(RADIATOR) no such user in mysql blacklist
Hugh Irvine
hugh at open.com.au
Tue Apr 22 02:52:01 CDT 2003
Hello Donald -
The problem is due to your AuthByPolicy ContinueWhileAccept, that
expects the first check to return an Accept if the Calling-Station-Id
is not found in the blacklist.
You should try adding "AcceptIfMissing" to your AuthBy SQL clause:
<AuthBy SQL>
Identifier CheckSQLBlacklist
....
AcceptIfMissing
....
</AuthBy>
regards
Hugh
On Tuesday, Apr 22, 2003, at 17:36 Australia/Melbourne, Foo Donald
(Products O2) wrote:
> Hi there,
> I am tring the do a blacklist checking by the calling station id which
> store
> in mysql database, everything was working fine before I put the
> blacklist
> table in. it works fine again after I remove the backlist checking.
> Did I
> mess anything??
>
> This is what I saw in debug mode.
> Tue Apr 22 15:09:57 2003: DEBUG: Packet dump:
> *** Received from 10.85.5.11 port 2971 ....
> Code: Access-Request
> Identifier: 116
> Authentic: 1050995828
> Attributes:
> User-Name = "test"
> User-Password =
> "<170><172><216>*`<240><183><209><243>~<139><29><5>}<3>""
> NAS-IP-Address = 10.85.5.11
> Framed-IP-Address = 10.85.5.11
> Calling-Station-Id = "010085005012"
>
> Tue Apr 22 15:09:57 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Apr 22 15:09:57 2003: DEBUG: Deleting session for test,
> 10.85.5.11,
> Tue Apr 22 15:09:57 2003: DEBUG: Handling with Radius::AuthSQL
> Tue Apr 22 15:09:57 2003: DEBUG: Handling with Radius::AuthSQL:
> CheckSQLBlacklist
> Tue Apr 22 15:09:58 2003: DEBUG: Query is: select REJECT from
> CALLER_BLACKLIST where Calling_Station='010085005012'
>
> Tue Apr 22 15:09:58 2003: DEBUG: Radius::AuthSQL looks for match with
> test
> Tue Apr 22 15:09:58 2003: DEBUG: Query is: select REJECT from
> CALLER_BLACKLIST where Calling_Station='010085005012'
>
> Tue Apr 22 15:09:58 2003: INFO: Access rejected for test: No such user
> Tue Apr 22 15:09:58 2003: DEBUG: do query is: insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE, REASON, Calling_Station) values
> (1050995398,
> 'test', 0, 'No such user', 010085005012)
>
> Tue Apr 22 15:09:58 2003: DEBUG: Packet dump:
> *** Sending to 10.85.5.11 port 2971 ....
> Code: Access-Reject
> Identifier: 116
> Authentic: 1050995828
> Attributes:
> Reply-Message = "No such user"
>
>
> Herewith is the content of the blacklist table
> mysql> select * from CALLER_BLACKLIST;
> +-----------------+-------------------------------------------------+
> | Calling_Station | REJECT |
> +-----------------+-------------------------------------------------+
> | 010085005011 | Auth-Type = "Reject: You did not pay your bill" |
> +-----------------+-------------------------------------------------+
> 1 row in set (0.00 sec)
>
>
> Herewith is the content of the subscriber table
> mysql> select * from SUBSCRIBERS;
> +----------+----------+-------------------+-----------+-----------
> +---------
> -+
> | USERNAME | PASSWORD | ENCRYPTEDPASSWORD | CHECKATTR | REPLYATTR |
> TIMELEFT
> |
> +----------+----------+-------------------+-----------+-----------
> +---------
> -+
> | test | test | NULL | NULL | NULL |
> NULL
> |
> +----------+----------+-------------------+-----------+-----------
> +---------
> -+
> 1 row in set (0.00 sec)
>
> Herewith is the configuration of my radiator.
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> AuthPort 1812
> AcctPort 1813
>
> <Client DEFAULT>
> Secret radius
> </Client>
>
> <AuthBy SQL>
> Identifier CheckSQLBlacklist
> DBSource dbi:mysql:radius
> DBUsername root
> DBAuth test123
> AuthSelect select REJECT from CALLER_BLACKLIST where
> Calling_Station='%{Calling-Station-Id}'
> AuthColumnDef 0, GENERIC, check
> NoDefaultIfFound
> </AuthBy>
>
> <AuthBy SQL>
> Identifier CheckSQLNormal
> DBSource dbi:mysql:radius
> DBUsername root
> DBAuth test123
>
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef ACCTCALLINGSTATIONID,Calling-Station-Id
> </AuthBy>
>
> <Realm DEFAULT>
> RejectHasReason
> AuthByPolicy ContinueWhileAccept
> AuthBy CheckSQLBlacklist
> AuthBy CheckSQLNormal
>
> <AuthLog SQL>
> DBSource dbi:mysql:radius
> DBUsername root
> DBAuth test123
> LogSuccess
> SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME,
> TYPE, REASON, Calling_Station) values (%t, '%n', 1, 'Authorized',
> %{Calling-Station-Id})
> LogFailure
> FailureQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME,
> TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
> %{Calling-Station-Id})
> </AuthLog>
>
> </Realm>
>
> Regards,
> Donald
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list