#59 problem with attributes for the profiles

[Anonymous]

Hello,

I have a problem with daloradius.
I create a profile and add 2 attributes for this one. After, i create a user (without attributes) and the group of this user is my profile. But the attributes of the profiles don't seems to be applied to the user...

Have you an idea?

Regards,

Pierre

[Liran Tal]

Hi Pierre,

It's though to provide you with answers without seeing some logs.
Can you show a dump of the db with the relevant tables? (radcheck and radgroupcheck, radgroupreply) and also with FR running in debug mode so we can see if they apply or not.

[Anonymous]

Maybe I don't have understand the goal of the group...
if I have a group with 1 attribute (Essid-name for example to define the SSID for Aruba's AP) So I have one line in radgroupcheck in the DB. If I create 1 user and my user will be in the group. This user can have the attribute or not?

Regards,

Pierre

[Liran Tal]

Pierre,

Sure, that works but make sure that you assign the attribute in the reply (radgroupreply) section if its something that needs to be replied back to the NAS. A check attribute (radgroupcheck) is something internal to FreeRADIUS.

[Anonymous]

in fact, when I had the attribute to the user (radcheck), it works, but when in use the profile, it doesn't work (radgroupcheck)... when we check the log, they never speak about the table in the request...

[Liran Tal]

Can you post some freeradius debug of the request along with dumps of the radgroupcheck, radcheck, radusergroup tables?

[Anonymous]

I try to connnect with the user2 on the SSID "Guest". Normaly, it should failed, but it doesn't... :)

DUMP :

--
-- Structure de la table radcheck
--

CREATE TABLE IF NOT EXISTS radcheck (
id int(11) unsigned NOT NULL AUTO_INCREMENT,
username varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
attribute varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
op char(2) COLLATE utf8_unicode_ci NOT NULL DEFAULT '==',
value varchar(253) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
PRIMARY KEY (id),
KEY username (username(32))
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=33 ;

--
-- Contenu de la table radcheck
--

INSERT INTO radcheck (id, username, attribute, op, value) VALUES
(32, 'user2', 'Cleartext-Password', ':=', 'user2'),
(31, 'user1', 'Cleartext-Password', ':=', 'user1');

---

--
-- Structure de la table radgroupcheck
--

CREATE TABLE IF NOT EXISTS radgroupcheck (
id int(11) unsigned NOT NULL AUTO_INCREMENT,
groupname varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
attribute varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
op char(2) COLLATE utf8_unicode_ci NOT NULL DEFAULT '==',
value varchar(253) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
PRIMARY KEY (id),
KEY groupname (groupname(32))
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=15 ;

--
-- Contenu de la table radgroupcheck
--

INSERT INTO radgroupcheck (id, groupname, attribute, op, value) VALUES
(1, 'daloRADIUS-Disabled-Users', 'Auth-Type', ':=', 'Reject'),
(13, 'profile1', 'Auth-Type', ':=', 'Reject'),
(14, 'profile2', 'Aruba-Essid-Name', '==', 'Shinka_Guest2');

---

--
-- Structure de la table radusergroup
--

CREATE TABLE IF NOT EXISTS radusergroup (
username varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
groupname varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
priority int(11) NOT NULL DEFAULT '1',
KEY username (username(32))
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

--
-- Contenu de la table radusergroup
--

INSERT INTO radusergroup (username, groupname, priority) VALUES
('user2', 'profile2', 0),
('user1', 'profile1', 0);

---

LOGS :

rad_recv: Access-Request packet from host XX.XX.XX.XX port 49154, id=21, length=175
NAS-IP-Address = xx.xx.xx.xx
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = "user2"
User-Password = "user2"
Service-Type = Login-User
Calling-Station-Id = "00738D0963C3"
Called-Station-Id = "6CF37FC1BBFD"
Aruba-Essid-Name = "Guest"
Aruba-Location-Id = "AP"
Aruba-Attr-10 = 0x5669727475616c5f436f6e74726f6c
Message-Authenticator = 0x747c64059f2c1dc3bed2e3aae637584f

Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[sql] expand: %{User-Name} -> user2
[sql] sql_set_user escaped user --> 'user2'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'user2' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'profile2' ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP

Executing group from file /etc/freeradius/sites-enabled/default

+- entering group PAP {...}
[pap] login attempt with password "user2"
[pap] Using clear text password "user2"
[pap] User authenticated successfully
++[pap] returns ok

Executing section post-auth from file /etc/freeradius/sites-enabled/default

+- entering group post-auth {...}
[sql] expand: %{User-Name} -> user2
[sql] sql_set_user escaped user --> 'user2'
[sql] expand: %{User-Password} -> user2
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'user2', 'user2', 'Access-Accept', '2014-01-16 16:32:47')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'user2', 'user2', 'Access-Accept', '2014-01-16 16:32:47')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 21 to XX.XX.XX.XX port 49154
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 3 ID 21 with timestamp +283
Ready to process requests.

[Anonymous]

it seems that daloradius don't check the attributes of the profile

[Anonymous]

any idea?

[Anonymous]

up please???

[Anonymous]

Hi,

I have the same problem. The attributes configured on profiles seems didn't applied correctly but if I configure the attribute directly in the user works fine.

User: test
Profile: profile-test
Check-Attribute: Called-Station-Id =~ test

The following request should not work, but works! 0_0

rad_recv: Access-Request packet from host 172.16.5.101 port 55829, id=36, length=51
User-Name = "test"
User-Password = "test"
Called-Station-Id = "other"
Fri Mar 7 12:55:11 2014 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Fri Mar 7 12:55:11 2014 : Info: +- entering group authorize {...}
Fri Mar 7 12:55:11 2014 : Info: ++[mxp] returns noop
Fri Mar 7 12:55:11 2014 : Info: [sql] expand: %{User-Name} -> test
Fri Mar 7 12:55:11 2014 : Info: [sql] sql_set_user escaped user --> 'test'
Fri Mar 7 12:55:11 2014 : Debug: rlm_sql (sql): Reserving sql socket id: 0
Fri Mar 7 12:55:11 2014 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test' ORDER BY id
Fri Mar 7 12:55:11 2014 : Info: [sql] User found in radcheck table
Fri Mar 7 12:55:11 2014 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test' ORDER BY id
Fri Mar 7 12:55:11 2014 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'test' ORDER BY priority
Fri Mar 7 12:55:11 2014 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'profile-test' ORDER BY id
Fri Mar 7 12:55:11 2014 : Info: [sql] expand: %{Called-Station-Id} -> other
Fri Mar 7 12:55:11 2014 : Debug: rlm_sql (sql): Released sql socket id: 0
Fri Mar 7 12:55:11 2014 : Info: ++[sql] returns ok
Fri Mar 7 12:55:11 2014 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local'
Fri Mar 7 12:55:11 2014 : Info: WARNING: Use the PAP or CHAP modules instead.
Fri Mar 7 12:55:11 2014 : Info: User-Password in the request is correct.
Fri Mar 7 12:55:11 2014 : Info: # Executing section post-auth from file /etc/freeradius/sites-enabled/default
Fri Mar 7 12:55:11 2014 : Info: +- entering group post-auth {...}
Fri Mar 7 12:55:11 2014 : Info: ++[exec] returns noop
Sending Access-Accept of id 36 to 172.16.5.101 port 55829
Fri Mar 7 12:55:11 2014 : Info: Finished request 3.
Fri Mar 7 12:55:11 2014 : Debug: Going to the next request
Fri Mar 7 12:55:11 2014 : Debug: Waking up in 4.9 seconds.
Fri Mar 7 12:55:16 2014 : Info: Cleaning up request 3 ID 36 with timestamp +1660
Fri Mar 7 12:55:16 2014 : Info: Ready to process requests.

[Anonymous]

How was this solved? Is this a problem with a specific version of freeradius?

[Anonymous]

Hello
how to create profile speed for user in daloradius ?

[Anonymous]

The still seems to be an issue. Trying to manage any users attributes by putting them in a profile/group (instead of applying an attribute directly to them) simply isnt working. Has anyone firgured out why this happens or are there any known workarounds/fixes?

[Anonymous]

james
same here : no way to make groups attribute used by users.... unless coding manually the function as pushing groups attributes to the users via sql...
or i didnt get the group meaning or use

[Anonymous]

Hi all,
Same issue here, reply attribute is not pushed to device when was set to profile.
reply atribute working only if it was set to user profile.
version: daloradius-0.9-9.tar.gz

bad news

[Liran Tal]

Please open the issue at https://github.com/lirantal/daloradius

[Anonymous]