Virtual Servers & nas_table Server Column Problem

classic Classic list List threaded Threaded
3 messages Options
| Threaded
Open this post in threaded view
|

Virtual Servers & nas_table Server Column Problem

Users mailing list
Hello,

I use freeradius 3.0.20 on ubuntu server 20.04 virtual machines with mssql backend accessed by freetds.
I had 3 virtual machines just for freeradius, so i wanted to run them all on a single machine to make better use of resources and decided to make use of Virtual Server capability of freeradius.

i kept the defualt site as the server of main ISP and added  2 more virtual servers, namely WISPServer and HotspotServer (for hotels and cafes)  whose listen sections are as follows:

server default {
    listen {
        type = auth
        ipaddr = *
        port = 0
        limit {
              max_connections = 16
              lifetime = 0
              idle_timeout = 30
        }
    }
    listen {
        ipaddr = *
        port = 0
        type = acct
        limit {
        }
    }
    listen {
        type = auth
        ipv6addr = ::   # any.  ::1 == localhost
        port = 0
        limit {
              max_connections = 16
              lifetime = 0
              idle_timeout = 30
        }
    }
    listen {
        ipv6addr = ::
        port = 0
        type = acct
        limit {
        }
    }
    ...
}

server WISPServer {
    listen {
        type = auth
        ipaddr = *
        port = 2812
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }
    listen {
        ipaddr = *
        port = 2813
        type = acct
        limit {
        }
    }
    listen {
        type = auth
        ipv6addr = ::   # any.  ::1 == localhost
        port = 2812
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }
    listen {
        ipv6addr = ::
        port = 2813
        type = acct
        limit {
        }
    }
    ...
}

server HotspotServer {
    listen {
        type = auth
        ipaddr = *
        port = 3812
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }
    listen {
        ipaddr = *
        port = 3813
        type = acct
        limit {
        }
    }
    listen {
        type = auth
        ipv6addr = ::   # any.  ::1 == localhost
        port = 3812
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }
    listen {
        ipv6addr = ::
        port = 3813
        type = acct
        limit {
        }
    }
    ...
}

And sql module definitions are all similar except database names.

sql {   # default server
    #    sql  WISPSQL{  for WISPServer
    #    sql  HotspotSQL{  for HotspotServer

    dialect = "mssql"
    driver = "rlm_sql_freetds"


    server = "SQLServer"
    port = 1433
    login = "sa"
    password = "<<servet>>"
    
    radius_db = "ISP"
    #       radius_db = "WISP"  for WISPServer
    #       radius_db = "Hotspot"  for HotspotServer

    acct_table1 = "radacct"
    acct_table2 = "radacct"
    postauth_table = "radpostauth"
    authcheck_table = "radcheck"
    groupcheck_table = "radgroupcheck"
    authreply_table = "radreply"
    groupreply_table = "radgroupreply"
    usergroup_table = "radcheck"
    
    delete_stale_sessions = yes
    
    pool {
        start = ${thread[pool].start_servers}
        min = ${thread[pool].min_spare_servers}
        max = ${thread[pool].max_servers}
        spare = ${thread[pool].max_spare_servers}
        uses = 0
        retry_delay = 30
        lifetime = 0
        idle_timeout = 60
    }
    
    read_clients = yes
    client_table = "nas"
    group_attribute = "SQL-Group"
    $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
}

Here i use radcheck GroupName custom column to define groups, a user can only have a singe group and it is a calculated field.

nas_table has a Server column to define virtual server name:

nas_query = " SELECT Id, IPAddress, ShortName, 'other', Secret, ISNULL(Server, '') FROM ${nas_table}"

The attached debug file shows that the client added to WISPServer  clients list:

rlm_sql (WISPSQL): Adding client 192.168.1.1 (ofis) to WISPServer clients list
rlm_sql (192.168.1.1): Client "ofis" (WISPSQL) added

But when the client ( 92.168.1.1 ) sends an accountig request i get error:

Ignoring request to acct address * port 2813 bound to server WISPServer from unknown client 192.168.1.1 port 41272 proto udp

To make it work i needed to do one two things, remove Server column from nas query or make it NULL (actually empty string, NULL does not work either), in this case it adds clients to global client list saying

rlm_sql ( WISPSQL): Adding client 192.168.1.1 (ofis) to global clients list


For security reasons i wan to define client for a Virtual Server, how can i make it work?

An example debug oupt is attached.

Thaks.




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ViertualServerDebug.txt (71K) Download Attachment
| Threaded
Open this post in threaded view
|

Re: Virtual Servers & nas_table Server Column Problem

Alan DeKok-2
On Jul 29, 2020, at 6:49 AM, Ali Arslan via Freeradius-Users <[hidden email]> wrote:
>
> I use freeradius 3.0.20 on ubuntu server 20.04 virtual machines with mssql backend accessed by freetds.
> I had 3 virtual machines just for freeradius, so i wanted to run them all on a single machine to make better use of resources and decided to make use of Virtual Server capability of freeradius.
>
> i kept the defualt site as the server of main ISP and added  2 more virtual servers, namely WISPServer and HotspotServer (for hotels and cafes)  whose listen sections are as follows:

  http://wiki.freeradius.org/list-help

  There is no need to post the configuration files.  Please don't.  It doesn't help 99% of the time.

> The attached debug file shows that the client added to WISPServer  clients list:
>
> rlm_sql (WISPSQL): Adding client 192.168.1.1 (ofis) to WISPServer clients list
> rlm_sql (192.168.1.1): Client "ofis" (WISPSQL) added
>
> But when the client ( 92.168.1.1 ) sends an accountig request i get error:
>
> Ignoring request to acct address * port 2813 bound to server WISPServer from unknown client 192.168.1.1 port 41272 proto udp
>
> To make it work i needed to do one two things, remove Server column from nas query or make it NULL (actually empty string, NULL does not work either), in this case it adds clients to global client list saying
>
> rlm_sql ( WISPSQL): Adding client 192.168.1.1 (ofis) to global clients list
>
> For security reasons i wan to define client for a Virtual Server, how can i make it work?

  I've pushed a fix.  You can download the latest version of v3.0.x from gthub:  https://github.com/FreeRADIUS/freeradius-server/

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Virtual Servers & nas_table Server Column Problem

Users mailing list
 > I've pushed a fix.  You can download the latest version of v3.0.x from gthub:  FreeRADIUS/freeradius-server
>Alan DeKok.

 
 
 
   
 FreeRADIUS/freeradius-server
 FreeRADIUS - A multi-protocol policy server. Contribute to FreeRADIUS/freeradius-server development by creating ...  
Thanks Alan.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html