Please HELP ME..can do Session TimeOut for Replace sql counter ?,

2002-07-28 Thread Gumilar Satriawan 

Hi all, My Guru..

I am configuring FreeRadius Server 06 and Portslave
2001-01-19 for internet prepaid..

My problem is difficult disconnect users while their
login to RADIUS. I have Idea to count for each session
time use Session Time Out While user Logging on, But I
am not sure it will working fine..

Alternatifely use Rlm_sqlcounter, But It intend not
for each user account balance but For Each Group
Defined in daily, weekly, etc.., 9 ( I have to
modified in long time )I need For each users
can have Account Balance ( Time Duration) and then
system RADIUS can Forcing disconnect POrtslave modem
if User account expired..

Please Help Me.. GURUs, mainly for Mr.Alan and Mr.
Chris ...

Thank In Advanced

Gumilar Satriawan


__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Cisco VSA FreeRADIUS

2002-07-28 Thread HOPPÁL Felicián 



Hello,

I've tested freeradius 0.6 and it works fine, I'm 
planning to replace my production radius now. I have only one problem, I'd like 
to log Cisco VSAs(likenas-rx-speed, nas-tx-speed)in SQL 
database. I have 50+ AS5350 an AS5400 with IOS 12.2 and it sends VSA accounting 
as Cisco-AVPair. Cisco-vsa-hack does not work with this. Any solution? This is a 
sample accounting-stop record:

Fri Jul 26 22:56:34 
2002 NAS-IP-Address = 
xxx
 NAS-Port 
= 670 Cisco-NAS-Port = 
"Async5/22*Serial2/6:2" 
NAS-Port-Type = Async User-Name = 
"xxx" Called-Station-Id = 
"xxx" Calling-Station-Id = 
"xxx" Acct-Status-Type = 
Stop Acct-Authentic = 
RADIUS Service-Type = 
Framed-User Acct-Session-Id = 
"0E000D11" Framed-Protocol = 
PPP Framed-IP-Address 
=xxx
 
Acct-Terminate-Cause = 
Lost-Carrier Acct-Input-Octets = 
3597499 Acct-Output-Octets = 
36347730 Acct-Input-Packets = 
55748 Acct-Output-Packets = 
74657 Acct-Session-Time = 
7280 Cisco-AVPair = 
"disc-cause-ext=1011" Cisco-AVPair 
= "pre-bytes-in=123" Cisco-AVPair 
= "pre-bytes-out=112" Cisco-AVPair 
= "pre-paks-in=5" Cisco-AVPair = 
"pre-paks-out=5" Cisco-AVPair = 
"pre-session-time=25" Cisco-AVPair 
= "connect-progress=60" 
Cisco-AVPair = 
"nas-rx-speed=28800" Cisco-AVPair 
= "nas-tx-speed=5" 
Acct-Delay-Time = 0 
Client-IP-Address =xxx
 
Timestamp = 1027716994
Best Regards,
Felician Hoppal

FreeRADIUS 0.7 ORACLE

2002-07-28 Thread HOPPÁL Felicián 



Hello,

FreeRADIUS 0.7 does not compile with ORACLE 
support:

./configure --prefix=/usr 
--with-logdir=/var/log --with-radacctdir=/var/log/radacct 
--with-raddbdir=/etc/raddb --with-rlm_sql --with-rlm_sql_oracle 
--with-experimental-modules --with-snmp --without-rlm_x99_token




configuring in ./drivers/rlm_sql_oraclerunning 
/bin/sh ./configure --prefix=/usr --with-logdir=/var/log 
--with-radacctdir=/var/log/radacct --with-raddbdir=/etc/raddb --with-rlm_sql 
--with-rlm_sql_oracle --with-experimental-modules --with-snmp 
--without-rlm_x99_token --enable-ltdl-install --enable-ltdl-install 
--cache-file=../../../../.././config.cache --srcdir=.loading cache 
../../../../.././config.cachechecking for gcc... (cached) gccchecking 
whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall 
-D_GNU_SOURCE -DNDEBUG ) works... yeschecking whether the C compiler (gcc -g 
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a 
cross-compiler... nochecking whether we are using GNU C... (cached) 
yeschecking whether gcc accepts -g... (cached) yeschecking how to run 
the C preprocessor... (cached) gcc -Echecking for oci.h... 
yesyescreating ./config.statuscreating Makefile




Making static in rlm_sql_oracle...make[10]: 
Entering directory 
`/usr/src/freeradius-0.7/src/modules/rlm_sql/drivers/rlm_sql_oracle'gcc 
-g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG 
-I../.. -I../../../../include -I/usr/local/oracle/product/8.1.7/rdbms/demo 
-I/usr/local/oracle/product/8.1.7/rdbms/public 
-I/usr/local/oracle/product/8.1.7/plsql/public 
-I/usr/local/oracle/product/8.1.7/network/public 
-I/usr/local/oracle/product/8.1.7/oci/include -I/usr/src/freeradius-0.7/libltdl 
-c sql_oracle.c -o sql_oracle.osql_oracle.c:361: conflicting types for 
`sql_fetch_row'sql_oracle.h:33: previous declaration of 
`sql_fetch_row'sql_oracle.c: In function 
`sql_fetch_row':sql_oracle.c:374: warning: return makes integer from pointer 
without a castmake[10]: *** [sql_oracle.o] Error 1




Best Regards,
Felician Hoppal

Basic User Group question

2002-07-28 Thread Roger Squires 

Hi, I'm new to freeradius, and though I have gotten the basic install up and
running and authenticating users against the passwd file, I want to do the
following:

Users should be authenticated against the passwd file, then segregated based
on their unix 'groups' entry, and have different cisco (I have a Cisco 5200
NAS) access-lists applied to them based on which group they belong to.  Any
help or an example would be greatly appreciated !

rms
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

accounting problem

2002-07-28 Thread Kevin Bonner 

I'm using FR 0.7.  I have proxying enabled, and the NULL realm accounting host 
set to LOCAL.  When I send an accounting packet using radclient, an 
Accounting-Response packet is never sent.  Everything in accounting returns 
ok, but no response is sent back.

More info can be provided if necessary.
Kevin

Here is the output using debugging:
rad_recv: Accounting-Request packet from host 192.168.1.10:32768, id=1, 
length=138
Thread 2 assigned request 1
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread 2 handling request 1, (1 handled so far)
User-Name = test
NAS-IP-Address = 10.0.1.3
NAS-Port = 1
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = 1
Acct-Authentic = RADIUS
Framed-Protocol = PPP
Framed-IP-Address = xxx.xxx.xxx.xxx
Service-Type = Framed-User
modcall: entering group preacct
  modcall[preacct]: module preprocess returns noop
rlm_realm: Looking up realm NULL for User-Name = test
rlm_realm: Found realm NULL
rlm_realm: Adding Stripped-User-Name = test
  rlm_realm: Proxying request from user test to realm NULL
rlm_realm: Adding Realm = NULL
rlm_realm:  Accounting realm is LOCAL.
rlm_realm:  acct_port is not set.  proxy cancelled
  modcall[preacct]: module suffix returns noop
acct_users: Matched DEFAULT at 16
  modcall[preacct]: module files returns ok
modcall: group preacct returns ok
modcall: entering group accounting
radius_xlat:  'test'
sql_set_user:  escaped user -- 'test'
radius_xlat:  'INSERT INTO radacct (RadAcctId, AcctSessionId, UserName, Realm, 
NASIPAddress) VALUES ('', '1', 'test', 'NULL', '10.0.1.3')'
rlm_sql: Reserving sql socket id: 3
rlm_sql: Released sql socket id: 3
  modcall[accounting]: module sql0 returns ok
modcall: group accounting returns ok
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Cleaning up request 1 ID 1 with timestamp 3d446c85
Nothing to do.  Sleeping until we see a request.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: who's using freeradius in production?

2002-07-28 Thread Kostas Kalevras 

On Fri, 26 Jul 2002, Alan DeKok wrote:

 Mike Denka [EMAIL PROTECTED] wrote:
  I'm getting some flack from management about all of the open source
  we're using on our network and, particularly, the possibility of
  employing an open source radius server that is still in beta!

   I can understand the concern over the 'beta' status of the server.
 However, there *is* the possibility that we're more honest about the
 status of the software than the commercial RADIUS vendors. :)

   I don't blame them for being a bit edgy about this.  I've done
  substantial testing of Freeradius and found it to be a superb
  product (comparing it to the old Livingston radius we have used for
  years).  But all the testing in the world doesn't stand up to weeks
  or months in a sizable production environment.  Anyone here willing
  to give testimony to running FreeRadius in production serving
  10,000+ dialup customers?

   There are people doing this.  I know of a few ISP's with at least
 that many customers using it, but I don't want to speak for them.

   It *will* require on-going maintenance and attention.  An
 authentication server can't be left alone, as there are always new
 accounts added, and new configurations created.

  How about in a large production environment with an LDAP backend?

   I saw a presentation where the Greek national education network was
 using FreeRADIUS, with an LDAP back-end, for 500k users, and something
 like 200 POP's.  But I just did a search on google, and I can't find
 the presentation.

We are using a quite old freeradius snapshot in our university with one AS5300
and 15000 ldap users/sql accounting without any problems.

As for the Greek Educational Network we have started using it in 5 POPs one
AS5800 and 4 AS3640 and it is working quite fine. Eventually it will be used in
the whole network and support around 10 users.


   Alan DeKok.

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with Group reject in 0.6

2002-07-28 Thread bart 

Hi,

Upgrade to 0.6 seems to have broken my Group Reject config.
Can anyone tell me what I'm doing wrong?


users file:

DEFAULTGroup == disabled, Auth-Type := Reject
   Reply-Message = Your dialup account has been disabled.

DEFAULT Auth-Type := System
Fall-Through = Yes

DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500,
Service-Type = Framed-User,
Fall-Through = Yes

DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == CSLIP
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == SLIP
Framed-Protocol = SLIP

radiusd.conf unix part:

unix {
 cache = yes
 cache_reload = 300
 passwd = /etc/passwd
 shadow = /etc/shadow
 group = /etc/group
 radwtmp = ${logdir}/radwtmp
}



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_ippool / need help

2002-07-28 Thread Ador Dauz 

To all,

Please need your help or other solutions.

I using freeradius 0.6 and I used the rlm_ippool module.
this is what I observed, Using my setup which it pool 10
IP Address range, so I try to login 10 times and It gave
me the right IP address range which in my configuration.
After that, In my 11 attempt login, It gave an IP address
out of the range specified in my configuration.  So to solve
my problem, I need to stop the radiusd service then delete
the db.ippool and db.ipindex files then restart the radiusd.
Any help please to solve my problem...

      ippool hangar {
                range-start = 172.16.10.50
                range-stop =  172.16.10.60
                netmask = 255.255.255.0
                cache-size = 10
                session-db = ${raddbdir}/db.ippool
                ip-index = ${raddbdir}/db.ipindex


Thanks
--ador

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html