....
	AcceptIfMissing
	....
</AuthBy>

regards

Hugh


On Tuesday, Apr 22, 2003, at 17:36 Australia/Melbourne, Foo Donald  
(Products O2) wrote:

> Hi there,
> I am tring the do a blacklist checking by the calling station id which  
> store
> in mysql database, everything was working fine before I put the  
> blacklist
> table in. it works fine again after I remove the backlist checking.  
> Did I
> mess anything??
>
> This is what I saw in debug mode.
> Tue Apr 22 15:09:57 2003: DEBUG: Packet dump:
> *** Received from 10.85.5.11 port 2971 ....
> Code:       Access-Request
> Identifier: 116
> Authentic:        1050995828
> Attributes:
>         User-Name = "test"
>         User-Password =
> "<170><172><216>*`<240><183><209><243>~<139><29><5>}<3>""
>         NAS-IP-Address = 10.85.5.11
>         Framed-IP-Address = 10.85.5.11
>         Calling-Station-Id = "010085005012"
>
> Tue Apr 22 15:09:57 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Apr 22 15:09:57 2003: DEBUG:  Deleting session for test,  
> 10.85.5.11,
> Tue Apr 22 15:09:57 2003: DEBUG: Handling with Radius::AuthSQL
> Tue Apr 22 15:09:57 2003: DEBUG: Handling with Radius::AuthSQL:
> CheckSQLBlacklist
> Tue Apr 22 15:09:58 2003: DEBUG: Query is: select REJECT from
> CALLER_BLACKLIST where Calling_Station='010085005012'
>
> Tue Apr 22 15:09:58 2003: DEBUG: Radius::AuthSQL looks for match with  
> test
> Tue Apr 22 15:09:58 2003: DEBUG: Query is: select REJECT from
> CALLER_BLACKLIST where Calling_Station='010085005012'
>
> Tue Apr 22 15:09:58 2003: INFO: Access rejected for test: No such user
> Tue Apr 22 15:09:58 2003: DEBUG: do query is: insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE, REASON, Calling_Station) values  
> (1050995398,
> 'test', 0, 'No such user', 010085005012)
>
> Tue Apr 22 15:09:58 2003: DEBUG: Packet dump:
> *** Sending to 10.85.5.11 port 2971 ....
> Code:       Access-Reject
> Identifier: 116
> Authentic:        1050995828
> Attributes:
>         Reply-Message = "No such user"
>
>
> Herewith is the content of the blacklist table
> mysql> select * from CALLER_BLACKLIST;
> +-----------------+-------------------------------------------------+
> | Calling_Station | REJECT                                          |
> +-----------------+-------------------------------------------------+
> | 010085005011    | Auth-Type = "Reject: You did not pay your bill" |
> +-----------------+-------------------------------------------------+
> 1 row in set (0.00 sec)
>
>
> Herewith is the content of the subscriber table
> mysql> select * from SUBSCRIBERS;
> +----------+----------+-------------------+-----------+----------- 
> +---------
> -+
> | USERNAME | PASSWORD | ENCRYPTEDPASSWORD | CHECKATTR | REPLYATTR |  
> TIMELEFT
> |
> +----------+----------+-------------------+-----------+----------- 
> +---------
> -+
> | test     | test     | NULL              | NULL      | NULL      |     
>  NULL
> |
> +----------+----------+-------------------+-----------+----------- 
> +---------
> -+
> 1 row in set (0.00 sec)
>
> Herewith is the configuration of my radiator.
> Foreground
> LogStdout
> LogDir          .
> DbDir           .
> Trace           4
>
> AuthPort 1812
> AcctPort 1813
>
> <Client DEFAULT>
>         Secret  radius
> </Client>
>
> <AuthBy SQL>
>         Identifier      CheckSQLBlacklist
>         DBSource        dbi:mysql:radius
>         DBUsername      root
>         DBAuth          test123
>         AuthSelect      select REJECT from CALLER_BLACKLIST where
> Calling_Station='%{Calling-Station-Id}'
>         AuthColumnDef   0, GENERIC, check
>         NoDefaultIfFound
> </AuthBy>
>
> <AuthBy SQL>
>         Identifier      CheckSQLNormal
>         DBSource        dbi:mysql:radius
>         DBUsername      root
>         DBAuth          test123
>
>         AccountingTable ACCOUNTING
>         AcctColumnDef   USERNAME,User-Name
>         AcctColumnDef   TIME_STAMP,Timestamp,integer
>         AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>         AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>         AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>         AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>         AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>         AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>         AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>         AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>         AcctColumnDef   NASPORT,NAS-Port,integer
>         AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>         AcctColumnDef   ACCTCALLINGSTATIONID,Calling-Station-Id
> </AuthBy>
>
> <Realm DEFAULT>
>         RejectHasReason
>         AuthByPolicy    ContinueWhileAccept
>         AuthBy          CheckSQLBlacklist
>         AuthBy          CheckSQLNormal
>
>         <AuthLog SQL>
>                 DBSource        dbi:mysql:radius
>                 DBUsername      root
>                 DBAuth          test123
>                 LogSuccess
>                 SuccessQuery insert into RADAUTHLOG (TIME_STAMP,  
> USERNAME,
> TYPE, REASON, Calling_Station) values (%t, '%n', 1, 'Authorized',
> %{Calling-Station-Id})
>                 LogFailure
>                 FailureQuery insert into RADAUTHLOG (TIME_STAMP,  
> USERNAME,
> TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
> %{Calling-Station-Id})
>         </AuthLog>
>
> </Realm>
>
> Regards,
> Donald
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list