Но клиент так пока ИП не получает
Использовал:
nodeny
server default {
listen {
type = auth
ipaddr = *
port = 1812
}
authorize {
sql
update control {
Auth-Type := "Accept"
}
}
authenticate {
Auth-Type PAP {
pap
}
}
preacct {
acct_unique
preprocess
}
accounting {
detail
sql
exec
}
session {
radutmp
sql
}
post-auth {
sql
}
Post-Auth-Type REJECT {
sql
}
}
файл sql:
sql {
driver = "rlm_sql_mysql"
mysql {
warnings = auto
}
server = "localhost"
port = 3306
login = "nodeny"
password = "hardpass"
radius_db = "nodeny"
authorize_check_query = "call radcheck('%{User-Name}')"
authorize_reply_query = "call radreply('%{User-Name}')"
accounting {
query = "call radupdate('%{User-Name}','%{Framed-IP-Address}',\
'user=%{Calling-Station-Id};nas=%{NAS-IP-Address}')"
type {
start {
query = "call radupdate('%{User-Name}','%{Framed-IP-Address}',\
'user=%{Calling-Station-Id};nas=%{NAS-IP-Address}')"
}
}
}
post-auth {
query = "call radupdate('%{User-Name}','%{reply:Framed-IP-Address}',\
'user=%{Calling-Station-Id};nas=%{NAS-IP-Address}')"
}
}
Mysql процедуры
ALTER DATABASE nodeny CHARACTER SET utf8 COLLATE utf8_general_ci;
DROP PROCEDURE IF EXISTS `radcheck`;
DELIMITER $$
CREATE PROCEDURE `radcheck` (IN login VARCHAR(64))
BEGIN
SELECT id,name,'Cleartext-Password' AS Attribute,AES_DECRYPT(passwd,'hardpass') AS Value,':='
FROM users WHERE name=login;
END$$
DELIMITER ;
DROP PROCEDURE IF EXISTS `radreply`;
DELIMITER $$
CREATE PROCEDURE `radreply`(IN login VARCHAR(64))
BEGIN
DECLARE usr_mac VARCHAR(12);
DECLARE usr_ip VARCHAR(15);
DECLARE usr_id INT;
SELECT REPLACE(login, ':', '') INTO usr_mac;
SELECT uid INTO usr_id FROM mac_uid WHERE mac=usr_mac;
IF usr_id IS NOT NULL AND usr_id>0 THEN
SELECT get_ip(usr_id) INTO usr_ip;
UPDATE mac_uid SET ip=0 WHERE ip=INET_ATON(usr_ip) AND uid<>usr_id;
UPDATE mac_uid SET ip=INET_ATON(usr_ip), time=UNIX_TIMESTAMP() WHERE uid=usr_id;
ELSE
UPDATE mac_uid SET ip=0 WHERE uid=0 AND time<(UNIX_TIMESTAMP()-3600);
START TRANSACTION;
SELECT INET_NTOA(ip) INTO usr_ip FROM ip_pool p WHERE uid=0 AND type='dynamic'
AND NOT EXISTS (SELECT ip FROM mac_uid WHERE ip=p.ip)
ORDER BY RAND() LIMIT 1 FOR UPDATE;
INSERT INTO mac_uid VALUES(
NULL, usr_mac, INET_ATON(usr_ip), 0, UNIX_TIMESTAMP(), 0, 0, 0)
ON DUPLICATE KEY
UPDATE ip=IF(ip>0,ip,INET_ATON(usr_ip)), time=UNIX_TIMESTAMP();
COMMIT;
SELECT INET_NTOA(ip) INTO usr_ip FROM mac_uid WHERE mac=usr_mac;
END IF;
SELECT NULL, login, 'Framed-IP-Address', usr_ip, '=';
SELECT NULL, login, 'Session-Timeout', '600', '=';
END$$
DELIMITER ;
DROP PROCEDURE IF EXISTS `radupdate`;
DELIMITER $$
CREATE PROCEDURE `radupdate`(
IN login VARCHAR(64), IN ipa VARCHAR(16), IN properties VARCHAR(255))
BEGIN
DECLARE usr_mac VARCHAR(16);
SELECT REPLACE(login, ':', '') INTO usr_mac;
CALL set_auth(ipa, CONCAT('mod=dhcp;user=', usr_mac, ';', REPLACE(properties,';','')));
UPDATE mac_uid SET time=UNIX_TIMESTAMP() WHERE ip=INET_ATON(ipa) LIMIT 1;
END$$
DELIMITER ;
/usr/local/etc/raddb/mods-enabled/eap удалил
Лог радиуса при получении IP клиентом
(0) sql: EXPAND .query
(0) sql: --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (1)
(0) sql: EXPAND call radupdate('%{User-Name}','%{reply:Framed-IP-Address}', 'user=%{Calling-Station-Id};nas=%{NAS-IP-Address}')
(0) sql: --> call radupdate('B8:70:F4:73:95:78','', 'user=1:b8:70:f4:73:95:78;nas=10.20.30.40')
(0) sql: Executing query: call radupdate('B8:70:F4:73:95:78','', 'user=1:b8:70:f4:73:95:78;nas=10.20.30.40')
(0) sql: ERROR: rlm_sql_mysql: ERROR 1318 (Incorrect number of arguments for PROCEDURE nodeny.radupdate; expected 4, got 3): 42000(0) sql: SQL query returned: server error
rlm_sql (sql): Released connection (1)
(0) [sql] = fail
(0) } # post-auth = fail
(0) Using Post-Auth-Type Reject
(0) Post-Auth-Type sub-section not found. Ignoring.
и так по кругу
Мак в биллинге не прописан(свежий клиент DHCP), ИП не получает никакой.
Микрот отвечает что:
radius authentication failed for B8:70:F4:73:95:78 radius server is not responding