Bug #9131
closed
Captive Portal Radius Accounting "unauthenticated"
0%
Description
Hi,
when setup a Radius Mac auth, pfSense send to external freeradius the value "unauthenticated" as User-Name in Accounting request. The authentication process works great.
those are my log.
FREERADIUS LOGS
----------------------
Received Access-Request Id 212 from xx.xx.xx.xx:44647 to xx.xx.xx.xx:1812 length 168
Service-Type = Login-User
User-Name = "e8:e0:b7:09:46:68"
User-Password = "XXXXXXX"
NAS-IP-Address = 192.168.180.253
NAS-Identifier = "CaptivePortal"
Calling-Station-Id = "e8:e0:b7:09:46:68"
Called-Station-Id = "00:0d:b9:4c:c8:a8:pfsense.xxx.it"
NAS-Port-Type = Ethernet
NAS-Port = 2000
Framed-IP-Address = 172.16.103.50
session-state: No State attribute
----------------------
sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'e8:e0:b7:09:46:68' ORDER BY id
sql: User found in radcheck table
sql: Conditional check items matched, merging assignment check items
sql: Auth-Type := Accept
----------------------
Sent Access-Accept Id 212 from xx.xx.xx.xx:1812 to xx.xx.xx.xx:44647 length 0
----------------------
Received Accounting-Request Id 138 from xx.xx.xx.xx:36559 to xx.xx.xx.xx:1813 length 178
Service-Type = Login-User
User-Name = "unauthenticated"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
NAS-IP-Address = 192.168.180.253
NAS-Identifier = "CaptivePortal"
NAS-Port-Type = Ethernet
NAS-Port = 2000
Acct-Session-Id = "3a382fbe5849ad00"
Framed-IP-Address = 172.16.103.50
Calling-Station-Id = "e8:e0:b7:09:46:68"
Called-Station-Id = "00:0d:b9:4c:c8:a8:pfsense.xxx.it"
-------------------------
Debug: literal --> ', (SELECT groupname FROM radusergroup WHERE username='
Debug: attribute --> SQL-User-Name
-------------------------
My comment:
SQL-User-Name will never be my mac-user.....
-------------------------
sql: rlm_sql_mysql: ERROR 1048 (Column 'groupname' cannot be null): 23000
sql: SQL query returned: query invalid
} # accounting = invalid
Not sending reply to client.
Finished request
-------------------------
PFSENSE LOGS
-------------------------
Nov 17 10:05:09 logportalauth 65937 Zone: test - MACHINE LOGIN: unauthenticated, e8:e0:b7:09:46:68, 172.16.103.50
Nov 17 10:05:24 logportalauth 65937 Zone: test - RADIUS ACCOUNTING FAILED : No valid RADIUS responses received
-------------------------
Thanks
Federico
Files
Updated by A FL about 6 years ago
Hello,
Thank you for reporting this issue!
I just submitted a pull request fixing it ( https://github.com/pfsense/pfsense/pull/4015 ). Not sure when it will be merged, though.
If you really need this feature now, you could use the patch package and install this pull request as patch (see https://www.netgate.com/docs/pfsense/development/system-patches.html for details)
Alternatively, you could also update your FreeRadius config. MAC Addresses of connected users are still transmitted in Accounting Requests using Calling-Station-Id attribute, you could update the SQL request done by the RADIUS config accordingly. I mean, in mods-config/sql/main/mysql/queries.conf you should have a query looking like:
SELECT groupname FROM radusergroup WHERE username ='%{SQL-User-Name}' ORDER BY priority
you could replace %{SQL-User-Name} by %{Calling-Station-ID}
Updated by Renato Botelho about 6 years ago
- Assignee set to Renato Botelho
- Target version set to 2.4.4-p1
PR merged. Thanks!
Updated by Federico Fiordoliva about 6 years ago
Thanks!!
The patch works great.
Federico
Updated by Renato Botelho about 6 years ago
- Status changed from Feedback to Resolved