Re: authorize stop question
Thanks, Alan. On Tue, Jul 01, 2003 at 11:18:51AM -0400, Alan DeKok wrote: > Hielke Christian Braun <[EMAIL PROTECTED]> wrote: > > In the users file i have setup one username and a DEFAULT entry. In > > the SQL database i have all my other users setup. Everything works > > fine. But when the one user in the users file is authenticate, the > > SQL server is still queried from the radius. Is their some way to stop > > the radius from going to the SQL after it finds the user in the > > file? > > doc/configurable_failover > > You should be able to set up the block so that only a 'notfound' > from 'files causes the SQL module to be executed. > authorize { # preprocess # digest # counter # attr_filter # suffix files { notfound = 1 noop = 2 ok = return updated = 4 fail = return reject = return userlock = return invalid = return handled = return } sql } did the trick. Best regards, Christian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authorize stop question
Hello, i hope somebody can help me out. I have authorization setup like this: authorize { files sql } In the users file i have setup one username and a DEFAULT entry. In the SQL database i have all my other users setup. Everything works fine. But when the one user in the users file is authenticate, the SQL server is still queried from the radius. Is their some way to stop the radius from going to the SQL after it finds the user in the file? The reason i want to that is that 95% of all my authentication requests are for this one username in the file and i want to go easy on the database. Does anybody know how to do that? Thanks a lot, Christian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql accounting and custom attributes
Hi, i am using that with a cvs version from september, but it worked with all version up to from 0.5 Regards, Christian. On Wed, Nov 06, 2002 at 10:10:27PM +0200, Alexey Chetroi wrote: > Hello Christian, > I'd like to have that patches regarding converting of the > cisco-avpair attributes, if it is possible. you may use > this email. > > -- > > Best regards, > Alexey Chetroi > > --- > Smile... Tomorrow will be worse. (c) Murphy's law --- freeradius-0.7.1/src/modules/rlm_preprocess/rlm_preprocess.cWed Sep 11 06:49:12 2002 +++ freeradius-snapshot-20020923/src/modules/rlm_preprocess/rlm_preprocess.cMon +Sep 23 21:57:06 2002 @@ -115,51 +115,52 @@ char*ptr; charnewattr[MAX_STRING_LEN]; -for ( ; vp != NULL; vp = vp->next) { -vendorcode = (vp->attribute >> 16); /* HACK! */ -if (vendorcode == 0) continue; /* ignore non-VSA attributes */ - -vendorpec = dict_vendorpec(vendorcode); -if (vendorpec == 0) continue; /* ignore unknown VSA's */ - -if (vendorpec != 9) continue; /* not a Cisco VSA, continue */ - -/* no = seperator in value */ -if ((ptr = strchr(vp->strvalue, '=')) == NULL) continue; - -/* ugly sip-hdr hack */ -if ((strncmp(vp->strvalue,"sip-hdr=",8) == 0) && (strchr(vp->strvalue, ':') != NULL)) { -DEBUG2("cisco_vsa_hack: found sip_hdr %s", vp->strvalue); -*ptr = '-'; -ptr = strchr(vp->strvalue, ':'); -*ptr = '='; -DEBUG("cisco_vsa_hack: rewrote %s", vp->strvalue); -} - -/* Cisco-AVPair - * We take the lvalue look it up in the dictionary and - * when found overwrite the attribute of Cisco-AVPair with it. - */ -if ((vp->attribute & 0x) == 1) { -strNcpy(newattr, vp->strvalue, vp->length - strlen(ptr) + 1 ); -DEBUG2("cisco_vsa_hack: attr : %s to %s",vp->strvalue, da->name); -if (( da = dict_attrbyname((char *)newattr) ) == NULL ) -continue; -vp->attribute = da->attr; -DEBUG2("cisco_vsa_hack: attr : %s found in dictionary", da->name); -} - -/* - * We strip out the duplicity from the value field, - * we use only the value on the right side of - * = character. - */ -strNcpy(newattr, ptr + 1, sizeof(newattr)); -DEBUG2("cisco_vsa_hack: value: %s to %s",(char *)vp->strvalue,(char *) newattr); -strNcpy((char *)vp->strvalue, newattr, -sizeof(vp->strvalue)); -vp->length = strlen((char *)vp->strvalue); -} + + for ( ; vp != NULL; vp = vp->next) { + vendorcode = (vp->attribute >> 16); /* HACK! */ + if (vendorcode == 0) continue; /* ignore non-VSA attributes */ + + vendorpec = dict_vendorpec(vendorcode); + if (vendorpec == 0) continue; /* ignore unknown VSA's */ + + if (vendorpec != 9) continue; /* not a Cisco VSA, continue */ + + /* no = seperator in value */ + if ((ptr = strchr(vp->strvalue, '=')) == NULL) continue; + + /* ugly sip-hdr hack */ + if ((strncmp(vp->strvalue,"sip-hdr=",8) == 0) && (strchr(vp->strvalue, +':') != NULL)) { + DEBUG2("cisco_vsa_hack: found sip_hdr %s", vp->strvalue); + *ptr = '-'; + ptr = strchr(vp->strvalue, ':'); + *ptr = '='; + DEBUG("cisco_vsa_hack: rewrote %s", vp->strvalue); + } + + /* Cisco-AVPair +* We take the lvalue look it up in the dictionary and +* when found overwrite the attribute of Cisco-AVPair with it. +*/ + if ((vp->attribute & 0x) == 1) { + strNcpy(newattr, vp->strvalue, vp->length - strlen(ptr) + 1 ); + DEBUG2("cisco_vsa_hack: attr : %s to %s",vp->strvalue, +newattr); + if (( da = dict_attrbyname((char *)newattr) ) == NULL ) + continue; + vp->attribute = da->attr; + DEBUG2("cisco_vsa_hack: attr : %s found in dictionary", +da->name); + } + + /* +* We strip out the duplicity from the value field, +* we use only the value on the right side of +* = character. +*/ + strNcpy(newattr, ptr + 1, siz
Re: sql accounting and custom attributes
Hello Thomas, On Wed, Nov 06, 2002 at 09:15:30AM +0100, Thomas Jalsovsky wrote: > > On Wed, 6 Nov 2002, Alexey Chetroi wrote: > > > Is it possible to rewrite attribute names eg in preprocess module, > > like cisco_vsa_hack. eg to convert from: > > > > Cisco-AVPair = "nas-rx-speed=31200" > > to > > nas-rx-speed=31200 > This is exactly what i am doing. I can sent you the patch for it, if you like. Regards, Christian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users and client
The version you download and install from the freeradius site is configured as default for the files module (see /usr/local/etc/raddb/radiusd.conf. Also there is an example users file at /usr/local/etc/raddb/users On Wed, Sep 11, 2002 at 10:53:24AM -0600, Javier Santos wrote: > how i configure a users file and the files > module ?? > > Thank's > > On Wed, 11 Sep 2002 09:54:01 -0700 > Hielke Christian Braun <[EMAIL PROTECTED]> wrote: > >Hello Javier, > > > >On Wed, Sep 11, 2002 at 10:34:33AM -0600, Javier Santos > >wrote: > >>I have installed radius and runing. > >>Then I try to configure only to authentication, to users > >>from cisco Router. > >> > >>In this case, is Router the Radius Client?? > > > >yes. > >> > >>for users, do i need install ldap or another module to > >>manage users?? > > > >No, you don't need to. The easist is to start with a > >users > >file and the files module. > > > >Best regards, > > Christian. > > > >-- > >Remwave Inc. | Phone: +1 858 777 1820 > >4660 La Jolla Village Drive | Fax: +1 858 777 1810 > > > >Suite 775| Ripe: HCB42-RIPE > >San Diego CA 92122 | Mail: [EMAIL PROTECTED] > > > >- > Navega con el internet gratis de Amnet! Visitar http://www.amnetsal.com! > para cualquier consulta llamar al 247-8000 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Remwave Inc. | Phone: +1 858 777 1820 4660 La Jolla Village Drive | Fax: +1 858 777 1810 Suite 775| Ripe: HCB42-RIPE San Diego CA 92122 | Mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users and client
Hello Javier, On Wed, Sep 11, 2002 at 10:34:33AM -0600, Javier Santos wrote: > I have installed radius and runing. > Then I try to configure only to authentication, to users > from cisco Router. > > In this case, is Router the Radius Client?? yes. > > for users, do i need install ldap or another module to > manage users?? No, you don't need to. The easist is to start with a users file and the files module. Best regards, Christian. -- Remwave Inc. | Phone: +1 858 777 1820 4660 La Jolla Village Drive | Fax: +1 858 777 1810 Suite 775| Ripe: HCB42-RIPE San Diego CA 92122 | Mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_oracle does not compile in 0.7.1
On Wed, Sep 11, 2002 at 10:33:51AM -0400, Alan DeKok wrote: > Hielke Christian Braun <[EMAIL PROTECTED]> wrote: > > sql_oracle.c:361: conflicting types for `sql_fetch_row' > > sql_oracle.h:33: previous declaration of `sql_fetch_row' > > Delete line 33 of sql_oracle.h. If there are more conflicts like > that, delete more lines of sql_oracle.h. It compiles with this modification, but then the sql query does not work. Connection error. So i tried the snapshot-20020909. It compiles and the query works. I only had to create the file "/usr/local/etc/raddb/preproxy_users". Don't know for what, but without it the radiusd won't start. Thanks, Christian. -- Remwave Inc. | Phone: +1 858 777 1820 4660 La Jolla Village Drive | Fax: +1 858 777 1810 Suite 775| Ripe: HCB42-RIPE San Diego CA 92122 | Mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_oracle does not compile in 0.7.1
Hello, i try to compile freeradius 0.7.1 on a SuSE Linux with Oracle ver8. I get this error: gmake[10]: Leaving directory `/home/hcb/src/freeradius-0.7.1/src/modules/rlm_sql/drivers/rlm_sql_mysql' Making static in rlm_sql_oracle... gmake[10]: Entering directory `/home/hcb/src/freeradius-0.7.1/src/modules/rlm_sql/drivers/rlm_sql_oracle' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../.. -I../../../../include -I/opt/oracle/OraHome1/rdbms/demo -I/opt/oracle/OraHome1/rdbms/public -I/opt/oracle/OraHome1/plsql/public -I/opt/oracle/OraHome1/network/public -I/opt/oracle/OraHome1/oci/include -I/home/hcb/src/freeradius-0.7.1/libltdl -c sql_oracle.c -o sql_oracle.o In file included from /opt/oracle/OraHome1/rdbms/demo/oci.h:1648, from sql_oracle.h:9, from sql_oracle.c:14: /opt/oracle/OraHome1/rdbms/demo/oci1.h:148: warning: function declaration isn't a prototype In file included from /opt/oracle/OraHome1/rdbms/demo/ori.h:495, from /opt/oracle/OraHome1/rdbms/demo/oci.h:1656, from sql_oracle.h:9, from sql_oracle.c:14: /opt/oracle/OraHome1/rdbms/demo/ort.h:2647: warning: declaration of `version' shadows global declaration In file included from /opt/oracle/OraHome1/rdbms/demo/oci.h:1660, from sql_oracle.h:9, from sql_oracle.c:14: /opt/oracle/OraHome1/rdbms/demo/orl.h:3232: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/orl.h:3315: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/orl.h:3776: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/orl.h:3806: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/orl.h:3841: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/orl.h:3871: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/orl.h:3901: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/orl.h:3936: warning: declaration of `index' shadows global declaration In file included from /opt/oracle/OraHome1/rdbms/demo/oci.h:1673, from sql_oracle.h:9, from sql_oracle.c:14: /opt/oracle/OraHome1/rdbms/demo/ociap.h:5561: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/ociap.h:5565: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/ociap.h:5913: warning: declaration of `version' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/ociap.h:6274: warning: function declaration isn't a prototype /opt/oracle/OraHome1/rdbms/demo/ociap.h:6307: warning: declaration of `index' shadows global declaration /opt/oracle/OraHome1/rdbms/demo/ociap.h:8753: warning: function declaration isn't a prototype /opt/oracle/OraHome1/rdbms/demo/ociap.h:8759: warning: function declaration isn't a prototype /opt/oracle/OraHome1/rdbms/demo/ociap.h:8855: warning: declaration of `timezone' shadows global declaration sql_oracle.c:361: conflicting types for `sql_fetch_row' sql_oracle.h:33: previous declaration of `sql_fetch_row' sql_oracle.c: In function `sql_fetch_row': sql_oracle.c:374: warning: return makes integer from pointer without a cast gmake[10]: *** [sql_oracle.o] Error 1 gmake[10]: Leaving directory `/home/hcb/src/freeradius-0.7.1/src/modules/rlm_sql/drivers/rlm_sql_oracle' Anybody got it working? On the same machine i could compile freeradius v0.5 flawless. Do i need to upgrade to Oracle v9? Best regards, Christian. -- Remwave Inc. | Phone: +1 858 777 1820 4660 La Jolla Village Drive | Fax: +1 858 777 1810 Suite 775| Ripe: HCB42-RIPE San Diego CA 92122 | Mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VSA h323 Attribute show again in string
Hello Raymond, On Sat, Mar 23, 2002 at 02:11:57PM +0800, Raymond Chen wrote: > Dear list, > > I still can't get this to work even I enable the > "with_cisco_vsa_hack=yes" in radiusd.conf. Did I missing something in > the configuration? look at my post in freeradius-devel list. Best regards, Christian. -- nikojet Inc. | Phone: +1 858 777 1850 4600 La Jolla Village Drive | Fax: +1 858 777 1810 Suite 775| Ripe: HCB42-RIPE San Diego CA 92122 | Mail: [EMAIL PROTECTED] msg04303/pgp0.pgp Description: PGP signature
accounting sql
Hello everybody, is there a way to log the numeric values of attributes into a sql database? It would be nice to write numeric values for AcctStatusType, ServiceType, DisconnectCause, etc. The dictionary table created by the script does not seemed to be used anywhere. Removing the definition from the dictionary can not be the right way to do it ... Thanks, Christian. -- Buddyphone Inc. | Phone: +1 858 777 1820 4600 La Jolla Village Drive | Fax: +1 858 777 1810 Suite 775| Ripe: HCB42-RIPE San Diego CA 92122 | Mail: [EMAIL PROTECTED] msg04276/pgp0.pgp Description: PGP signature