date:20130212

Re: Understanding the IP Pool module

2013-02-12 Thread Бен Томпсон

Thanks Alan

2013/2/12 Alan DeKok :
> Бен Томпсон wrote:
>> I am hoping to use rlm_ippool and I would like to understand a bit
>> about how it works. Firstly I want to understand the format of the
>> database.
>
>   The best approach is to look at the documentation, followed by the code.

I have had a look at the code and have been able to work out a few
things. I will write my findings here, both for my own reference and
for others who might ask the same questions in the future.

Regarding the "active" flag: as I understand it so far, this is
basically supposed to indicate whether a session (e.g. PPP,) is
currently up and using this address. The theory being that the flag is
set to 1 when the IP is dished out during RADIUS post-auth, and it is
set to 0 when the accounting stop is recieved.

I also figured out that "cli" flag is the Calling-Station-Id and this
is used as an identifier in Multilink PPP sessions. It would appear
that in the old days of bundling together conections with dial up
modems (to get more bandwidth) it was necessary to issue the same
address in mutliple authentication requests.

One thing I still don't understand though is how best to use ippool
for DHCP. I don't understand where and how I should call the module
during a DHCP transaction. For example I can call it during
DHCP-Discover, but it seems that if I call it again during
DHCP-Request I might get different address even when the key is the
same. I will continue to to study the code to see why this happens and
if I figure it out I will report back with my findings.

If anyone else knows the answers, I would be grateful hear from them.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing

2013-02-12 Thread Muhammad Nadeem

thanx alan..
But i searching around on web i came to know that radclient can also be
used for load testing. But when i use this with -p (to send requests in
parallel), it only send one packet. here is the command out put
[root@billing ~]# echo "User-Name=001AAD3F8165,
NAS-IP-Address=10.192.100.4"|radclient  -p 100 192.168.0.102 auth
testing123 -x
Sending Access-Request of id 120 to 192.168.0.102 port 1812
User-Name = "001AAD3F8165"
NAS-IP-Address = 10.192.100.4
rad_recv: Access-Accept packet from host 192.168.0.102 port 1812,
id=120, length=143
Qos-Policing-Profile-Name = "128K_UL"
Qos-Metering-Profile-Name = "512K_DL"
Context-Name = "Postpaid-VR"
DHCP-Max-Leases = 1
Forward-Policy = "in:nonpayment_redirect_post"
HTTP-Redirect-Profile-Name = "nonpayment_redirect"

why dont -p sends requests in parallel ?

On Tue, Feb 12, 2013 at 7:45 PM, Alan DeKok wrote:

> Muhammad Nadeem wrote:
> > thanx alan,,
> > I have configured a proxy server using documentation of 'proxy.conf'.
> > which is proxying requests to 2 home_servers. Yes you are right, may b
> > the tool which I am using (Radius NT client) sending requests in series.
>
>   Then the test doesn't mean anything.
>
> > I tried to use Rad Client to send requests in Parallel, but i wasn't
> > succeed. Could you please help me out to send parallel requests to proxy
> > server???
>
>   There aren't many good tools available.  I did have a tool on the
> corporate web site (radperf), but that's been taken down for various
> reasons.
>
>   You can always use commercial traffic generators.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

-- 
Best Regards
Muhammad Nadeem
Muhammad Ali Jinnah University
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: pam.d ssh radius

2013-02-12 Thread Alan DeKok

T W wrote:
> I got this working at the end of last year, but now I've having trouble.
>  I'm setting up SSH access using RADIUS auth on a Ubuntu 12.10 system.
>  Im using the latest version of libpam-radius-auth  (1.3.17-0ubuntu4)
> and have followed the readme along with many other explanations and can
> not get it working. I'm getting the same error even when I try on
> different VM's running different versions of Ubuntu.  The error "PAM
> (sshd) illegal module type: auth" makes it sound like it does not
> support the auth method. Anyone else run into this?

  No idea.  I'd suggest asking the PAM people.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: pam.d ssh radius

2013-02-12 Thread Matt Zagrabelny

On Tue, Feb 12, 2013 at 3:50 PM, T W  wrote:
>
> All,
>
> I got this working at the end of last year, but now I've having trouble.
> I'm setting up SSH access using RADIUS auth on a Ubuntu 12.10 system.  Im
> using the latest version of libpam-radius-auth  (1.3.17-0ubuntu4) and have
> followed the readme along with many other explanations and can not get it
> working. I'm getting the same error even when I try on different VM's
> running different versions of Ubuntu.  The error "PAM (sshd) illegal module
> type: auth" makes it sound like it does not support the auth method. Anyone
> else run into this?

Haven't run into what you've described, but we do use the RADIUS
client PAM module as you've noted. Our /etc/pam.d/sshd looks like:

# PAM configuration for the Secure Shell service

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth   required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth   required pam_env.so envfile=/etc/default/locale

auth   sufficient   pam_radius_auth.so

# Standard Un*x authentication.
#@include common-auth

# Disallow non-root logins when /etc/nologin exists.
accountrequired pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account  required pam_access.so

# Standard Un*x authorization.
@include common-account

# Standard Un*x session setup and teardown.
@include common-session

# Print the message of the day upon successful login.
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
sessionoptional pam_motd.so  motd=/run/motd.dynamic noupdate
sessionoptional pam_motd.so # [1]

# Print the status of the user's mailbox upon successful login.
sessionoptional pam_mail.so standard noenv # [1]

# Set up user limits from /etc/security/limits.conf.
sessionrequired pam_limits.so

# Set up SELinux capabilities (need modified pam)
# session  required pam_selinux.so multiple

# Standard Un*x password updating.
@include common-password

Hope that helps.

-mz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Dialup Admin

2013-02-12 Thread Shawky Skaff

Hi Guys,

Could I please get a response to this?

From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org 
[mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On 
Behalf Of Shawky Skaff
Sent: Tuesday, 29 January 2013 12:45 PM
To: freeradius-users@lists.freeradius.org
Subject: Dialup Admin

In dialup admin if a select accounting and run an accounting query, I can see 
accounting data listed in the tables, uptime, downloads, uploads, etc, however 
if I edit the user, the connection status has no information and the open 
session shows no sessions.

Doesn't the data for all locations come from the same place? Is there anything 
that I need to do?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Load Balancing

2013-02-12 Thread adrian.p.smith


>  There aren't many good tools available.  I did have a tool on the corporate 
> web site (radperf), but that's been taken down for various reasons.

>  You can always use commercial traffic generators.

We're a Java group and we use Jmeter with a home-written sampler that uses 
TinyRadius client.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP reply don't go out

2013-02-12 Thread Alan DeKok

Michele Pinassi wrote:
> Maybe i've found something that can help us to solve the problem.
> 
> Here's FreeRadius DHCP reply (from dhcpdump):
...
> I'm pointing on CIADDR and SIADDR.
> 
> Maybe something wrong in my policy.conf ?

  I don't think so.  It's weird that the fields are reversed.

  I've pushed some changes to the v2.x.x branch on github.  It should
print out more information about the DHCP packet it's sending.  If you
could try that, it would be a big help.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing Issue

2013-02-12 Thread John Dennis


On 02/12/2013 06:12 AM, Muhammad Nadeem wrote:

thanks alan
Actually I am using load balancing for rapid authentication of users.
let suppose i have one prosy server that is proxying incoming requests
to these five servers. Theoratically the speed of authentication should
be fast. But in case of mine it is too slow.
I have changed 'max_requests' in radiusd.config. And also remove
unnecessary processing on radius server (that is proxying requests). Now
tell me what else can I do?? :(


For starters try reading Alan's response he so graciously provided to you.

--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing

2013-02-12 Thread Alan DeKok

Muhammad Nadeem wrote:
> thanx alan,,
> I have configured a proxy server using documentation of 'proxy.conf'.
> which is proxying requests to 2 home_servers. Yes you are right, may b
> the tool which I am using (Radius NT client) sending requests in series.

  Then the test doesn't mean anything.

> I tried to use Rad Client to send requests in Parallel, but i wasn't
> succeed. Could you please help me out to send parallel requests to proxy
> server???

  There aren't many good tools available.  I did have a tool on the
corporate web site (radperf), but that's been taken down for various
reasons.

  You can always use commercial traffic generators.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP reply don't go out

2013-02-12 Thread Alan DeKok

Michele Pinassi wrote:
> Hi all,
> 
> i've just installed a FreeRadius server 2.2.0 with DHCP support because
> i need a dhcp server that use MySQL ad a backend.
...
> Sending DHCP-Offer of id 022e173c from 255.255.255.255:67 to 172.20.1.20:68
> Finished request 0.

  That looks weird.  An empty offer packet?  There should be *something*
in it.

  I suggest starting with the example configuration in
sites-available/dhcp.  It won't do SQL, but it will return "example"
DHCP responses.

  If that works, then the code is OK.  The next step is to update the
configuration to send the correct options in DHCP packets.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP reply don't go out

2013-02-12 Thread Michele Pinassi

Maybe i've found something that can help us to solve the problem.

Here's FreeRadius DHCP reply (from dhcpdump):

---

  TIME: 2013-02-12 15:13:10.426
IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (0:4:13:71:11:65)
OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 44d8b628
  SECS: 0
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 172.20.1.20
SIADDR: 172.20.1.2
GIADDR: 0.0.0.0
CHADDR: 00:04:13:71:11:65:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type 5 (DHCPACK)
OPTION:   1 (  4) Subnet mask   255.255.255.0
OPTION:   3 (  4) Routers   172.20.1.1
OPTION:   4 (  4) Time server   172.20.1.2
OPTION:   6 (  4) DNS server172.20.1.2
OPTION:  12 ( 13) Host name voip.unisi.it
OPTION:  15 ( 13) Domainnamevoip.unisi.it
OPTION:  42 (  4) NTP servers   172.20.1.2
OPTION:  51 (  4) IP address leasetime  7200 (2h)
OPTION:  54 (  4) Server identifier 172.20.1.2
OPTION:  66 ( 17) TFTP server name  tftp://172.20.1.2
---

and this is the ISC DHCP Server reply (that i use in production on the
same machine):

 ---

  TIME: 2013-02-12 15:19:42.168
IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (cc:ef:48:5e:8f:e4)
OP: 2 (BOOTPREPLY)
 HTYPE: 1 (Ethernet)
  HLEN: 6
  HOPS: 0
   XID: 5ace8683
  SECS: 0
 FLAGS: 0
CIADDR: 172.20.1.20
YIADDR: 172.20.1.20
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: cc:ef:48:5e:8f:e4:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type 5 (DHCPACK)
OPTION:  54 (  4) Server identifier 172.20.1.2
OPTION:  51 (  4) IP address leasetime  7200 (2h)
OPTION:   1 (  4) Subnet mask   255.255.255.0
OPTION:   3 (  4) Routers   172.20.1.1
OPTION:  42 (  4) NTP servers   172.20.1.2
OPTION:   6 (  4) DNS server172.20.1.2
OPTION:  15 ( 13) Domainnamevoip.unisi.it
OPTION:  58 (  4) T13600 (60m)
OPTION:  59 (  4) T26300 (1h45m)
OPTION:  66 ( 17) TFTP server name  tftp://172.20.1.2
OPTION:   2 (  4) Time offset   7200 (2h)
---

I'm pointing on CIADDR and SIADDR.

Maybe something wrong in my policy.conf ?

[...]

#  Assign compatibility data to request for sqlippool
dhcp_sqlippool.post-auth {
#  Do some minor hacks to the request so that it looks
#  like a RADIUS request to the SQL IP Pool module.
update control {
Pool-Name = "main_pool"
}

update request {
User-Name = "DHCP-%{DHCP-Client-Hardware-Address}"
Calling-Station-Id = "%{DHCP-Client-Hardware-Address}"
NAS-IP-Address = 
"%{%{DHCP-Gateway-IP-Address}:-127.0.0.1}"
Acct-Status-Type = Start
}

#  Call the actual module
#
#  Uncomment this in order to really call it!
dhcp_sqlippool
# fail

#  Convert Framed-IP-Address to DHCP, but only if we
#  actually allocated an address.
if (ok) {
update reply {
DHCP-Your-IP-Address = 
"%{reply:Framed-IP-Address}"
}
}
}
}

Thanks, Michele


On 12/02/2013 12:33, Russell Mike wrote:
> Is there any layer 3 device between client and dhcp server? Then you
> need dhcp relay agent,if that is not the case chk firewall. 
> Thanks
> 
> On Tuesday, February 12, 2013, Michele Pinassi wrote:
> 
> Hi all,
> 
> i've just installed a FreeRadius server 2.2.0 with DHCP support because
> i need a dhcp server that use MySQL ad a backend.
> 
> My network topology is:
> 
> eth0  inet addr:193.205.4.xxx [PUBLIC]
> eth1  inet addr:172.20.1.2 [PRIVATE]
> 
> all dhcp requests and reply should come from eth1. Here is freeradius -X
> dump:
> 
> FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20
> 2012 at 13:37:59
> Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /etc/freeradius/radiusd.conf
> including configuration file /etc/freeradius/clients.conf
>

Re: Load Balancing

2013-02-12 Thread Muhammad Nadeem

thanx alan,,
I have configured a proxy server using documentation of 'proxy.conf'. which
is proxying requests to 2 home_servers. Yes you are right, may b the tool
which I am using (Radius NT client) sending requests in series. I tried to
use Rad Client to send requests in Parallel, but i wasn't succeed. Could
you please help me out to send parallel requests to proxy server???
Bundle of thanks in advance :)



On Tue, Feb 12, 2013 at 7:19 PM, Alan DeKok wrote:

> Muhammad Nadeem wrote:
> > Hi,
> > I am new to freeradius. I wantto implement load balancing on freeradius
> > servers (not on backend database).
> > I want that if a bulk of requests are received, these requests should be
> > distributed evenly among multiple freeradius servers.
> > Can any one please tell me, how could i achieve this goal.
>
>   The documentation is clear.  Load-balancing is simple to configure.
> It's documented in proxy.conf.
>
>   My guess is your test is wrong.  You're probably sending packets in
> *series*.  The latency added by a proxy slows down series, so that it
> takes longer.
>
>   If you send packets in parallel, you would see a higher latency for
> each packet, but the ability to process more packets per second.
>
>   You've admitted to not knowing much about RADIUS.  If the test doesn't
> do what you expect, the obvious conclusion is to blame the test, not
> FreeRADIUS.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Best Regards
Muhammad Nadeem
Muhammad Ali Jinnah University
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Understanding the IP Pool module

2013-02-12 Thread Alan DeKok

Бен Томпсон wrote:
> I am hoping to use rlm_ippool and I would like to understand a bit
> about how it works. Firstly I want to understand the format of the
> database.

  The best approach is to look at the documentation, followed by the code.

> Could anyone explain to me what the columns "cli" and "num" are used for?

  I haven't looked at it myself.  All I know is that it works.

> Does this mean that the ippool module sets "active" to 0 when it sees
> an accounting Stop from the same "Key"?

  No idea.  Look at the code.

> Also, I noticed that this module can be used for DHCP which obviously
> does not have an accounting section. Does this mean that IP addresses
> can never be deallocated from the pool?

  No.  The addresses should have a lifetime.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing

2013-02-12 Thread Alan DeKok

Muhammad Nadeem wrote:
> Hi,
> I am new to freeradius. I wantto implement load balancing on freeradius
> servers (not on backend database).
> I want that if a bulk of requests are received, these requests should be
> distributed evenly among multiple freeradius servers.
> Can any one please tell me, how could i achieve this goal. 

  The documentation is clear.  Load-balancing is simple to configure.
It's documented in proxy.conf.

  My guess is your test is wrong.  You're probably sending packets in
*series*.  The latency added by a proxy slows down series, so that it
takes longer.

  If you send packets in parallel, you would see a higher latency for
each packet, but the ability to process more packets per second.

  You've admitted to not knowing much about RADIUS.  If the test doesn't
do what you expect, the obvious conclusion is to blame the test, not
FreeRADIUS.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing

2013-02-12 Thread A . L . M . Buxey

hi,

>I want that if a bulk of requests are received, these requests should be
>distributed evenly among multiple freeradius servers.

in proxy.conf, ensure that you have a suitable load-balance type defined for the
target servers - be aware that some types do not operate with EAP...as the whole
conversation needs to go to the same backend server.

I would recommend reading more of the FreeRADIUS documentation

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Load Balancing

2013-02-12 Thread Muhammad Nadeem

Hi,
I am new to freeradius. I wantto implement load balancing on freeradius
servers (not on backend database).
I want that if a bulk of requests are received, these requests should be
distributed evenly among multiple freeradius servers.
Can any one please tell me, how could i achieve this goal.
Thanks in advance
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP reply don't go out

2013-02-12 Thread Michele Pinassi

Thanks Russel for you prompt reply but i thing that's not a network
issue. I'm trying FreeRadius as an alternative for ISC DHCPD server that
run on the same server (and the same clients) perfectly.

Any other hint ?

Michele

On 12/02/2013 12:33, Russell Mike wrote:
> Is there any layer 3 device between client and dhcp server? Then you
> need dhcp relay agent,if that is not the case chk firewall. 
> Thanks
> 

-- 
Michele Pinassi
Responsabile Telefonia di Ateneo
Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi
di Siena
tel: 0577.(23)2169 - fax: 0577.(23)2053

Per trovare una soluzione rapida ai tuoi problemi tecnici
consulta le FAQ di Ateneo, http://www.faq.unisi.it

signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP reply don't go out

2013-02-12 Thread Russell Mike

Is there any layer 3 device between client and dhcp server? Then you need
dhcp relay agent, if that is not the case chk firewall.
Thanks

On Tuesday, February 12, 2013, Michele Pinassi wrote:

> Hi all,
>
> i've just installed a FreeRadius server 2.2.0 with DHCP support because
> i need a dhcp server that use MySQL ad a backend.
>
> My network topology is:
>
> eth0  inet addr:193.205.4.xxx [PUBLIC]
> eth1  inet addr:172.20.1.2 [PRIVATE]
>
> all dhcp requests and reply should come from eth1. Here is freeradius -X
> dump:
>
> FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20
> 2012 at 13:37:59
> Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /etc/freeradius/radiusd.conf
> including configuration file /etc/freeradius/clients.conf
> including files in directory /etc/freeradius/mods-enabled/
> including configuration file /etc/freeradius/mods-enabled/replicate
> including configuration file /etc/freeradius/mods-enabled/smsotp
> including configuration file /etc/freeradius/mods-enabled/preprocess
> including configuration file /etc/freeradius/mods-enabled/ldap
> including configuration file /etc/freeradius/mods-enabled/counter
> including configuration file /etc/freeradius/mods-enabled/detail.log
> including configuration file /etc/freeradius/mods-enabled/otp
> including configuration file /etc/freeradius/mods-enabled/inner-eap
> including configuration file /etc/freeradius/mods-enabled/acct_unique
> including configuration file /etc/freeradius/mods-enabled/wimax
> including configuration file /etc/freeradius/mods-enabled/dynamic_clients
> including configuration file /etc/freeradius/mods-enabled/etc_group
> including configuration file /etc/freeradius/mods-enabled/redis
> including configuration file /etc/freeradius/mods-enabled/cui
> including configuration file /etc/freeradius/mods-enabled/ntlm_auth
> including configuration file /etc/freeradius/mods-enabled/cache
> including configuration file /etc/freeradius/mods-enabled/mac2ip
> including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool
> including configuration file /etc/freeradius/sql/mysql/ippool-dhcp.conf
> including configuration file /etc/freeradius/mods-enabled/policy
> including configuration file /etc/freeradius/mods-enabled/expiration
> including configuration file /etc/freeradius/mods-enabled/logintime
> including configuration file /etc/freeradius/mods-enabled/radutmp
> including configuration file /etc/freeradius/mods-enabled/smbpasswd
> including configuration file /etc/freeradius/mods-enabled/ippool
> including configuration file /etc/freeradius/mods-enabled/rediswho
> including configuration file /etc/freeradius/mods-enabled/pam
> including configuration file /etc/freeradius/mods-enabled/soh
> including configuration file /etc/freeradius/mods-enabled/
> detail.example.com
> including configuration file /etc/freeradius/mods-enabled/realm
> including configuration file /etc/freeradius/mods-enabled/mac2vlan
> including configuration file /etc/freeradius/mods-enabled/attr_filter
> including configuration file /etc/freeradius/mods-enabled/exec
> including configuration file /etc/freeradius/mods-enabled/pap
> including configuration file /etc/freeradius/mods-enabled/unix
> including configuration file /etc/freeradius/mods-enabled/passwd
> including configuration file /etc/freeradius/mods-enabled/echo
> including configuration file /etc/freeradius/mods-enabled/sradutmp
> including configuration file /etc/freeradius/mods-enabled/always
> including configuration file /etc/freeradius/mods-enabled/checkval
> including configuration file /etc/freeradius/mods-enabled/chap
> including configuration file /etc/freeradius/mods-enabled/mschap
> including configuration file /etc/freeradius/mods-enabled/krb5
> including configuration file /etc/freeradius/mods-enabled/sql_log
> including configuration file /etc/freeradius/mods-enabled/attr_rewrite
> including configuration file /etc/freeradius/mods-enabled/files
> including configuration file /etc/freeradius/mods-enabled/perl
> including configuration file /etc/freeradius/mods-enabled/radrelay
> including configuration file
> /etc/freeradius/mods-enabled/sqlcounter_expire_on_login
> including configuration file /etc/freeradius/mods-enabled/expr
> including configuration file /etc/freeradius/mods-enabled/linelog
> including configuration file /etc/freeradius/mods-enabled/opendirectory
> including configuration file /etc/freeradius/mods-enabled/detail
> including configuration file /etc/freeradius/mods-enabled/digest
> including configuration file /etc/freeradius/eap.conf
> including configuration file /etc/freeradius/sql.conf
> including configuration file /etc/freeradius/sqlippool.c

Re: Load Balancing Issue

2013-02-12 Thread Russell Mike

There are many different things you are talking at the same time.

You want increase the response time of auth. Is your database indexed?
Thanks

On Tuesday, February 12, 2013, Muhammad Nadeem wrote:

> thanks alan
> Actually I am using load balancing for rapid authentication of users. let
> suppose i have one prosy server that is proxying incoming requests to these
> five servers. Theoratically the speed of authentication should be fast. But
> in case of mine it is too slow.
> I have changed 'max_requests' in radiusd.config. And also remove
> unnecessary processing on radius server (that is proxying requests). Now
> tell me what else can I do?? :(
>
> Though i am a new bee in RADIUS, but I think Proxy server is the bottle
> neck???
>
>
> On Tue, Feb 12, 2013 at 1:44 PM,  'cvml', 'a.l.m.bu...@lboro.ac.uk');>
> > wrote:
>
>> Hi,
>>
>> >I am using Freeradius 2.2.0 on redhat 5. My goal was to increase the
>> speed
>> >of user authentication. To achieve this I configured Load Balancing
>> (with
>> >realms). I have a proxy Freeradius server, that is just proxying
>> requests
>> >to 2 other freeradius servers.
>>
>> you only asked this question less than 2 hours ago.
>>
>> okay, you need to see why the proxy is causing a x3 factor in slowdown?
>>  run the servers
>> in full debug mode with timestamps and check to see where your delay
>> isdont throw
>> 10 million requests at it though, just a dozen should be enought in the
>> first instance
>> to see where the hit is.  I'd assume that you havent made any
>> configuration changes
>> or tweaked any configs...in which case your proxy box is probably not
>> ready to be dealing with
>> that many in transit requests (whereas the authentication servers can
>> handle multiple
>> requests per thread) - so, some basic tweaking will probably do
>> something
>>
>> ..though I think you've already found that you dont need to load-balance
>> ;-)
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
> Best Regards
> Muhammad Nadeem
> Muhammad Ali Jinnah University
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing Issue

2013-02-12 Thread Muhammad Nadeem

thanks alan
Actually I am using load balancing for rapid authentication of users. let
suppose i have one prosy server that is proxying incoming requests to these
five servers. Theoratically the speed of authentication should be fast. But
in case of mine it is too slow.
I have changed 'max_requests' in radiusd.config. And also remove
unnecessary processing on radius server (that is proxying requests). Now
tell me what else can I do?? :(

Though i am a new bee in RADIUS, but I think Proxy server is the bottle
neck???


On Tue, Feb 12, 2013 at 1:44 PM,  wrote:

> Hi,
>
> >I am using Freeradius 2.2.0 on redhat 5. My goal was to increase the
> speed
> >of user authentication. To achieve this I configured Load Balancing
> (with
> >realms). I have a proxy Freeradius server, that is just proxying
> requests
> >to 2 other freeradius servers.
>
> you only asked this question less than 2 hours ago.
>
> okay, you need to see why the proxy is causing a x3 factor in slowdown?
>  run the servers
> in full debug mode with timestamps and check to see where your delay
> isdont throw
> 10 million requests at it though, just a dozen should be enought in the
> first instance
> to see where the hit is.  I'd assume that you havent made any
> configuration changes
> or tweaked any configs...in which case your proxy box is probably not
> ready to be dealing with
> that many in transit requests (whereas the authentication servers can
> handle multiple
> requests per thread) - so, some basic tweaking will probably do
> something
>
> ..though I think you've already found that you dont need to load-balance
> ;-)
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Best Regards
Muhammad Nadeem
Muhammad Ali Jinnah University
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

DHCP reply don't go out

2013-02-12 Thread Michele Pinassi

Hi all,

i've just installed a FreeRadius server 2.2.0 with DHCP support because
i need a dhcp server that use MySQL ad a backend.

My network topology is:

eth0  inet addr:193.205.4.xxx [PUBLIC]
eth1  inet addr:172.20.1.2 [PRIVATE]

all dhcp requests and reply should come from eth1. Here is freeradius -X
dump:

FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20
2012 at 13:37:59
Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/mods-enabled/
including configuration file /etc/freeradius/mods-enabled/replicate
including configuration file /etc/freeradius/mods-enabled/smsotp
including configuration file /etc/freeradius/mods-enabled/preprocess
including configuration file /etc/freeradius/mods-enabled/ldap
including configuration file /etc/freeradius/mods-enabled/counter
including configuration file /etc/freeradius/mods-enabled/detail.log
including configuration file /etc/freeradius/mods-enabled/otp
including configuration file /etc/freeradius/mods-enabled/inner-eap
including configuration file /etc/freeradius/mods-enabled/acct_unique
including configuration file /etc/freeradius/mods-enabled/wimax
including configuration file /etc/freeradius/mods-enabled/dynamic_clients
including configuration file /etc/freeradius/mods-enabled/etc_group
including configuration file /etc/freeradius/mods-enabled/redis
including configuration file /etc/freeradius/mods-enabled/cui
including configuration file /etc/freeradius/mods-enabled/ntlm_auth
including configuration file /etc/freeradius/mods-enabled/cache
including configuration file /etc/freeradius/mods-enabled/mac2ip
including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool
including configuration file /etc/freeradius/sql/mysql/ippool-dhcp.conf
including configuration file /etc/freeradius/mods-enabled/policy
including configuration file /etc/freeradius/mods-enabled/expiration
including configuration file /etc/freeradius/mods-enabled/logintime
including configuration file /etc/freeradius/mods-enabled/radutmp
including configuration file /etc/freeradius/mods-enabled/smbpasswd
including configuration file /etc/freeradius/mods-enabled/ippool
including configuration file /etc/freeradius/mods-enabled/rediswho
including configuration file /etc/freeradius/mods-enabled/pam
including configuration file /etc/freeradius/mods-enabled/soh
including configuration file /etc/freeradius/mods-enabled/detail.example.com
including configuration file /etc/freeradius/mods-enabled/realm
including configuration file /etc/freeradius/mods-enabled/mac2vlan
including configuration file /etc/freeradius/mods-enabled/attr_filter
including configuration file /etc/freeradius/mods-enabled/exec
including configuration file /etc/freeradius/mods-enabled/pap
including configuration file /etc/freeradius/mods-enabled/unix
including configuration file /etc/freeradius/mods-enabled/passwd
including configuration file /etc/freeradius/mods-enabled/echo
including configuration file /etc/freeradius/mods-enabled/sradutmp
including configuration file /etc/freeradius/mods-enabled/always
including configuration file /etc/freeradius/mods-enabled/checkval
including configuration file /etc/freeradius/mods-enabled/chap
including configuration file /etc/freeradius/mods-enabled/mschap
including configuration file /etc/freeradius/mods-enabled/krb5
including configuration file /etc/freeradius/mods-enabled/sql_log
including configuration file /etc/freeradius/mods-enabled/attr_rewrite
including configuration file /etc/freeradius/mods-enabled/files
including configuration file /etc/freeradius/mods-enabled/perl
including configuration file /etc/freeradius/mods-enabled/radrelay
including configuration file
/etc/freeradius/mods-enabled/sqlcounter_expire_on_login
including configuration file /etc/freeradius/mods-enabled/expr
including configuration file /etc/freeradius/mods-enabled/linelog
including configuration file /etc/freeradius/mods-enabled/opendirectory
including configuration file /etc/freeradius/mods-enabled/detail
including configuration file /etc/freeradius/mods-enabled/digest
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/sql.conf
including configuration file /etc/freeradius/sqlippool.conf
including configuration file /etc/freeradius/sql/mysql/ippool.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/dhcp
including configuration file /etc/freeradius/sites-enabled/default
main {
user = "root"

Understanding the IP Pool module

2013-02-12 Thread Бен Томпсон

Hello Everyone

I am hoping to use rlm_ippool and I would like to understand a bit
about how it works. Firstly I want to understand the format of the
database.

I can see from the output of rlm_ippool_tool that there are five columns :-

Key | IP Address | Active  | CLI | Num

It is obvious what the first two are, and I am not sure about the last
three, but I guess that "active" means that this address is in use.

Could anyone explain to me what the columns "cli" and "num" are used for?

I noticed that this module is called from the post-auth and accounting
sections, and in the accounting section of sites-available/default
there is the following comment :-

#  Return an address to the IP Pool when we see a stop record.

Does this mean that the ippool module sets "active" to 0 when it sees
an accounting Stop from the same "Key"?

Also, I noticed that this module can be used for DHCP which obviously
does not have an accounting section. Does this mean that IP addresses
can never be deallocated from the pool?

Thanks in advance for any help.

Ben
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Load Balancing Issue

2013-02-12 Thread A . L . M . Buxey

Hi,

>I am using Freeradius 2.2.0 on redhat 5. My goal was to increase the speed
>of user authentication. To achieve this I configured Load Balancing (with
>realms). I have a proxy Freeradius server, that is just proxying requests
>to 2 other freeradius servers.

you only asked this question less than 2 hours ago. 

okay, you need to see why the proxy is causing a x3 factor in slowdown?  run 
the servers
in full debug mode with timestamps and check to see where your delay isdont 
throw
10 million requests at it though, just a dozen should be enought in the first 
instance
to see where the hit is.  I'd assume that you havent made any configuration 
changes
or tweaked any configs...in which case your proxy box is probably not ready to 
be dealing with
that many in transit requests (whereas the authentication servers can handle 
multiple
requests per thread) - so, some basic tweaking will probably do something 

..though I think you've already found that you dont need to load-balance ;-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Mysql - radusergroup

2013-02-12 Thread Neven

Hi,

i'm using Freeradius 2, fedora16, mysql 5. 500 000  different users in
table.

i have a user in table radcheck (username and pass), i add that user in
radusergroup,  then I add usergroup in radgroupcheck and add attributes for
that group. That works well as far as i know.

Question:
Can I add a user in one group without adding that user in radusergroup
table? Is there some attribute that i can add in radcheck that will add a
user in one user group?

idUsername   AttributeOP  Value

1 User1 Cleartext-password :=123456
2 User1 "Attribute for user group"  ==   "Group
that i can add attributes in radgroupcheck table"


Could this be done?


Thank u.

Neven
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Understanding the IP Pool module

Re: Load Balancing

Re: pam.d ssh radius

Re: pam.d ssh radius

RE: Dialup Admin

RE: Load Balancing

Re: DHCP reply don't go out

Re: Load Balancing Issue

Re: Load Balancing

Re: DHCP reply don't go out

Re: DHCP reply don't go out

Re: Load Balancing

Re: Understanding the IP Pool module

Re: Load Balancing

Re: Load Balancing

Load Balancing

Re: DHCP reply don't go out

Re: DHCP reply don't go out

Re: Load Balancing Issue

Re: Load Balancing Issue

DHCP reply don't go out

Understanding the IP Pool module

Re: Load Balancing Issue

Mysql - radusergroup

24 matches

Site Navigation

Mail list logo

Footer information