Thanks man it is working fine no probs at all :) just trying to see the easiest way to kill Ghost connections at the moment i have 5 Ghost connections where the users are trying to come back on but not happening becasue radius have them loged on
sarky ----- Original Message ----- From: "Evren Yurtesen" <[EMAIL PROTECTED]> To: "sarky" <[EMAIL PROTECTED]>; <"mailto:free?????????????????????? Sent: Sunday, February 01, 2004 9:22 PM Subject: Re: [MikroTik] PPPoE Only one user connection > I think this was the latest patch I sent to list. Let me know if this > doesnt work. > > sarky wrote: > > > Hi again > > > > I have looked through my archive of all the freeradius emails and couldnt > > find the relevant patch from yourself. > > And i know you are not going to send it out to every single person but can > > you make an exception :) this time pretty please .. > > now the perl side is working i got the module installed i just need to get > > the checkrad to kick in :) anyways one by one need the patch and then i will > > document this because there is no documentation around. > > > > Thank you > > > > Sarky > > > > ----- Original Message ----- > > From: "Evren Yurtesen" <[EMAIL PROTECTED]> > > To: "sarky" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > > <[EMAIL PROTECTED]> > > Sent: Sunday, February 01, 2004 7:47 PM > > Subject: Re: [MikroTik] PPPoE Only one user connection > > > > > > > >>If you are registered to freeradius mailing list, you should have > >>received my patches for the checkrad program. Please apply that patch to > >>freeradius before compilation, then you can use SNMP or Perl-Telnet to > >>control this one user situation. But the patch only works up to 1 user > >>limit. If you want to limit your users to 2, then you are in trouble. > >>But 1 works fine! This is because I cant get which port the user is > >>connected to from mikrotik. At least mikrotik gives a port number to > >>Radius but there is no way to get the same number for the same user with > >>snmp or telnet. > >> > >>You should set naspasswd, clients.conf files and uncomment a line in > >>sql.conf about simultaneous-use counts. You need net-snmp installed or > >>p5-Net-Telnet. If you get stuck, then you can ask me more :) But please > >>dont ask for step by step instructions. I think most of the things are > >>self explanatory. But you could write a step by step dokument for making > >>Freeradius user check work with mikrotik and send to mikrotik guys, > >>maybe they would include in their documentation and you might get a free > >>license for your work :) Mikrotik guys say that they sometimes give free > >>licenses for this kind of things. But then the other main point is that > >>you will become famous etc :) > >> > >>I also would suggest you to force freeradius developers to patch the > >>freeradius distribution. This is essential, because I am not going to > >>send this patch to people one by one. (Perhaps you can find from > >>freeradius mailing lists though). > >> > >>If you dont know what is checkrad program, then please learn it first. > >>You will find the information of why we need this program very useful > >>and educating. > >> > >>Evren > >> > >>sarky wrote: > >> > >> > >>>sorry evren i saw you replying on list about the PPPOE only one user. > >>>Well i am having a similar problem but with Freeradius at the other end. > >>>please can you explain it to me :) i know you offered it to the guy if > > > > he > > > >>>was using radiusd > >>> > >>>thank you > >>> > >>>Sarky > >>> > >> > >> > > > ---------------------------------------------------------------------------- ---- > --- src/main/checkrad.pl.in Thu Aug 28 18:28:47 2003 > +++ checkrad.pl.in.new Sun Jan 11 15:42:54 2004 > @@ -29,7 +29,8 @@ > # versanet_snmp 1.0 Author: [EMAIL PROTECTED] > # bay_finger 1.0 Author: [EMAIL PROTECTED] > # cisco_l2tp 1.14 Author: [EMAIL PROTECTED] > -# mikrotik_telnet 1.0 Author: Evren Yurtesen <[EMAIL PROTECTED]> > +# mikrotik_telnet 1.1 Author: Evren Yurtesen <[EMAIL PROTECTED]> > +# mikrotik_snmp 1.0 Author: Evren Yurtesen <[EMAIL PROTECTED]> > # redback_telnet Author: Eduardo Roldan > # > # Config: $debug is the file you want to put debug messages in > @@ -37,6 +38,7 @@ > # $snmpwalk is the location of your ``snmpwalk'' program > # $snmp_timeout is the timeout for snmp queries > # $snmp_retries is the number of retries for timed out snmp queries > +# $snmp_version is the version of to use for snmp queries [1,2c,3] > # $rusers is the location of your ``rusers'' program > # $naspass is the location of your NAS admin password file > # > @@ -54,6 +56,7 @@ > $snmpwalk = "@SNMPWALK@"; > $snmp_timeout = 5; > $snmp_retries = 1; > +$snmp_version = "2c"; > $rusers = "@RUSERS@"; > $naspass = "$raddbdir/naspasswd"; > > @@ -148,8 +151,8 @@ > my ($host, $community, $oid) = @_; > local $_; > > - print LOG "snpwalk: $snmpwalk -r $snmp_retries -t $snmp_timeout -v2c -c '$community' $host $oid\n"; > - $_ = `$snmpwalk -r $snmp_retries -t $snmp_timeout -v2c -c '$community' $host $oid`; > + print LOG "snpwalk: $snmpwalk -r $snmp_retries -t $snmp_timeout -v$snmp_version -c '$community' $host $oid\n"; > + $_ = `$snmpwalk -r $snmp_retries -t $snmp_timeout -v$snmp_version -c '$community' $host $oid`; > > return $_; > } > @@ -180,8 +183,8 @@ > my ($ret); > local $_; > > - print LOG "snmpget: $snmpget -r $snmp_retries -t $snmp_timeout -v2c -c '$community' $host $oid\n"; > - $_ = `$snmpget -r $snmp_retries -t $snmp_timeout -v2c -c '$community' $host $oid`; > + print LOG "snmpget: $snmpget -r $snmp_retries -t $snmp_timeout -v$snmp_version -c '$community' $host $oid\n"; > + $_ = `$snmpget -r $snmp_retries -t $snmp_timeout -v$snmp_version -c '$community' $host $oid`; > if (/^.*(\s|\")([0-9A-Za-z]{8})(\s|\"|$).*$/) { > # Session ID format. > $ret = $2; > @@ -1152,27 +1155,80 @@ > ($login eq "[EMAIL PROTECTED]") ? 1 : 0; > } > > +sub mikrotik_snmp { > + > + # Set SNMP version > + # MikroTik only supports version 1 > + $snmp_version = "1"; > + > + # Look up community string in naspasswd file. > + ($login, $password) = naspasswd($ARGV[1], 1); > + if ($login && $login ne 'SNMP') { > + if($debug) { > + print LOG "Error: Need SNMP community string for $ARGV[1]\n"; > + } > + return 2; > + } else { > + # If password is defined in naspasswd file, use it as community, > + # otherwise use $cmmty_string > + if ($password eq '') { > + $password = "$cmmty_string"; > + } > + } > + > + # We want interface descriptions > + $oid = "ifDescr"; > + > + # Mikrotik doesnt give port IDs correctly to RADIUS :( > + # practically this would limit us to a simple only-one user limit for > + # this script to work properly. > + @output = snmpwalk_prog($ARGV[1], $password, "$oid"); > + > + foreach $line ( @output ) { > + #remove newline > + chomp $line; > + #remove trailing whitespace > + ($line = $line) =~ s/\s+$//; > + if( $line =~ /<.*-$ARGV[3]>/ ) { > + $username_seen++; > + } > + } > + > + #lets return something > + if ($username_seen > 0) { > + return 1; > + } else { > + return 0; > + } > +} > + > sub mikrotik_telnet { > # Localize all variables first. > my ($t, $login, $password); > - my (@fields, @output, $output, $username_seen, $user); > + my (@fields, @output, $output, $username_seen, $user); > > return 2 unless (check_net_telnet()); > > $terminalserver = $ARGV[1]; > $user = $ARGV[3]; > > - # Get login name and password for a certain NAS from $naspass. > + # Get login name and password for a certain NAS from $naspass. > ($login, $password) = naspasswd($terminalserver, 1); > - return 2 if ($password eq ""); > + return 2 if ($password eq ""); > > # MikroTik routeros doesnt tell us to which port the user is connected > # practically this would limit us to a simple only-one user limit for > - # this script to work properly. > + # this script to work properly. > $t = new Net::Telnet (Timeout => 5, > Prompt => '//[EMAIL PROTECTED] > /'); > > - $t->open($terminalserver); > + # Dont just exit when there is error > + $t->errmode('return'); > + > + # Telnet to terminal server > + $t->open($terminalserver) or return 2; > + > + #Send login and password etc. > $t->login(Name => $login, > Password => $password, > # We must detect if we are logged in from the login banner. > @@ -1194,33 +1250,45 @@ > # Somehow routeros echo'es our commands 2 times. We dont want to mix > # this with the real command prompt. > $t->waitfor('/[EMAIL PROTECTED] > ppp active print column name detail/'); > - > + > # Now lets get the list of online ppp users. > ( $output ) = $t->waitfor('/[EMAIL PROTECTED] > /'); > - > - # For debugging we can print the list to stdout > - #print $output; > + > + # For debugging we can print the list to stdout > +# print $output; > > #Lets logout to make everybody happy. > #If we close the connection without logging out then routeros > #starts to complain after a while. Saying; > - #telnetd: All network ports in use. > + #telnetd: All network ports in use. > $t->print("quit"); > $t->close; > - > + > #check for # of $user in output > #the output includes only one = between name and username so we can > - #safely use it as a seperator. > - @output = $output; > - foreach $line ( @output ) { > - if( $line =~ /name=/ ) { > - @fields = split( /=/, $line ); > - if( $fields[2] == "\"$user\"") { > - $username_seen++; > - } > - } > - } > - > + #safely use it as a seperator. > + > +#disabled until mikrotik starts to send newline after each line... > +# @output = $output; > +# foreach $line ( @output ) { > +# #remove newline > +# chomp $line; > +# #remove trailing whitespace > +# ($line = $line) =~ s/\s+$//; > +# if( $line =~ /name=/ ) { > +# print($line); > +# @fields = split( /=/, $line ); > +# if( $fields[1] == "\"$user\"") { > +# $username_seen++; > +# } > +# } > +# } > + > + if( $output =~ /name="$user"/ ) { > + $username_seen++; > + } > + > + #lets return something > if ($username_seen > 0) { > return 1; > } else { > @@ -1346,6 +1414,8 @@ > $ret = &cisco_l2tp_snmp; > } elsif ($ARGV[0] eq 'mikrotik'){ > $ret = &mikrotik_telnet; > +} elsif ($ARGV[0] eq 'mikrotik_snmp'){ > + $ret = &mikrotik_snmp; > } elsif ($ARGV[0] eq 'redback'){ > $ret = &redback_telnet; > } elsif ($ARGV[0] eq 'other') { > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
