Re: radius difficulty

Sanket Totala Thu, 25 Nov 2004 21:39:35 -0800

i have tried by creating my own group file and passwd file. But in any case a passwd file is required. can i not work without a passwd file

sanket

[EMAIL PROTECTED] wrote:

Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."

Today's Topics:

1. Log password (Nicolas Viers - SCI Limoges)
2. Re: Radius Authentication scheme (Antonio Martinez)
3. Re: rlm_eap_md5: User-Password is required for EAP-MD5 authentication (Alan DeKok)
4. Re: NAS Location (Alan DeKok)
5. Re: radius difficulty (Alan DeKok)
6. Re: Sorry, this time w/o HTML an Vcard :( - Difference between incor rect CHAP- or CLI-Authentification in logfile (Alan DeKok)
7. Re: Radius Authentication scheme (Alan DeKok)
8. Acct Logging to Mysql ([EMAIL PROTECTED])
9. ntlm_auth difficulty (Dudley Atkinson)
10. Segmentation fault (core dumped) (=?iso-8859-1?Q?Rafael_G=F3mez?=)

--__--__--

Message: 1
Date: Thu, 25 Nov 2004 13:22:55 +0100
From: Nicolas Viers - SCI Limoges <[EMAIL PROTECTED]>
Organization: =?ISO-8859-1?Q?Universit=E9_de_Limoges?=
To: [EMAIL PROTECTED]
Subject: Log password
Reply-To: [EMAIL PROTECTED]

When i log accounting of my radius server i always had the password in
the log file
even i put:
log_auth_badpass =3D no
log_auth_goodpass =3D no
in radiusd.conf

Any idea ?

--=20

____________________________________________________________

Nicolas Viers | Service Commun Informatique
M=E9l: [EMAIL PROTECTED] | 123, avenue Albert Thomas
| 87060 Limoges cedex
Tel: 05-55-45-77-09 | Fax: 05-55-45-75-95
http://www.unilim.fr/sci
____________________________________________________________

--__--__--

Message: 2
Date: Thu, 25 Nov 2004 08:59:49 -0500
From: Antonio Martinez <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
cc: Michael Griego <[EMAIL PROTECTED]>
Subject: Re: Radius Authentication scheme
Reply-To: [EMAIL PROTECTED]

Alan, Michael:

I just received the knowledge that the file "rlm_digest.c" was changed by a
person here, not by Michael Griego, whose name appeared in the top of the
file and made me think he was the person who changed it. I apologize for
the confusion this might have caused.

On the other hand, since you support the draft "Radius Extension for Digest
Authentication" ("doc/rfc/draft-sterman-aaa-sip-00.txt") this means I have
to figure out how to make it work without that patch. I believe FreeRadius
should be used *as is* (unless there is something missing there, but until
further evidence I assume that this is not the case).

Thanks to both for your answers regarding this issue.

Antonio Martinez

--On Wednesday, November 24, 2004 06:09:53 PM -0500 Alan DeKok
<[EMAIL PROTECTED]>wrote:

> Antonio Martinez <[EMAIL PROTECTED]>wrote:
>> I don't know how my colleague got this file, but on the very first line
>> shows the CVS automated changelog with your name and the date:
>
> That just the last person who changed the file.
>
> The more important question is: where did you get that file? So far
> as I can tell, the changes have never been included in the server.
>
>> If I use the "official" file, Digest MD5 doesn't work for me, that's for
>> sure. Only if I rebuild using the patch file you created.
>
> WHO created? Michael didn't create the patch.
>
> Can you send the PATCH to the list, as opposed to the whole C file?
> Sending the patched C file is asking *us* to do the work to figure out
> what changed. Sending the patch is much more polite.
>
> Can you say what NAS equipment you're using?
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

--__--__--

Message: 3
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: rlm_eap_md5: User-Password is required for EAP-MD5 authentication
Date: Thu, 25 Nov 2004 09:55:18 -0500
Reply-To: [EMAIL PROTECTED]

"Chan Min Wai (System Administrator)" <[EMAIL PROTECTED]>wrote:
> > CLEAR text passwords are required for EAP-MD5. Crypt passwords will
> > NEVER work.
>
> Anyway to make it work? somehow?

No. It's impossible.

> Putting clear text password is always a risk.

That's why you secure your machine room.

Alan DeKok.

--__--__--

Message: 4
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: NAS Location
Date: Thu, 25 Nov 2004 09:59:17 -0500
Reply-To: [EMAIL PROTECTED]

Avinash Agarwal <[EMAIL PROTECTED]>wrote:
> My concern is , the NAS IP address could be changed by a provider.
> Is there a better way to uniquely identify a NAS location?

No.

Alan DeKok.

--__--__--

Message: 5
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: radius difficulty
Date: Thu, 25 Nov 2004 10:01:30 -0500
Reply-To: [EMAIL PROTECTED]

Sanket Totala <[EMAIL PROTECTED]>wrote:
> Now user "r" belongs to group "demo". I want that the policy
> specified in the Filter-Id attribute of group "demo" be applicable
> to user "r". I get that only when user "r" is present in the passwd
> file also, even if "r" has Auth-Type := Local. My passwd file is
> /etc/passwd.

That's how Unix groups work. If a user is in /etc/groups, but not
in /etc/passwd, then the user is not, in fact, in any group.

I suggest using rlm_passwd to define groups which are known only to
FreeRADIUS. It doesn't have those limitations.

Alan DEKok.

--__--__--

Message: 6
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Sorry, this time w/o HTML an Vcard :( - Difference between incor rect CHAP- or CLI-Authentification in logfile
Date: Thu, 25 Nov 2004 10:04:02 -0500
Reply-To: [EMAIL PROTECTED]

"Beckers, Michael" <[EMAIL PROTECTED]>wrote:
> We're using FreeRADIUS V. 0.8.1 on SuSE 8.2 and we want to add
> CLI-Authentification.

I suggest you upgrade to 1.0.1, there are a LOT of bugs fixed in it.

> At the moment, in the logfile (log_auth = yes, log_auth_badpass = yes, log_auth:goodpass = yes) we can't differ between failed CHAP-Authentification and failed CLI-Authentification.
>
> Is there a way to change this, e.g Login incorrect: [user/]: Wrong CLI/CHAP-Password?

Edit src/main/auth.c

Alan DeKok.

--__--__--

Message: 7
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Radius Authentication scheme
Date: Thu, 25 Nov 2004 10:08:21 -0500
Reply-To: [EMAIL PROTECTED]

Antonio Martinez <[EMAIL PROTECTED]>wrote:
> On the other hand, since you support the draft "Radius Extension for Digest
> Authentication" ("doc/rfc/draft-sterman-aaa-sip-00.txt") this means I have
> to figure out how to make it work without that patch.

Not necessarily. Can you PLEASE say which NAS you're using?
Knowing that may help solve the problem.

And WHY were the changes made to the code? There must have been
some reason, like a protocol specification. Find out what that spec is, and post a link to it here.q

Your patch obviously does something, because it inter-operates with
your NAS. I would like to know what it does, and why. Maybe we can
add the patch to the server, so that other people don't run into the
same problem. But until you give more information, it's impossible to
know what's going on.

Alan DeKok.

--__--__--

Message: 8
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Acct Logging to Mysql
Date: Thu, 25 Nov 2004 17:21:42 +0100
Reply-To: [EMAIL PROTECTED]

Hello List,

we have freeradius 1.0.1 and Mysql 4.0.3.
Auth Logging works fine, but the acct Logging is broken.
In freeradius -X i found no NAS Ports:

modcall[accounting]: module "detail" returns ok for request 1
modcall[accounting]: module "unix" returns noop for request 1
radius_xlat: '/var/log/freeradius/radutmp'
radius_xlat: 'panekm'
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
modcall[accounting]: module "radutmp" returns noop for request 1
modcall: group accounting returns ok for request 1
Sending Accounting-Response of id 23 to 172.20.49.102:1047
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 23 with timestamp 41a6052b
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 22 with timestamp 41a60528
Nothing to do. Sleeping until we see a request.

We used it as an VPN Server , Hardware is Enterasys XSR-1805:
Config :

!
aaa method radius radius default
enable
group ecavpn
address ip-address 172.20.49.106
hash enable
key xxxxxxxxxxxx
client vpn
auth-port 1812
acct-port 1813
attempts 4
retransmit 3
timeout 10
qtimeout 0

Radiusd.conf :

#listen {
# IP address on which to listen.
# Allowed values are:
# dotted quad (1.2.3.4)
# hostname (radius.example.com)
# wildcard (*)
# ipaddr =3D *

# Port on which to listen.
# Allowed values are:
# integer port number (1812)
# 0 means "use /etc/services for the proper port"
# port =3D 0

# Type of packets to listen for.
# Allowed values are:
# auth listen for authentication packets
# acct listen for accounting packets
#
type =3D acct
#}

# configuration entry can be set to 'no'.
#
check_with_nas =3D yes

# Set the file permissions, as the contents of this =
file
# are usually private.
perm =3D 0600

callerid =3D "yes"
}

# "Safe" radutmp - does not contain caller ID, so it can be
# world-readable, and radwho can work for normal users, without
# exposing any information that isn't already exposed by =
who(1).
#

# Accounting. Log the accounting data.
#
accounting {
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
sql
acct_unique

#
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
detail
# daily
unix # wtmp file

Any idea ??
Thx

Regards / Gr=FC=DFe / Danke

Marco Panek

...............................................................
Smurfit Europa Carton GmbH
Information Systems (IS)
Tilsiter Stra=DFe 144
D-22047 Hamburg

Tel: +49 (0)40 30901 191
Fax: +49 (0)40 30901 5191
[EMAIL PROTECTED]

--__--__--

Message: 9
From: "Dudley Atkinson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: ntlm_auth difficulty
Date: Thu, 25 Nov 2004 11:09:23 -0600
Reply-To: [EMAIL PROTECTED]

This is a multi-part message in MIME format.

------=_NextPart_000_000D_01C4D2DF.3AFDD470
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I cannot get ntlm_auth to work within freeradius, and I hope someone can
point me to the right answer, since I've exhausted my ideas.
=20
ntlm_auth works manually.
=20
The snippet from radiusd.conf is:
=20
mschap {
authtype =3D MS-CHAP
use_mppe =3D yes
require_encryption =3D yes
require_strong =3D yes
#with_ntdomain_hack =3D no
ntlm_auth =3D "/opt/local/bin/ntlm_auth --request-nt-key
--username=3D%{Stripped-User-Name:-%{User-Name:-None}}
--challenge=3D%{mschap:Challenge:-00} =
--nt-response=3D%{mschap:NT-Response:-00}"
}

When I run radiusd -X, I see:
=20
modcall: entering group Auth-Type for request 2
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.

=20
What could the problem be? I am passing a User-Password, as seen in the =
top
of the debug listing:
=20
rad_recv: Access-Request packet from host 127.0.0.1:51724, id=3D0, =
length=3D69
User-Password =3D "12345"
User-Name =3D "duddley"
NAS-IP-Address =3D 127.0.0.1
MS-CHAP-Challenge =3D 0x7364666c6a333234

Does MS-CHAP-Use-NTLM-Auth need to be configured somewhere in the users
file? It seems to me somehow that the ntlm_auth isn't getting used at =
all.
=20
I appreciate any advice - I haven't found an answer after a lot of =
searching
and trying different things.
=20
thanks!
-jd atkinson
=20
=20

------=_NextPart_000_000D_01C4D2DF.3AFDD470
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

charset=3Dus-ascii">

I =
cannot get=20
ntlm_auth to work within freeradius, and I hope class=3D111010817-25112004>someone can point me to the right =
answer, since=20
I've exhausted my ideas.

size=3D2>

size=3D2>ntlm_auth works=20
manually.

size=3D2>

The =
snippet from=20
radiusd.conf is:

size=3D2>

size=3D2>        mschap=20
{
           &n=
bsp;   =20
authtype =3D=20
MS-CHAP
          &n=
bsp;    =20
use_mppe =3D=20
yes
           =
    =20
require_encryption =3D=20
yes
           =
    =20
require_strong =3D=20
yes
           =
    =20
#with_ntdomain_hack =3D=20
no
           &=
nbsp;   =20
ntlm_auth =3D "/opt/local/bin/ntlm_auth --request-nt-key=20
--username=3D%{Stripped-User-Name:-%{User-Name:-None}}=20
--challenge=3D%{mschap:Challenge:-00}=20
--nt-response=3D%{mschap:NT-Response:-00}"

size=3D2>        =
}

When I =
run radiusd=20
-X, I see:

size=3D2>

size=3D2>modcall:=20
entering group Auth-Type for request 2
rlm_mschap: No =
User-Password=20
configured. Cannot create LM-Password.
rlm_mschap: No=20
User-Password configured. Cannot create=20
NT-Password.

size=3D2>

What =
could the=20
problem be? I am passing a User-Password, as seen in the top of =
the debug=20
listing:

size=3D2>

size=3D2>rad_recv:=20
Access-Request packet from host 127.0.0.1:51724, id=3D0,=20
length=3D69
        User-Password =
=3D=20
"12345"
        User-Name =3D=20
"duddley"
        NAS-IP-Address =
=3D=20
127.0.0.1
        =
MS-CHAP-Challenge =3D=20
0x7364666c6a333234

Does=20
MS-CHAP-Use-NTLM-Auth need to be configured somewhere in the users =

file? It seems to me somehow that the ntlm_auth isn't getting used =
at=20
all.

size=3D2>

I=20
appreciate any advice - I =
haven't=20
found an answer after a lot of searching and trying different=20
things.

size=3D2>

size=3D2>thanks!

size=3D2>-class=3D111010817-25112004>jd atkinson

size=3D2>

face=3DArial>

------=_NextPart_000_000D_01C4D2DF.3AFDD470--

--__--__--

Message: 10
From: =?iso-8859-1?Q?Rafael_G=F3mez?= <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Segmentation fault (core dumped)
Date: Thu, 25 Nov 2004 16:49:32 -0400
Reply-To: [EMAIL PROTECTED]

Hi all
Everytime I tried to run freeradius with SQL support I got the following
message: "Segmentation fault (core dumped)"
My radiusd.conf is the following:

authorize {
preprocess
chap
mschap
suffix
sql
}

authenticate {
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
}

preacct {
preprocess
suffix
}

accounting {
detail
unix
sql
radutmp
}

session {
radutmp
}

Now radiusd execution:

Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = "radpass"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress =
'%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ?
AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets =
'%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND
UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'"
sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')"
sql: accounting_start_query = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}',
'', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{Acct-Delay-Time}', '0')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S',
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol
FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: postauth_table = "radpostauth"
sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply,
date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
Segmentation fault (core dumped)

Rafael Gomez
Eng. Manager CCOM Venezuela
[EMAIL PROTECTED] tel:
fax: 58-212-286.06.63
58-212-286.17.19

--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.

--__--__--

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

End of Freeradius-Users Digest

Yahoo! India Matrimony: Find your life partner online.

Re: radius difficulty

Reply via email to