Re: problem with initial setup

[Suman Dash]

Received  -bash: /usr/bin/radtest: No such file or directory

It means radtest command was not found.


On Mon, Sep 9, 2013 at 10:22 PM, Swenson, Chris  wrote:

> Thanks for the replies:
> Ok, uninstalled #1 and updated to freeradius2
>
> radiusd started without a hitch withtesting Cleartext-Password :=
> "password" in users file.
>
> When I ran  radtest testing password localhost 0 testing123
>
> Received  -bash: /usr/bin/radtest: No such file or directory
>
> For academics sake here is the radius -X output.  (definitely not my
> granddads radius )
>
> [root@ldap1 raddb]# radiusd -X
> FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Sep 25
> 2012 at 10:55:14
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /etc/raddb/radiusd.conf
> including configuration file /etc/raddb/proxy.conf
> including configuration file /etc/raddb/clients.conf
> including files in directory /etc/raddb/modules/
> including configuration file /etc/raddb/modules/mac2ip
> including configuration file /etc/raddb/modules/radutmp
> including configuration file /etc/raddb/modules/inner-eap
> including configuration file /etc/raddb/modules/pam
> including configuration file /etc/raddb/modules/always
> including configuration file /etc/raddb/modules/pap
> including configuration file /etc/raddb/modules/detail
> including configuration file /etc/raddb/modules/sql_log
> including configuration file /etc/raddb/modules/preprocess
> including configuration file /etc/raddb/modules/realm
> including configuration file /etc/raddb/modules/echo
> including configuration file /etc/raddb/modules/soh
> including configuration file /etc/raddb/modules/etc_group
> including configuration file /etc/raddb/modules/passwd
> including configuration file /etc/raddb/modules/rediswho
> including configuration file /etc/raddb/modules/replicate
> including configuration file /etc/raddb/modules/checkval
> including configuration file /etc/raddb/modules/detail.log
> including configuration file /etc/raddb/modules/exec
> including configuration file /etc/raddb/modules/sradutmp
> including configuration file /etc/raddb/modules/acct_unique
> including configuration file /etc/raddb/modules/otp
> including configuration file /etc/raddb/modules/linelog
> including configuration file /etc/raddb/modules/smbpasswd
> including configuration file /etc/raddb/modules/attr_rewrite
> including configuration file /etc/raddb/modules/redis
> including configuration file /etc/raddb/modules/dynamic_clients
> including configuration file /etc/raddb/modules/chap
> including configuration file /etc/raddb/modules/opendirectory
> including configuration file /etc/raddb/modules/smsotp
> including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
> including configuration file /etc/raddb/modules/ntlm_auth
> including configuration file /etc/raddb/modules/ippool
> including configuration file /etc/raddb/modules/unix
> including configuration file /etc/raddb/modules/attr_filter
> including configuration file /etc/raddb/modules/mschap
> including configuration file /etc/raddb/modules/cui
> including configuration file /etc/raddb/modules/digest
> including configuration file /etc/raddb/modules/expr
> including configuration file /etc/raddb/modules/logintime
> including configuration file /etc/raddb/modules/counter
> including configuration file /etc/raddb/modules/detail.example.com
> including configuration file /etc/raddb/modules/perl
> including configuration file /etc/raddb/modules/mac2vlan
> including configuration file /etc/raddb/modules/expiration
> including configuration file /etc/raddb/modules/wimax
> including configuration file /etc/raddb/modules/policy
> including configuration file /etc/raddb/modules/files
> including configuration file /etc/raddb/eap.conf
> including configuration file /etc/raddb/policy.conf
> including files in directory /etc/raddb/sites-enabled/
> including configuration file /etc/raddb/sites-enabled/inner-tunnel
> including configuration file /etc/raddb/sites-enabled/control-socket
> including configuration file /etc/raddb/sites-enabled/default
> main {
> user = "radiusd"
> group = "radiusd"
> allow_core_dumps = no
> }
> including dictionary file /etc/raddb/dictionary
> main {
> name = "radiusd"
> prefix = "/usr"
> localstatedir = "/var"
> sbindir = "/usr/sbin"
> logdir = "/var/log/radius"
> run_dir = "/var/run/radiusd"
> libdir = "/usr/lib/freeradius"
> radacctdir = "/var/log/radius/radacct"
> hostname_lookups = no
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 1024
> pidfile = "/var/run/radiusd/rad

Re: FreeRADIUS & Hotspot

[Suman Dash]

Create Firewall Policy Between which will block all traffic from Internet
Subnet to Mikrotik Subnet !

On Mon, Jan 2, 2012 at 4:00 PM, hemant  wrote:

> But On this single Mikrotik Router,
> I am Giving access to internet for the HotSpot User, And
> also Creating users for the My Transmission team..??
> So how will these two IP subnet give me Desired Diifferentiated result..??
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Hotspot-tp5114296p5114376.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS & Hotspot

[Suman Dash]

On Mon, Jan 2, 2012 at 2:39 PM, hemant  wrote:

> Hello Guys,
>
> I have Installed Freeradius2 with MYSQL and WEBMIN as DaloRadius.
> I want to setup the FreeRADIUS for the Login Access To the Mikrotik
> Routers.
> I am also Setting up the FreeRADIUS for the HOTSPOT
> Users-authentication,accounting.


Login Access to Mikrotik Router or Internet ? I am assuming 1 profile for
each !!

>
> Right now i have added a client with /24 network and shared-secret,
> and created profiles on the daloRADIUS by using the Mikrotik Attributes,
> I can have READ/FULL/WRITE access to my routers. I am also using the REALMS
> for the Login & Hotspot Service Differentiations. I created two profiles
> with different realms as my router.
> i created users on these profiles one for login access and other only for
> hotspot access.
>
> But i have problem now that my HotSpot Users can also Login to My
> Router..
>

Use 2 Different IP Subnets. First Subnet which is same as the Mikrotik
Router will be used by Mikrotik users. Second Subnet will be used for
Internet . Use Internal Firewall to seperate inter subnet communication or
remove the routes .

Please help me here guys... I have to Submit the Project with detailed
report in 5 days..And i am right now no where near to completing it..??

Please any one ..Reply ASAP ..:)


--
View this message in context:
http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Hotspot-tp5114296p5114296.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius with Java

[Suman Dash]

Have you looked Jradius which is Radius Plugin for Java ?

On Wed, Dec 21, 2011 at 1:01 AM, Jeisson Fabian Perez Rodriguez <
jeissonfabian...@gmail.com> wrote:

> Hi, again,
>
> I've been trying to connect FreeRadius with an application on Java, but I
> don't find the correct way.
>
> Could somebody tell me something about it?, please!
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Failed to run Freeradius on CentoS

[Suman Dash]

Freeradius is already running or there is someone using the same port.
Check the error message as it carries the solution.

Regards
Suman

On Fri, Nov 25, 2011 at 3:12 PM, Bhanu Vegesna wrote:

> listen {
>type = "auth"
>ipaddr = 127.0.0.0
>port = 1812
> Failed binding to authentication address 127.0.0.0 port 1812 as server
> inner-tunnel: Address already in use
> /usr/local/etc/raddb/sites-enabled/inner-tunnel[32]: Error binding to
> port for 127.0.0.0 port 1812
>
>
> I tried to check if duplicate version of freeradius and changing  to
> use specifc ip no luck.
>
> Can any throw some light and help me out ?
>
> regards
> Bhanu
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to solve below issues

[Suman Dash]

symlink it to the actual file .

On Thu, Nov 10, 2011 at 2:11 PM, Harshavardhan chillakuru <
harshac...@gmail.com> wrote:

> 1.   when i run the radius for debugging mode using *radusd -X*command i 
> got error like
> *bash: radiusd: command not found*
>
> 2. ./radiusd: error while loading shared libraries:
> libfreeradius-radius-2.1.12.so: cannot open shared object file: No such
> file or directory
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Fixed Duration Weekly, Monthly and Daily Accounts

[Suman Dash]

You have the exact solution given by Fajar. See his SQL query and modify as
required.

Regards
Suman

On Sun, Oct 30, 2011 at 10:26 PM, JennyBlunt  wrote:

> Sorry if I wasn't clear. I want to be able to generate a monthly voucher -
> 30
> days access from the exact time of first login. A continuous clock ticking
> from the start time.
>
> I'm going to look at Fajar's suggestion now...
>
>
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/Fixed-Duration-Weekly-Monthly-and-Daily-Accounts-tp4950022p4950392.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Fixed Duration Weekly, Monthly and Daily Accounts

[Suman Dash]

Hi Alan,

I think the poster is asking for a continuous amount of time after login.
Setting Expiration will give a max valid period in which the user can login
but under no circumstances it can provide a continuous period of usage.

Poster is also not clear what will happen if the user disconnects and
connects again So i think the question asked here is incomplete.

Regards
Suman

On Sun, Oct 30, 2011 at 7:07 PM, Alan DeKok wrote:

> JennyBlunt wrote:
> > That's the one we're using. What I don't understand is that if we set up
> a
> > group with max-all-session = 43200 the user would get in total 43200
> > minutes. When, in reality, we're trying to give them a continuous 43200
> > minutes from first login.
>
>   Then set the expiration date when they first log in.
>
>  Remember: FreeRADIUS authenticates people.  It isn't a DB.
>
>  If you want to have it remember something, you need to store that
> information in a DB.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Fixed Duration Weekly, Monthly and Daily Accounts

[Suman Dash]

Re-Correct - Max-All-Session = 43200 ( It's in Seconds , Not in Minutes )

Second, It is not under our control to decide how much time the user users.
We can assign a continuous usage of XYZ minutes / Hours but what if the
user disconnects early ?

What happens when the user logins again ? Will you reject the user or
accept the user ?

Anyway, to answer your questions, Session-Timeout of 43200 is what needed
to give a continuous Session session of 43200. But again when the user
disconnects and re-logins , he/she will again get 43200 of time during
re-login.

Regards
Suman

On Sun, Oct 30, 2011 at 6:50 PM, JennyBlunt  wrote:

> That's the one we're using. What I don't understand is that if we set up a
> group with max-all-session = 43200 the user would get in total 43200
> minutes. When, in reality, we're trying to give them a continuous 43200
> minutes from first login.
>
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/Fixed-Duration-Weekly-Monthly-and-Daily-Accounts-tp4950022p4950078.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Fixed Duration Weekly, Monthly and Daily Accounts

[Suman Dash]

Expiration is actually the validity of the account. It does not calculates
the amount of time used. If you are looking to limit the session time i.e
100 hrs Monthly or anything , you need rlm_sqlcounter with attributes like
Max-Session-Time with a value.

In conjunction with Expiration, you can use Max-Session-Time to create
packages such as 1 Month 100 Hrs Browsing etc .

Feel to send any other query if you are stuck .

Regards
Suman

On Sun, Oct 30, 2011 at 6:28 PM, Fajar A. Nugraha  wrote:

> On Sun, Oct 30, 2011 at 7:39 PM, JennyBlunt  wrote:
> > How do I create a group which provides access for a preset amount of
> time,
> > for instance one day, week or month. I've tried by using expiration but
> > don't think thats right. Will the noreset parameter do this?
>
> >
> > In our current system (not freeradius), we'd set this up as a continuous
> > account which starts the counter the first time the users logs on.
>
> I actually suggest you use rlm_sqlcounter instead, which (for me) is
> easier to understand and maintain. Use the example noresetcounter from
> http://wiki.freeradius.org/Rlm_sqlcounter
>
> You can see exactly how the module counts whatever-it-uses (in the
> example it's SUM(AcctSessionTime)), and you can run the query manually
> for debugging purposes.
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Quota based on time with squid

[Suman Dash]

You have not instantiated the counters in Post-Auth . Read more about
counter and how it works and how you can enable the same.

Regards
Suman

On Sat, Oct 29, 2011 at 4:40 PM, senthil kumar
wrote:

> Hello Team
>
> The user can authenticate and browse at any time. May i know which
> entry i have to add to make user 'test' deny authenticate after 1
> hour?
>
> When ever a user authenticates it is logged in radpostauth.
>
> In /etc/raddb/users file i have a user test   "test"
> Cleartext-Password := "hello"
>
> my database details are as follows
>
> mysql> select * from radcheck;
> ++--+-++---+
> | id | username | attribute   | op | value |
> ++--+-++---+
> | 45 | test | Max-All-Session | := | 540   |
> ++--+-++---+
> INSERT into radcheck VALUES ('','test','Max-All-Session',':=','5400');
>
> mysql> select * from radpostauth;
> ++--+--+---+-+
> | id | username | pass | reply | authdate|
> ++--+--+---+-+
> | 54 | test | test | Access-Accept | 2011-10-19 13:59:18 |
> | 55 | test | test | Access-Accept | 2011-10-19 13:59:34 |
> | 56 | test | test | Access-Accept | 2011-10-19 14:22:57 |
> | 57 | test | test | Access-Accept | 2011-10-21 22:32:54 |
> | 58 | test | test | Access-Accept | 2011-10-25 15:11:34 |
> ++--+--+---+-+
> 5 rows in set (0.00 sec)
>
> radtest test hello  localhost 0 testing123
> Sending Access-Request of id 67 to 127.0.0.1 port 1812
>User-Name = "test"
>User-Password = "hello"
>NAS-IP-Address = 127.0.0.1
>NAS-Port = 0
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=67,
> length=20
>
>
> Please help me , thanks in advance
>
> Thanks,
> Senthil
>
> On Tue, Oct 25, 2011 at 3:06 PM, senthil kumar
>  wrote:
> > Thanks i will check in and let you know
> >
> > On Sat, Oct 22, 2011 at 12:37 AM, Alan DeKok 
> wrote:
> >> senthil kumar wrote:
> >>> I have installed free-radius in linux machine with accounting support
> >>> and was able to authenticate using radtest client.and also I was also
> >>> successfully authenticate with squid proxy server.
> >>
> >>  That's good to hear.
> >>
> >>> I need to assign quota to squid users based on the weekly/hourly
> >>> basis. I need users radius server to return packet reject when time is
> >>> expired. is it possible in radius?
> >>
> >>  Yes.  See the "counter" module, or the "sqlcounter" module.
> >>
> >>  The main issue is that they require the NAS to send accounting
> >> packets.  I don't know if squid does that.
> >>
> >>> I am using only linux machine with proxy server. whether NAS is needed?
> >>
> >>  In this case, squid is the NAS.  (i.e. machine sending Access-Request)
> >>
> >>> If so, can anyone help me in framing the rules for quota . eg 2 hours
> >>> a day. I have basic configuration and now when a user authenticates
> >>> login time is updated in the radpostauth.
> >>
> >>  This is documented in the sqlcounter module.  Look there first.
> >>
> >>  Alan DeKok.
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >>
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Custom MySQL Queries

[Suman Dash]

If you would like to disable a user why not to use the Auth-Type := Reject
which is natively available in freeradius. I don't think it is necessary to
re-invent the wheel.

Regards
Suman

On Thu, Oct 27, 2011 at 11:07 PM, JennyBlunt  wrote:

> Hello
>
> What's the best approach regarding custom mysql queries? I'd like to check
> if a user is blocked whilst authorising..
>
> Have tried to add something like this to my dictionary file:
>
> ATTRIBUTE   User-Disabled-Attr  3002integer
>
> And then putting a 1 / 0 in to radcheck against the user.
>
> What's the best way to do this kind of request? Is it better to write a
> lookup somewhere else?
>
> Thanks
>
> J
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/Custom-MySQL-Queries-tp4943692p4943692.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with F5 BigIP accouting : hexadecimal attribute

[Suman Dash]

NAS-IP-Address = *[IP address unknown, not corresponding to NAS interfaces]

* Did you added your F5 IP address to NAS Table ?

Regards
Suman
*
On Mon, Oct 17, 2011 at 4:56 PM, Vincent, Fabien
wrote:

> Dear all,
>
> ** **
>
> I’m using Radius for authenticating admin users on different network
> equipments. “group authorize {...}” works fine with rlm_ldap and group
> management.
>
> ** **
>
> But I have some problem for accounting on F5 BigIP LTM / GTM.
>
> ** **
>
> In fact, my radius accounting server is receiving accounting-request like
> this :
>
> ** **
>
> Accounting-Request packet from host 10.10.10.10 port 36875, id=29,
> length=281
>
> NAS-IP-Address = *[IP address unknown, not corresponding to NAS
> interfaces]*
>
> F5-Attr-14 =  *[Hexa decimal output starting with 0x …]*
>
> WARNING: Empty section.  Using default return values.
>
> +- entering group accounting {...}
>
> [sql]   expand: packet has no accounting status type. [user '%{User-Name}',
> nas '%{NAS-IP-Address}'] -> packet has no accounting status type. [user '',
> nas '*[nas IP unknown]*']
>
> [sql] packet has no accounting status type. [user '', nas '*[nas IP
> unknown]*']
>
> ++[sql] returns invalid
>
> Finished request 37.
>
> Cleaning up request 37 ID
>
> ** **
>
> Did someone  here already use accounting with F5 BigIP LTM or GTM ? I’m
> looking to make this working by changing audit_forward TCL script provided
> with F5 (syslog-ng) but I wasn’t able to produce something different …
>
> ** **
>
> I also tried to edit the dictionnary for F5 in *
> /usr/share/freeradius/dictionary.f5*
>
> *ATTRIBUTE   F5-LTM-User-Info-1  12   string*
>
> *ATTRIBUTE   F5-LTM-User-Info-2  13   string*
>
> *++ ATTRIBUTE   F5-Attr-14  14   octets*
>
> ** **
>
> Thanks in advance for your help !
>
> ** **
>
> *Fabien VINCENT*
>
> fabien.vinc...@coreye.fr
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: AW: Dynamic Attributes Based on NAS Type !

[Suman Dash]

I would like to have some insight in using virtual servers. But I am really
stuck at the point that if i use virtual server how will be the DB entry
look like i.e radreply / radgroup reply ?

As far i understand , the reply attributes with value should be available in
the reply table which matches to those of the NAS.

Regards
Suman

On Sun, Oct 9, 2011 at 4:32 PM, Alexandre Chapellon
wrote:

> I personnally use post-auth sections of each of my virtual server to send
> diffrenet attributes.
> I find It to be very clean way to achieve this.
>
> regards
>
> Le 08/10/2011 20:02, Wegener, Norbert a écrit :
>
>> The general idea is to setup a virtual server for each type of NAS and
>> make sure, that every NAS is loaded into the correct virtual server.
>>
>> With best regards,
>>
>> --**--**
>> 
>>
>> Norbert Wegener
>> Siemens IT Solutions and Services
>> AIS MS NC PSU SDC
>> Bruchstraße 5
>> 45883 Gelsenkirchen, Germany
>> Tel.: +49 (209) 94565716
>> Fax: +49 (201) 8165581284
>> mailto:norbert.wegener@atos.**net 
>>
>>
>> Atos IT Solutions and Services GmbH; Geschäftsführung: Winfried Holz,
>> Christian Oecking, Rainer-Christian Koppitz; Vorsitzender des Aufsichtsrats:
>> Charles Dehelly; Sitz der Gesellschaft: München, Deutschland;
>> Registergericht: München, HRB 184933.
>> --**--**
>> 
>> *Von:* freeradius-users-bounces+**norbert.wegener=atos.net@**
>> lists.freeradius.org 
>> [freeradius-users-bounces+
>> **norbert.wegener=atos.net@**lists.freeradius.org]"
>> im Auftrag von "Suman Dash [sumand...@gmail.com]
>> *Gesendet:* Samstag, 8. Oktober 2011 16:39
>> *Bis:* FreeRadius users mailing list
>> *Betreff:* Dynamic Attributes Based on NAS Type !
>>
>>
>> Hi Everyone ... Currently i am planning to integrate freeradius with
>> different NAS like Chillispot , Cisco etc and enable roaming users so that
>> they can log in from any of the NAS.
>>
>> As the reply items are different with different NAS , i am looking for
>> ideas how to enable a single user to roam and connect from different NAS.
>>
>> In my case i think static reply items are not possible per user wise or
>> per groupwise so my question is what trick can be used to achieve the same.
>>
>> I had not tried anything as i have no clue on the same so some highlights
>> on the approach will be a good starting point for me.
>>
>> Cheers
>> Suman
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
>> list/users.html <http://www.freeradius.org/list/users.html>
>>
>
> --
> <http://www.horoa.net>
>
> Alexandre Chapellon
>
> Ingénierie des systèmes open sources et réseaux.
> Follow me on twitter: @alxgomz 
> <http://www.twitter.com/**alxgomz<http://www.twitter.com/alxgomz>
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dynamic Attributes Based on NAS Type !

[Suman Dash]

Last night i also dreamt of sending all VSA to NAS but i was not sure what
will be the outcome so thanks for the info.

I have never worked with policies but it seems to be important so i will try
to learn the same.

Regards
Suman

On Sun, Oct 9, 2011 at 2:01 PM, Alan DeKok wrote:

> Stefan A. wrote:
> > If you read it ‚one of the ideas of having different virtual servers is
> > separation of policies for different NASses’ you are right.
> >
> > Suman was asking on how to send several NASses into the same policy.
>
>   The simplest way to do it is to set *generic* policies, and then
> re-write them in post-auth.  For example, define a "Policy-Name"
> attribute in the dictionary, and set it somewhere in the "authorize"
> section.  Then:
>
> post-auth {
>...
>
>if ("%{client:nas_type}" == "foo") {
>// map policies for client foo
>
>}
>elsif ("%{client:nas_type}" == "bar") {
>// map policies for client bar
>}
>...
> }
>
>  The underlying issue is that different NAS vendors have defined
> different attributes for the same functionality.
>
>  An even simpler solution is to just return all of the VSAs to each
> NAS.  As was said earlier, each NAS will ignore the ones it doesn't
> understand, and apply the ones it does.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dynamic Attributes Based on NAS Type !

[Suman Dash]

To be specific , I am concerned about the QoS VSA's .

For Example.

Mikrotik NAS - Mikrotik-Rate-Limit
Chillispot - Chillispot-Max-UP , Chillispot-Max-Down
Cisco - Cisco-Policy-UP , Cisco-Policy-Down

Now if the user logged from different NAS's the VSA will differ so it is not
possible to have a single entry in radgroupreply or radreply pertaining to a
kind of NAS.

I guess that this is not an out of the box feature in freeradius , instead i
need to use some kind of custom script in Post-Auth section which will check
the NAS Type and reply out the correct VSA's

I am looking for a unique identifier from NAS by which freeradius can
understand what type of NAS it is. I tried it and it seems that i have no
control on the Access-Request sent by NAS to freeradius.

The only idea which currently comes into my mind is to use nas.type value in
DB but incase the NAS Type is incorrectly specified reply attributes will go
nuts .

So any idea if there are any unique identifiers ?

Regards
Suman

On Sat, Oct 8, 2011 at 9:40 PM, Stefan A.  wrote:

> ** **
>
> Suman,
>
> As you did not say anything about the exact attributes, you will send to
> the NAC, here is how we do this:
>
> ** **
>
> we are also using different NAS and have to reply with different VSAs for
> setting up the QOS.
>
> We use the “existence of a specific VSAs”  (specified per NAS type) in the
> request to select the VSAs to be used in responses.
>
> ** **
>
> e.g: if we found the Starent Networks VSA ‘SN-Service-Type’ in the request,
> we reply with ‘SN-QOS-Profile’ to set up QoS
>
> This is save, as we won’t see any Starent VSAs in Cisco or Chillispot
> NASses.
>
> ** **
>
> To make this flexible, we have set up our own VSA to configure users QOS,
> which is then translated into the specific reply attributes for the NAS, the
> user is currently using.
>
> ** **
>
> Regards
>
> Stefan
>
> ** **
>
> *From:* freeradius-users-bounces+a.freeradius=
> premit...@lists.freeradius.org [mailto:
> freeradius-users-bounces+a.freeradius=premit...@lists.freeradius.org] *On
> Behalf Of *Suman Dash
> *Sent:* Saturday, October 08, 2011 4:40 PM
> *To:* FreeRadius users mailing list
> *Subject:* Dynamic Attributes Based on NAS Type !
>
> ** **
>
> Hi Everyone ... Currently i am planning to integrate freeradius with
> different NAS like Chillispot , Cisco etc and enable roaming users so that
> they can log in from any of the NAS.
>
> As the reply items are different with different NAS , i am looking for
> ideas how to enable a single user to roam and connect from different NAS.
>
> In my case i think static reply items are not possible per user wise or per
> groupwise so my question is what trick can be used to achieve the same.
>
> I had not tried anything as i have no clue on the same so some highlights
> on the approach will be a good starting point for me.
>
> Cheers
> Suman
>
> 
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dynamic Attributes Based on NAS Type !

[Suman Dash]

Hi Everyone ... Currently i am planning to integrate freeradius with
different NAS like Chillispot , Cisco etc and enable roaming users so that
they can log in from any of the NAS.

As the reply items are different with different NAS , i am looking for ideas
how to enable a single user to roam and connect from different NAS.

In my case i think static reply items are not possible per user wise or per
groupwise so my question is what trick can be used to achieve the same.

I had not tried anything as i have no clue on the same so some highlights on
the approach will be a good starting point for me.

Cheers
Suman
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Enforcing Login-Time on NAS

[Suman Dash]

Glad to be of some help !!

Cheers

On Tue, Sep 27, 2011 at 8:53 PM, shiv  wrote:

> Update - I've managed to get it working against a custom table in the mysql
> radius database. The sites-enabled/default authorize section is as below:-
>
> update request {
> Huntgroup-Name := "%{sql:SELECT `groupname` FROM
> `radhuntgroup` WHERE rtrmac='%{Called-Station-Id}'}"
>}
>
> if ("%{Huntgroup-Name}" != "") {
>update request{
>Tmp-String-0 = "%{sql:SELECT `logintime` FROM
> `wifihotspots` WHERE hotspotname='%{Huntgroup-Name}'}"
>}
>}
>
>if ( "%{Tmp-String-0}" != "") {
>update control{
>Login-Time := "%{Tmp-String-0}"
>}
>
>}
>
>
> The wifihotspots table contains Huntgroup-Name and its Corresponding
> Login-Time
> Thanks again for the help!
>
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/Enforcing-Login-Time-on-NAS-tp4845142p4845762.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Enforcing Login-Time on NAS

[Suman Dash]

Use Unlang or Similar Scripts :

If Nas = 1 then update Login Time = 

If Nas = 2 then update Login Time = 

Use this in PreAuth (I am not sure) Section and give it a try .

Regards
Suman

On Tue, Sep 27, 2011 at 5:42 PM, Shiv  wrote:

> I know that Login-Time can be used with Users and Groups but is there
> a way to use this with NAS'?
> For example, If I want NAS-A to allow logins only from 1700-1800 and
> NAS-B to allow logins only from 0900-1300. How would I be able to
> ensure this?
>
> I have tried this with Huntgroups, but only able to prevent/allow
> logins unconditionally. How do I attach the Login-Time attribute to
> NAS and not users or groups?
>
> --
> Regards,
> Shivkumar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dialup Admin

[Suman Dash]

Configure dialupadmin to use the correct mysql username / password.
freeradius is working well..

On Mon, Sep 19, 2011 at 8:44 AM, shawky skaff wrote:

>  Hi,
>
> I am having issues viewing content on the dialup screen, I can see the html
> links, when I select one of them say acconuting I just receive a error
> saying DEBUG(SQL,MYSQL DRIVER): Connect: User=root,Password=*
>
> *I have allowed all sql options in site-enabled default file.
>
> Running radiusd -X gives me the following output
>
> [root@radius conf]# radiusd -X
> FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31
> 2010 at 00:25:31
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /etc/raddb/radiusd.conf
> including configuration file /etc/raddb/proxy.conf
> including configuration file /etc/raddb/clients.conf
> including files in directory /etc/raddb/modules/
> including configuration file /etc/raddb/modules/counter
> including configuration file /etc/raddb/modules/etc_group
> including configuration file /etc/raddb/modules/attr_rewrite
> including configuration file /etc/raddb/modules/smbpasswd
> including configuration file /etc/raddb/modules/mschap
> including configuration file /etc/raddb/modules/logintime
> including configuration file /etc/raddb/modules/always
> including configuration file /etc/raddb/modules/ippool
> including configuration file /etc/raddb/modules/sql_log
> including configuration file /etc/raddb/modules/detail.log
> including configuration file /etc/raddb/modules/expiration
> including configuration file /etc/raddb/modules/echo
> including configuration file /etc/raddb/modules/checkval
> including configuration file /etc/raddb/modules/acct_unique
> including configuration file /etc/raddb/modules/sradutmp
> including configuration file /etc/raddb/modules/unix
> including configuration file /etc/raddb/modules/exec
> including configuration file /etc/raddb/modules/attr_filter
> including configuration file /etc/raddb/modules/wimax
> including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
> including configuration file /etc/raddb/modules/perl
> including configuration file /etc/raddb/modules/preprocess
> including configuration file /etc/raddb/modules/pam
> including configuration file /etc/raddb/modules/files
> including configuration file /etc/raddb/modules/linelog
> including configuration file /etc/raddb/modules/expr
> including configuration file /etc/raddb/modules/otp
> including configuration file /etc/raddb/modules/inner-eap
> including configuration file /etc/raddb/modules/detail.example.com
> including configuration file /etc/raddb/modules/digest
> including configuration file /etc/raddb/modules/mac2ip
> including configuration file /etc/raddb/modules/realm
> including configuration file /etc/raddb/modules/radutmp
> including configuration file /etc/raddb/modules/detail
> including configuration file /etc/raddb/modules/cui
> including configuration file /etc/raddb/modules/smsotp
> including configuration file /etc/raddb/modules/mac2vlan
> including configuration file /etc/raddb/modules/chap
> including configuration file /etc/raddb/modules/passwd
> including configuration file /etc/raddb/modules/policy
> including configuration file /etc/raddb/modules/pap
> including configuration file /etc/raddb/eap.conf
> including configuration file /etc/raddb/sql.conf
> including configuration file /etc/raddb/sql/mysql/dialup.conf
> including configuration file /etc/raddb/policy.conf
> including files in directory /etc/raddb/sites-enabled/
> including configuration file /etc/raddb/sites-enabled/inner-tunnel
> including configuration file /etc/raddb/sites-enabled/control-socket
> including configuration file /etc/raddb/sites-enabled/default
> group = radiusd
> user = radiusd
> including dictionary file /etc/raddb/dictionary
> main {
> prefix = "/usr"
> localstatedir = "/var"
> logdir = "/var/log/radius"
> libdir = "/usr/lib/freeradius"
> radacctdir = "/var/log/radius/radacct"
> hostname_lookups = no
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 1024
> allow_core_dumps = no
> pidfile = "/var/run/radiusd/radiusd.pid"
> checkrad = "/usr/sbin/checkrad"
> debug_level = 0
> proxy_requests = yes
>  log {
> stripped_names = no
> auth = no
> auth_badpass = no
> auth_goodpass = no
>  }
>  security {
> max_attributes = 200
> reject_delay = 1
> status_server = yes
>  }
> }
> radiusd:  Loading Realms and Home Servers 
>  proxy server {
> retry_delay = 5
> retry_count = 3
> default_fallback = no
>

Re: Test

[Suman Dash]

Its UP !!

On Fri, Sep 16, 2011 at 12:24 AM, Christ Schlacta  wrote:

> List is down.
>
> On 9/15/2011 07:49, Alan DeKok wrote:
>
>>   Is the list down, or are people quiet?
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
>> list/users.html 
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html 
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: anybody out there?

[Suman Dash]

ACK !

On Thu, Sep 15, 2011 at 8:28 PM, Arran Cudbard-Bell <
a.cudba...@freeradius.org> wrote:

> poke poke
>
> Arran Cudbard-Bell
> a.cudba...@freeradius.org
>
> Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WiSPr

[Suman Dash]

WISPr-Bandwidth-Max-Down / UP is indeed the Attribute which you are looking.
But you need search the mailing lists and find out how to add those into
radreply/radgroup reply.

Hint : Read http://wiki.freeradius.org/Rlm_sql

Regards
Suman

On Wed, Sep 14, 2011 at 9:34 PM, Suman Dash  wrote:

> Exactly ! Traffic Shaping has nothing to do with RADIUS. RADIUS will send
> values as configured to NAS. If NAS understands then NAS can use those
> attributes and do much more than just Traffic Shaping.
>
> Check the RADIUS dictionary of pfsense and you can find the attributes
> which will be used to control traffic.
>
> Once you get the attributes, use the same as Reply-Items and it will work
> like a charm.
>
> Read the basic documentation of RADIUS to understand how it works. There is
> already a lot of discussion regarding *lazy peoples*
>
> Regards
> Suman
>
>
> On Wed, Sep 14, 2011 at 9:18 PM, Luke Hammond wrote:
>
>>  By NAS i assume you men my pfsense. There isnt anywhere within Freeradius
>> to traffic shape? are you saying it has to be done on the router and not in
>> freeradius?
>>
>>
>> On 14/09/2011 12:11 PM, Suman Dash wrote:
>>
>> Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it
>> can be done !
>>
>> On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond wrote:
>>
>>>  Hey al, iread that i can rate limit on a per user basis with the 
>>> WISPr-Bandwidth-Max-Down
>>> and Up.. correct?
>>>
>>> Can someone please tell me how i can do this?  I have freeradius running
>>> on Ubuntu server, with mysql atabase and daloradius for web management.
>>>
>>> My users connect to the freeradius through the captive portal on my
>>> pfSense firewall.
>>>
>>> Thanks in advance
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WiSPr

[Suman Dash]

Exactly ! Traffic Shaping has nothing to do with RADIUS. RADIUS will send
values as configured to NAS. If NAS understands then NAS can use those
attributes and do much more than just Traffic Shaping.

Check the RADIUS dictionary of pfsense and you can find the attributes which
will be used to control traffic.

Once you get the attributes, use the same as Reply-Items and it will work
like a charm.

Read the basic documentation of RADIUS to understand how it works. There is
already a lot of discussion regarding *lazy peoples*

Regards
Suman

On Wed, Sep 14, 2011 at 9:18 PM, Luke Hammond  wrote:

>  By NAS i assume you men my pfsense. There isnt anywhere within Freeradius
> to traffic shape? are you saying it has to be done on the router and not in
> freeradius?
>
>
> On 14/09/2011 12:11 PM, Suman Dash wrote:
>
> Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can
> be done !
>
> On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond wrote:
>
>>  Hey al, iread that i can rate limit on a per user basis with the 
>> WISPr-Bandwidth-Max-Down
>> and Up.. correct?
>>
>> Can someone please tell me how i can do this?  I have freeradius running
>> on Ubuntu server, with mysql atabase and daloradius for web management.
>>
>> My users connect to the freeradius through the captive portal on my
>> pfSense firewall.
>>
>> Thanks in advance
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WiSPr

[Suman Dash]

Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can
be done !

On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond  wrote:

>  Hey al, iread that i can rate limit on a per user basis with the 
> WISPr-Bandwidth-Max-Down
> and Up.. correct?
>
> Can someone please tell me how i can do this?  I have freeradius running on
> Ubuntu server, with mysql atabase and daloradius for web management.
>
> My users connect to the freeradius through the captive portal on my pfSense
> firewall.
>
> Thanks in advance
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with rml_sqlcounter with GigaByte datavolume

[Suman Dash]

It is a matter which needs attention of Alan or Arran. Kindly send a Bug
Report so that this situation can be evaluated by the developers.

On Wed, Sep 14, 2011 at 6:29 PM, nfourel  wrote:

> I have the same result with integer rather than integer64. I tried on a 32
> bit server, and indeed, if I put a value bigger than 2^32 octets in
> Max-Input-Octets check-item, it wraps to 4294967295 octets and not to zero.
> So the problem seems to be with 64bit architecture and value bigger than
> 2^32 octets (like 100GB). Very strange behavior.
>
> ** **
>
> Nicolas
>
> ** **
>
> *De :* Suman Dash [via FreeRadius] [mailto:[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4802672&i=0>]
>
> *Envoyé :* mercredi 14 septembre 2011 14:53
>
> *À :* nfourel
> *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume
>
> ** **
>
> I have a working setup which takes Check-Item over 100GB But being a 32Bit
> counter is wraps in 2GB limit. I have not tried Integer64. Can you check
> what happens when you change it to 32bit in dictionary instead of declaring
> it as 64bit ?
>
>
> 
>
> On Wed, Sep 14, 2011 at 5:53 PM, nfourel <[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4802642&i=0>>
> wrote:
>
> The « check_item=0 » is reason why I posted my messages on this ML. If I
> put a value lesser than 2^32 (for example 100) for “Max-Input-Octets” in
> radcheck for username ‘click here. 
>
> --
> View this message in context: RE: Problem with rml_sqlcounter with
> GigaByte 
> datavolume<http://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4802672.html>
> Sent from the FreeRadius - User mailing list 
> archive<http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html>at
>  Nabble.com.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with rml_sqlcounter with GigaByte datavolume

[Suman Dash]

I have a working setup which takes Check-Item over 100GB But being a 32Bit
counter is wraps in 2GB limit. I have not tried Integer64. Can you check
what happens when you change it to 32bit in dictionary instead of declaring
it as 64bit ?



On Wed, Sep 14, 2011 at 5:53 PM, nfourel  wrote:

> The « check_item=0 » is reason why I posted my messages on this ML. If I
> put a value lesser than 2^32 (for example 100) for “Max-Input-Octets” in
> radcheck for username ‘[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4802561&i=0>’,
> everything is ok, check_item has the good value. If I put value bigger than
> 2^32, check_item is always equal to 0.
>
> ** **
>
> Any idea ?
>
> ** **
>
> Thanks****
>
> ** **
>
> Nicolas
>
> ** **
>
> *De :* Suman Dash [via FreeRadius] [mailto:[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4802561&i=1>]
>
> *Envoyé :* mercredi 14 septembre 2011 09:43
>
> *À :* nfourel
> *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume
>
> ** **
>
> check_item=0 , See why Max-Input-Octets is returned as 0 .
>
> On Wed, Sep 14, 2011 at 12:55 PM, nfourel <[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801896&i=0>>
> wrote:
>
> Hi,
>
>  
>
> Here is the result of the SQL Query :
>
>  
>
> SELECT SUM(AcctInputOctets) FROM radacct WHERE  click here. 
>
> --
> View this message in context: RE: Problem with rml_sqlcounter with
> GigaByte 
> datavolume<http://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4802561.html>
> Sent from the FreeRadius - User mailing list 
> archive<http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html>at
>  Nabble.com.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with rml_sqlcounter with GigaByte datavolume

[Suman Dash]

check_item=0 , See why Max-Input-Octets is returned as 0 .

On Wed, Sep 14, 2011 at 12:55 PM, nfourel wrote:

> Hi,
>
> ** **
>
> Here is the result of the SQL Query :
>
> ** **
>
> SELECT SUM(AcctInputOctets) FROM radacct WHERE  [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=0>
> ';
>
> ** **
>
> SUM(AcctInputOctets)
>
> 68882
>
> ** **
>
> And freeradius log for the counter section :
>
> ** **
>
> Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: Entering module authorize
> code
>
> Wed Sep 14 09:17:45 2011 : Debug: WARNING: Please replace '%k' with
> '${key}'
>
> Wed Sep 14 09:17:45 2011 : Debug: sqlcounter_expand:  'SELECT
> SUM(AcctInputOctets) FROM radacct WHERE UserName='%{User-Name}''
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets :  expand: SELECT
> SUM(AcctInputOctets) FROM radacct WHERE UserName='%{User-Name}' -> SELECT
> SUM(AcctInputOctets) FROM radacct WHERE [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=1>
> '
>
> Wed Sep 14 09:17:45 2011 : Debug: WARNING: Please replace '%S' with
> '${sqlmod-inst}'
>
> Wed Sep 14 09:17:45 2011 : Debug: sqlcounter_expand:  '%{sql:SELECT
> SUM(AcctInputOctets) FROM radacct WHERE [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=2>
> '}'
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : sql_xlat
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets :  expand:
> %{User-Name} -> [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=3>
> 
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : sql_set_user
> escaped user --> '[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=4>
> '
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets :  expand: SELECT
> SUM(AcctInputOctets) FROM radacct WHERE [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=5>'
> -> SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=6>
> '
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets:  expand:
> /usr/local/var/log/radius/sqltrace.sql ->
> /usr/local/var/log/radius/sqltrace.sql
>
> Wed Sep 14 09:17:45 2011 : Debug: rlm_sql (sql): Reserving sql socket id: 0
> 
>
> Wed Sep 14 09:17:45 2011 : Debug: rlm_sql_mysql: query:  SELECT
> SUM(AcctInputOctets) FROM radacct WHERE [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=7>
> '
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets: sql_xlat finished**
> **
>
> Wed Sep 14 09:17:45 2011 : Debug: rlm_sql (sql): Released sql socket id: 0
> 
>
> Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets :  expand:
> %{sql:SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=8>'}
> -> 68882
>
> Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
> less than zero
>
> Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: Rejected user [hidden
> email] <http://user/SendEmail.jtp?type=node&node=4801856&i=9>,
> check_item=0, counter=68882
>
> ** **
>
> Any idea ?
>
> ** **
>
> Thanks for your help
>
> ** **
>
> Nicolas
>
> ** **
>
> *De :* Suman Dash [via FreeRadius] [mailto:[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4801856&i=10>]
>
> *Envoyé :* mardi 13 septembre 2011 19:44
> *À :* nfourel
>
> *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume
>
> ** **
>
> SELECT SUM(AcctInputOctets) FROM radacct WHERE  UserName='username'
>
>
> Run the above query in mysql and post the result
>
> then post the freeradius log specific to this section.
>
> On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL <[hidden 
> email]<http://user/SendEmail.jtp?type=node&node=4799383&i=0>>
> wrote:
>
> Hi Arran,
>
> I have get version 3.0.0 with 64 bit counters support from Git and
> installed
> it. Unfortunatly, I still have the same problem with my sql counter which
> has always "check_item=0" when I put a value bigger than 2^32. On
> Access-Request in debug mode, I have the following lines :
>
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
&

Re: Problem with rml_sqlcounter with GigaByte datavolume

[Suman Dash]

SELECT SUM(AcctInputOctets) FROM radacct WHERE  UserName='username'

Run the above query in mysql and post the result

then post the freeradius log specific to this section.

On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL  wrote:

> Hi Arran,
>
> I have get version 3.0.0 with 64 bit counters support from Git and
> installed
> it. Unfortunatly, I still have the same problem with my sql counter which
> has always "check_item=0" when I put a value bigger than 2^32. On
> Access-Request in debug mode, I have the following lines :
>
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
> less than zero
> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user
> f...@bar.com,
> check_item=0, counter=68882
>
> Here is my counter definition :
> sqlcounter totalinputoctets {
>counter-name = Total-Max-Input-Octets
>check-name = Max-Input-Octets
>reply-name = ChilliSpot-Max-Input-Octets
>sqlmod-inst = sql
>key = User-Name
>reset = never
>query = "SELECT SUM(AcctInputOctets) FROM radacct WHERE
> UserName='%{%k}'"
> }
>
> I have added "Max-Input-Octets" in the dictionary file like that :
> ATTRIBUTE   Max-Input-Octets3001integer64
>
> In radcheck table:
> f...@bar.com Max-Input-Octets:=
> 107374182400
>
>
> Did I miss a thing ?
>
> Many thanks
>
> Nicolas
>
> -Message d'origine-
> De :
> freeradius-users-bounces+nicolas.fourel=adipsys@lists.freeradius.org
> [mailto:freeradius-users-bounces+nicolas.fourel
> =adipsys.com@lists.freeradius
> .org] De la part de Arran Cudbard-Bell
> Envoyé : lundi 12 septembre 2011 11:46
> À : FreeRadius users mailing list
> Objet : Re: Problem with rml_sqlcounter with GigaByte datavolume
>
>
> On 12 Sep 2011, at 10:20, nfourel wrote:
>
> > Thanks for your reply but I can't find any version 3.x.x of freeRADIUS.
> Where
> > can I find it ?
> >
>
> http://git.freeradius.org/
>
> 3.x.x is currently in development on the master branch.
>
> -Arran
>
> Arran Cudbard-Bell
> a.cudba...@freeradius.org
>
> RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to connect FreeRADIUS uding JAVA

[Suman Dash]

Look Into Jradius 

On Fri, Aug 26, 2011 at 1:02 PM, Rajkumar Balaji <
rajkumar.balaj...@gmail.com> wrote:

> Hi,
>
> If anyone knows how to connect FreeRADIUS using JAVA
> Please help me to solve this
>
> Thanks
>
> Regards
> Rajkumar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unlang Condition Wrong Value !

[Suman Dash]

Hi Arran,

I think i have managed to make the datacounter working. It may not be
the best counter but it is the best i have ever done in freeradius.
Below posted is the configs :

Post-Auth {
sql

# Unlang Data-Counter. Sends Mikrotik-Recv-Limit to NAS

update control  {
Tmp-Integer-0 = "%{sql:SELECT ((SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
WHERE
tbl_usergroup.username = '%{User-Name}') > (SELECT
IFNULL(SUM(AcctInputOctets) \

+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}'
\
AND
MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
YEAR(NOW(}"
Tmp-Integer-1 = "%{sql:SELECT ((SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
WHERE
tbl_usergroup.username = '%{User-Name}') - (SELECT
IFNULL(SUM(AcctInputOctets) \

+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}'
\
AND
MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
YEAR(NOW(}"
}
if ("%{control:Tmp-Integer-0}" == "1")  {
update reply{
Mikrotik-Recv-Limit :=
"%{control:Tmp-Integer-1}"
}
}
if ("%{control:Tmp-Integer-0}" == "0")  {
update reply{
Reply-Message := "Fair
Usage Policy Enforced, Bandwidth Limited"
Mikrotik-Rate-Limit :=
"128K/256K 128K/256K 128K/256K 180/180 8"
}
}

The caveats :

It will return a negative value if Max-used-Traffic is more than
Max-Monthly-Limit but we don't need that negative value as we will
enforce Mikrotik-Rate-Limit (i.e Fair Usage Policy)

If Max-Monthly-Limit - Max-used-Limit > 32bit Integer, The
Mikrotik-Recv-Limit will be wrapped and user will have a rough of 2GB
per session limit. If user disconnects again and connects , the same
thing applies.

However, user will be able to use 100% of Max-Monthly-Traffic
allocated in multiple sessions.

I hope someone can make a hybrid of this counter.

Regards
Suman


On Mon, Aug 8, 2011 at 8:04 PM, Arran Cudbard-Bell
 wrote:
>
> On 8 Aug 2011, at 16:29, Suman Dash wrote:
>
>> Just another small question before i jump into testing. If output from
>> sub-query is less than 32bit, I can easily store it in Tmp-Integer ,
>> But sometimes when the user data usage is null, the sub-query will
>> output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes.
>>
>> In that condition it is impossible to store it in Tmp-Integer . So
>> ultimately the Integer passed by xlat and the stored in Tmp-Integer
>> will differ.
>
> Yes. I'd imagine it'd be truncated.
>
> -Arran
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unlang Condition Wrong Value !

[Suman Dash]

Just another small question before i jump into testing. If output from
sub-query is less than 32bit, I can easily store it in Tmp-Integer ,
But sometimes when the user data usage is null, the sub-query will
output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes.

In that condition it is impossible to store it in Tmp-Integer . So
ultimately the Integer passed by xlat and the stored in Tmp-Integer
will differ.

Regards
Suman Dash

On Mon, Aug 8, 2011 at 7:45 PM, Arran Cudbard-Bell
 wrote:
>
> On 8 Aug 2011, at 16:11, Suman Dash wrote:
>
>> So what you say is that i do all comparision within sql sub-query and
>> whatever output i need to define if less than 32bit store it into an
>> Integer and do Unlang control / reply updates ?
>>
>> Seems quite right .. Will try and get back with results.
>
> Exactly :)
>
> Feel free to post some samples if you get it working and i'll put them up on 
> the wiki.
>
> -Arran
>>
>> On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell
>>  wrote:
>>>
>>>> Unfortunately I am not much of a programmer .
>>>
>>> Ok... but you know SQL right? Which is why i'm suggesting to do the 
>>> comparison in the SQL database.
>>>
>>>> Therefore if you can put
>>>> some examples / pointers based on my requirement, it will be a
>>>> headstart for me .
>>>
>>> http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html
>>>
>>> Use SELECT COUNT(*) for the outer query and then compare that value in 
>>> unlang.
>>>
>>> -Arran
>>>
>>> Arran Cudbard-Bell
>>> a.cudba...@freeradius.org
>>>
>>> RADIUS - Half the complexity of Diameter
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See 
>>> http://www.freeradius.org/list/users.html
>>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>
>
> Arran Cudbard-Bell
> a.cudba...@freeradius.org
>
> RADIUS - Half the complexity of Diameter
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unlang Condition Wrong Value !

[Suman Dash]

So what you say is that i do all comparision within sql sub-query and
whatever output i need to define if less than 32bit store it into an
Integer and do Unlang control / reply updates ?

Seems quite right .. Will try and get back with results.

Thanks for the tip..

Regards
Suman

On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell
 wrote:
>
>> Unfortunately I am not much of a programmer .
>
> Ok... but you know SQL right? Which is why i'm suggesting to do the 
> comparison in the SQL database.
>
>> Therefore if you can put
>> some examples / pointers based on my requirement, it will be a
>> headstart for me .
>
> http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html
>
> Use SELECT COUNT(*) for the outer query and then compare that value in unlang.
>
> -Arran
>
> Arran Cudbard-Bell
> a.cudba...@freeradius.org
>
> RADIUS - Half the complexity of Diameter
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unlang Condition Wrong Value !

[Suman Dash]

Hi Arran,

Unfortunately I am not much of a programmer . Therefore if you can put
some examples / pointers based on my requirement, it will be a
headstart for me . I had also read somewhere that if we can strip the
last 3 octet then atleast 4TB of traffic can be managed in replying
back .

However, there are a  lot of solutions but no examples or a working
config which can be tweaked.

Regards
Suman

On Mon, Aug 8, 2011 at 3:02 PM, Arran Cudbard-Bell
 wrote:
>
> On 8 Aug 2011, at 11:09, Suman Dash wrote:
>
>> What i mean to say is that i am not using an integer to store the
>> value as integer is limited to 32bit, Instead i am directly comparing
>> output from sql query in Unlanf but it doesn't seems to work either.
>
> Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In 
> general performance is valued over completeness when it comes to things like 
> unlang.
>
> Here are some workarounds:
>
> * You could store the result as a string and use an external utility to do 
> the comparison.
> * You could also try expr xlat, but i'm not sure if it supports arbitrary 
> precision either.
> * If you're just doing an equality check, then just write the value to a 
> string and do a straight string comparison.
> * You could do the comparison in SQL and return a boolean value (i've used 
> this as a workaround in the past).
> * You could write an xlat wrapper around one of the arbitrary precision 
> libraries.
>
> -Arran
>
>
>>
>> It returns false where it should be returning true.
>>
>> Regards
>>
>> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
>>  wrote:
>>>
>>> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>>>
>>>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>>>> How about direct sql statements in Unlang not involving the
>>>> Tmp-Integer. It is also not working in my scenario.
>>>>
>>>
>>> You mean a comparison of two integers from two SQL statements?
>>>
>>>> Attached is the logs.
>>>
>>> More useful would be the config...
>>>
>>> -Arran
>>>
>>>>
>>>>
>>>> Going to the next request
>>>> Ready to process requests.
>>>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>>>> id=55, length=132
>>>>        Service-Type = Framed-User
>>>>        Framed-Protocol = PPP
>>>>        NAS-Port = 60
>>>>        NAS-Port-Type = Ethernet
>>>>        User-Name = "10021"
>>>>        Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>>>        Called-Station-Id = "Internet"
>>>>        NAS-Port-Id = "LAN"
>>>>        User-Password = "10021"
>>>>        NAS-Identifier = "NTL.X"
>>>>        NAS-IP-Address = xxx.xx.xx.xx
>>>> # Executing section authorize from file 
>>>> /etc/freeradius/sites-enabled/default
>>>> +- entering group authorize {...}
>>>> ++[preprocess] returns ok
>>>> ++[chap] returns noop
>>>> ++[mschap] returns noop
>>>> ++[digest] returns noop
>>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>>> [suffix] No such realm "NULL"
>>>> ++[suffix] returns noop
>>>> [eap] No EAP-Message, not doing EAP
>>>> ++[eap] returns noop
>>>> [files] users: Matched entry DEFAULT at line 172
>>>> ++[files] returns ok
>>>> [sql]   expand: %{User-Name} -> 10021
>>>> [sql] sql_set_user escaped user --> '10021'
>>>> rlm_sql (sql): Reserving sql socket id: 1
>>>> [sql]   expand: SELECT id, username, attribute, value, op
>>>> FROM tbl_check           WHERE username = '%{SQL-User-Name}'
>>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>>> FROM tbl_check           WHERE username = '10021'           ORDER BY
>>>> id
>>>> [sql] User found in radcheck table
>>>> [sql]   expand: SELECT id, username, attribute, value, op
>>>> FROM tbl_reply           WHERE username = '%{SQL-User-Name}'
>>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>>> FROM tbl_reply           WHERE username = '10021'           ORDER BY
>>>> id
>>>> [sql]   expand: SELECT groupname           FROM tbl_usergroup
>>>> WHERE username = '%{SQL-Use

Re: Unlang Condition Wrong Value !

[Suman Dash]

Undermentioned is the complete config. This is a direct approach
without storing the results in Tmp-Integer . I assume that this direct
approach has nothing to do with 32bit length of Freeradius Attributes.

What i am looking to accomplish is a data counter which does not wraps
at 4GB, Checks whether total used traffic is less than
Max-Monthly-Traffic and based on the result it updates the reply
attribute.

 I have read a lot in mailing lists that people have accomplished it
with rlm_perl but i unable to find a similar script in freeradius
mailing list.

I understand that this feature will be beneficial to a lot of people
in community as a lot of people have done hacks and tricks to make it
work. So till now official Session counter is available but no data
counter.


if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}") {
update reply {
   Mikrotik-Recv-Limit := "%{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE
tbl_usergroup.username = '%{User-Name}'}" - "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}"
 }
else {
update reply {
Reply-Message := "Fair
Usage Policy Enforced, Bandwidth Limited"
Mikrotik-Rate-Limit :=
"128K/256K"

  }
 }
 }



Regards
Suman

On Mon, Aug 8, 2011 at 2:39 PM, Suman Dash  wrote:
> What i mean to say is that i am not using an integer to store the
> value as integer is limited to 32bit, Instead i am directly comparing
> output from sql query in Unlanf but it doesn't seems to work either.
>
> It returns false where it should be returning true.
>
> Regards
>
> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
>  wrote:
>>
>> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>>
>>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>>> How about direct sql statements in Unlang not involving the
>>> Tmp-Integer. It is also not working in my scenario.
>>>
>>
>> You mean a comparison of two integers from two SQL statements?
>>
>>> Attached is the logs.
>>
>> More useful would be the config...
>>
>> -Arran
>>
>>>
>>>
>>> Going to the next request
>>> Ready to process requests.
>>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>>> id=55, length=132
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 60
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "10021"
>>>        Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>>        Called-Station-Id = "Internet"
>>>        NAS-Port-Id = "LAN"
>>>        User-Password = "10021"
>>>        NAS-Identifier = "NTL.X"
>>>        NAS-IP-Address = xxx.xx.xx.xx
>>> # Executing section authorize from file 
>>> /etc/freeradius/sites-enabled/default
>>> +- entering group authorize {...}
>>> ++[preprocess] returns ok
>>> ++[chap] returns noop
>>> ++[mschap] returns noop
>>> ++[digest] returns noop
>>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>>> [suffix] No such realm "NULL"
>>> ++[suffix] returns noop
>>> [eap] No EAP-Message, not doing EAP
>>> ++[eap] returns noop
>>> [files] users: Matched entry DEFAULT at line 172
>>> ++[files] returns ok
>>> [sql]   expand: %{User-Name} -> 10021
>>> [sql] sql_set_user escaped user --> '10021'
>>> rlm_sql (sql): Reserving sql socket id: 1
>>> [sql]   expand: SELECT id, username, attribute, value, op
>>> FROM tbl_check           WHERE username = '%{SQL-User-Name}'
>>> ORDER BY id -> SELECT id, username, attribute, value, op
>>> FROM tbl_check 

Re: Unlang Condition Wrong Value !

[Suman Dash]

What i mean to say is that i am not using an integer to store the
value as integer is limited to 32bit, Instead i am directly comparing
output from sql query in Unlanf but it doesn't seems to work either.

It returns false where it should be returning true.

Regards

On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
 wrote:
>
> On 8 Aug 2011, at 09:32, Suman Dash wrote:
>
>> So it is not possible to store values more than 32 bit in Tmp-Integer.
>> How about direct sql statements in Unlang not involving the
>> Tmp-Integer. It is also not working in my scenario.
>>
>
> You mean a comparison of two integers from two SQL statements?
>
>> Attached is the logs.
>
> More useful would be the config...
>
> -Arran
>
>>
>>
>> Going to the next request
>> Ready to process requests.
>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
>> id=55, length=132
>>        Service-Type = Framed-User
>>        Framed-Protocol = PPP
>>        NAS-Port = 60
>>        NAS-Port-Type = Ethernet
>>        User-Name = "10021"
>>        Calling-Station-Id = "F4:EC:38:BA:8A:3B"
>>        Called-Station-Id = "Internet"
>>        NAS-Port-Id = "LAN"
>>        User-Password = "10021"
>>        NAS-Identifier = "NTL.X"
>>        NAS-IP-Address = xxx.xx.xx.xx
>> # Executing section authorize from file /etc/freeradius/sites-enabled/default
>> +- entering group authorize {...}
>> ++[preprocess] returns ok
>> ++[chap] returns noop
>> ++[mschap] returns noop
>> ++[digest] returns noop
>> [suffix] No '@' in User-Name = "10021", looking up realm NULL
>> [suffix] No such realm "NULL"
>> ++[suffix] returns noop
>> [eap] No EAP-Message, not doing EAP
>> ++[eap] returns noop
>> [files] users: Matched entry DEFAULT at line 172
>> ++[files] returns ok
>> [sql]   expand: %{User-Name} -> 10021
>> [sql] sql_set_user escaped user --> '10021'
>> rlm_sql (sql): Reserving sql socket id: 1
>> [sql]   expand: SELECT id, username, attribute, value, op
>> FROM tbl_check           WHERE username = '%{SQL-User-Name}'
>> ORDER BY id -> SELECT id, username, attribute, value, op
>> FROM tbl_check           WHERE username = '10021'           ORDER BY
>> id
>> [sql] User found in radcheck table
>> [sql]   expand: SELECT id, username, attribute, value, op
>> FROM tbl_reply           WHERE username = '%{SQL-User-Name}'
>> ORDER BY id -> SELECT id, username, attribute, value, op
>> FROM tbl_reply           WHERE username = '10021'           ORDER BY
>> id
>> [sql]   expand: SELECT groupname           FROM tbl_usergroup
>> WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
>> SELECT groupname           FROM tbl_usergroup           WHERE username
>> = '10021'           ORDER BY priority
>> [sql]   expand: SELECT id, groupname, attribute,           Value, op
>>        FROM tbl_groupcheck           WHERE groupname = '%{Sql-Group}'
>>          ORDER BY id -> SELECT id, groupname, attribute,
>> Value, op           FROM tbl_groupcheck           WHERE groupname =
>> 'TEST-10G'           ORDER BY id
>> [sql] User found in group TEST-10G
>> [sql]   expand: SELECT id, groupname, attribute,           value, op
>>        FROM tbl_groupreply           WHERE groupname = '%{Sql-Group}'
>>          ORDER BY id -> SELECT id, groupname, attribute,
>> value, op           FROM tbl_groupreply           WHERE groupname =
>> 'TEST-10G'           ORDER BY id
>> rlm_sql (sql): Released sql socket id: 1
>> ++[sql] returns ok
>> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
>> ++[checkval] returns ok
>> [expiration] Checking Expiration time: '1 Sep 2011'
>> ++[expiration] returns ok
>> ++[logintime] returns noop
>> ++[pap] returns updated
>> Found Auth-Type = PAP
>> # Executing group from file /etc/freeradius/sites-enabled/default
>> +- entering group PAP {...}
>> [pap] login attempt with password "x"
>> [pap] Using CRYPT password "Wh1vvjSX72NI6"
>> [pap] User authenticated successfully
>> ++[pap] returns ok
>> # Executing section session from file /etc/freeradius/sites-enabled/default
>> +- entering group session {...}
>> [radutmp]       expand: /var/log/freeradius/radutmp ->
>&

Re: Unlang Condition Wrong Value !

[Suman Dash]

led/default
+- entering group accounting {...}
[detail]expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/xxx.xx.xx.xx/detail-20110808
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/xxx.xx.xx.xx/detail-20110808
[detail]expand: %t -> Mon Aug  8 01:31:49 2011
++[detail] returns ok
++[unix] returns ok
[radutmp]   expand: /var/log/freeradius/radutmp ->
/var/log/freeradius/radutmp
[radutmp]   expand: %{User-Name} -> 10021
++[radutmp] returns ok
[sql]   expand: %{User-Name} -> 10021
[sql] sql_set_user escaped user --> '10021'
[sql]   expand: %{Acct-Delay-Time} -> 0
[sql]   expand:INSERT INTO tbl_acct
(acctsessionid,acctuniqueid, username,  realm,
   nasipaddress, nasportid,  nasporttype,
acctstarttime,acctstoptime,  acctsessiontime,
acctauthentic,connectinfo_start,  connectinfo_stop,
acctinputoctets,  acctoutputoctets,  calledstationid,
callingstationid, acctterminatecause,  servicetype,
framedprotocol,   framedipaddress,  acctstartdelay,
acctstopdelay,xascendsessionsvrkey)   VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',  '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',  '%{NAS-Port-Type}', '%S', NULL,
  '0', '%{Acct-Authentic}', '%{Connect-Info}',  '', '0',
'0',  '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
 '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]   expand: %{User-Name} -> 10021
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 56 to xxx.xx.xx.xx port 40276
Finished request 3.
Cleaning up request 3 ID 56 with timestamp +17
Going to the next request
Waking up in 4.8 seconds.

The condition outputs 23737418240 > 21093361889 RETURNS FALSE .

On Mon, Aug 8, 2011 at 12:51 PM, Arran Cudbard-Bell
 wrote:
> RFC 2865:
>
>      integer   32 bit unsigned value, most significant octet first.
>
> FreeRADIUS is just a RADIUS server, and the temporary integer attributes are 
> just RADIUS attributes.
>
> -Arran
>
>
>
> On 8 Aug 2011, at 09:11, Suman Dash wrote:
>
>> I am trying to replace sqlcounter with Unland expression in Post Auth
>> Section. The values are successfully called but while storing in
>> Tmp-Interger those are stripped. Below are the logs .
>> As you can see from the logs that Mysql returns a value of 20989570594
>> But it's stored as 3557549056 for Tmp-Integer-0
>>
>> The same happens to Tmp-Integer-1 due to which the expression output
>> becomes FALSE instead of TRUE.
>>
>> Is this the limitation of Tmp-Integer as it is an 32bit int ?
>>
>> ##Post-Auth Section
>>
>> sql
>> update control    {
>>                            Tmp-Integer-0 := "%{sql:SELECT
>> IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
>>                                                FROM tbl_acct WHERE
>> UserName='%{User-Name}' \
>>                                                AND
>> MONTH(acctstoptime) = MONTH(NOW()) \
>>                                                AND YEAR(acctstoptime)
>> = YEAR(NOW())}"
>>                            Tmp-Integer-1 := "%{sql:SELECT
>> tbl_groupcheck.value from tbl_groupcheck \
>>                                                JOIN tbl_usergroup on
>> tbl_groupcheck.groupname = tbl_usergroup.groupname \
>>                                                where
>> tbl_usergroup.username = '%{User-Name}'}"
>>                          }
>>                if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") {
>>                                update reply {
>>                                        Mikrotik-Recv-Limit :=
>> "%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}"
>>                                             }
>>                                                                             }
>>                if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") 
>> {
>>                                update reply {
>>               

Unlang Condition Wrong Value !

[Suman Dash]

I am trying to replace sqlcounter with Unland expression in Post Auth
Section. The values are successfully called but while storing in
Tmp-Interger those are stripped. Below are the logs .
As you can see from the logs that Mysql returns a value of 20989570594
But it's stored as 3557549056 for Tmp-Integer-0

The same happens to Tmp-Integer-1 due to which the expression output
becomes FALSE instead of TRUE.

Is this the limitation of Tmp-Integer as it is an 32bit int ?

##Post-Auth Section

sql
update control{
Tmp-Integer-0 := "%{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
FROM tbl_acct WHERE
UserName='%{User-Name}' \
AND
MONTH(acctstoptime) = MONTH(NOW()) \
AND YEAR(acctstoptime)
= YEAR(NOW())}"
Tmp-Integer-1 := "%{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
where
tbl_usergroup.username = '%{User-Name}'}"
  }
if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") {
update reply {
Mikrotik-Recv-Limit :=
"%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}"
 }
 }
if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") {
update reply {
Reply-Message := "Fair Usage
Policy Enforced, Bandwidth Limited"
Mikrotik-Rate-Limit :=
"128K/256K 128K/256K 128K/256K 180/180 8"
 }
  }
##MySQL Table   



mysql> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
-> FROM tbl_acct WHERE UserName='10021'
-> AND MONTH(acctstoptime) = MONTH(NOW())
-> AND YEAR(acctstoptime) = YEAR(NOW());

+--+
| IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) |
+--+
|  20989570594 |
+--+
1 row in set (0.00 sec)

mysql> SELECT tbl_groupcheck.value from tbl_groupcheck
->  JOIN tbl_usergroup on tbl_groupcheck.groupname = 
tbl_usergroup.groupname
->  where tbl_usergroup.username = '10021';

+-+
| value   |
+-+
| 20737418240 |
+-+
1 row in set (0.00 sec)


##RADIUS DEBUG LOG


Finished request 4.
Cleaning up request 4 ID 176 with timestamp +15
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198,
id=236, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 56
NAS-Port-Type = Ethernet
User-Name = "10021"
Calling-Station-Id = "XX:XX:XX:XX:XX:XX"
Called-Station-Id = "Internet"
NAS-Port-Id = "LAN"
User-Password = "10021"
NAS-Identifier = "XXX.XXX"
NAS-IP-Address = XXX.XX.XX.86
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "10021", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql]   expand: %{User-Name} -> 10021
[sql] sql_set_user escaped user --> '10021'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op
FROM tbl_check   WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_check   WHERE username = '10021'   ORDER BY
id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op
FROM tbl_reply   WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM tbl_reply   WHERE username = '10021'   ORDER BY
id
[sql]   expand: SELECT groupname   FROM tbl_usergroup
 WHERE username = '%{SQL-User-N

Re: Opposite of Expiraton attribute?

[Suman Dash]

Or Else !

Expiration = First-Login + N (Days , Hours , Minutes ). This can be done 
by any script or Web Frontend. It will allow you to define an Expiration 
of N from the date of first login.


Regards
On 6/17/2011 10:53 AM, Matthew George wrote:


Is there an attribute that is the opposite of expiration?

I'm trying to setup accounts to have a specific login time range.

For example;
Start-Time >= 5 June 2011 00:00:00
Expiration == 5 June 2011 02:00:00

I've been hunting googling for hours but I've been unable to find an 
attribute that would let me specific a "start-time" or a "valid-after" 
attribute.


Any suggestions?



__ Information from ESET NOD32 Antivirus, version of virus 
signature database 6042 (20110414) __


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 6042 (20110414) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Opposite of Expiraton attribute?

[Suman Dash]

Use First-Login , It may solve your purpose !

On 6/17/2011 10:53 AM, Matthew George wrote:


Is there an attribute that is the opposite of expiration?

I'm trying to setup accounts to have a specific login time range.

For example;
Start-Time >= 5 June 2011 00:00:00
Expiration == 5 June 2011 02:00:00

I've been hunting googling for hours but I've been unable to find an 
attribute that would let me specific a "start-time" or a "valid-after" 
attribute.


Any suggestions?



__ Information from ESET NOD32 Antivirus, version of virus 
signature database 6042 (20110414) __


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 6042 (20110414) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:

[Suman Dash]

Please read the documentation on how to setup freeradius. From your post 
it is unclear as what type of auth you need. There are official docs at 
freeradius.org which you might want to see.


On 4/26/2011 10:16 AM, arpitha arpitha wrote:

hi, 'm very new to freeradius, i want to setup radius server to
authenticate another system connected through an access point. i'l b
grateful if any1 can tell d steps 2 do this r give links 2 d related
materials. Thnks in advance :-)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 6042 (20110414) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Please help me with sqlcounter

[Suman Dash]

I am trying to do the same in sqlcounter but looks like the %b is hard 
coded and there is no way to make it dynamically read from database. I 
have tried using custom sqlcounter but it doe not escapes properly.


Anyone effort in commenting on this thread will be highly appreciable as 
it will enable the user to do a custom time based session accounting 
instead of fixed 1 ~ 30 date accounting.


Best Regards
Suman


On 3/21/2011 11:54 AM, frankfang wrote:

I want to use sqlcounter to control the user's traffic usage, and I have
these needs:

1. I have read  http://wiki.freeradius.org/Rlm_sqlcounter the wiki  about
the sqlcounter, and I get %b as the unix time value of beginning of reset
period but how can I set this value? I want to sqlcounter begin count at
a specific time such as the register time.. Is it possible?

2. When user's traffic usage over a value, I hope the server will disconnect
the connected user immediately, Is it possible for doing this?

I have read some article about sqlcounter, but I'm still confused about
these questions, can anyone help me?

I'm very appreciate for your help

--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Please-help-me-with-sqlcounter-tp4192991p4192991.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5924 (20110303) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SQL Unlang !

[Suman Dash]

I am looking forward for a short example on how to store a SQL query to 
a variable which can be used in next condition in UNLANG.


I have no knowledge of unlang but i got a fair amount of idea with the 
condition checks , just need a little insight on the result stores .


For Ex.

result1 = {some sql query}

result2 = {some sql query}

update control

Session-Timeout :=  Result1 - Result 2

Thanks in advance
Suman


On 3/16/2011 4:09 PM, Alan DeKok wrote:

Suman Dash wrote:

  Hi Alan,

Did you managed to look into the issue ?

   No.


or maybe any hints on how to use DATETIME in Expiration instead of String ?

   Honestly, in 2.1.10, you can just write SELECT statements directly in
"unlang".

update reply {
Session-Timeout := "%{sql: SELECT ...}"
}

   Couple that with a few other things, and you should be able to replace
the sqlcounter module entirely.

   i.e. I don't use that module, and I know little or nothing about it.
I have little time to do anything with it.

   Alan DeKok.


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5924 (20110303) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Counter Escape String !

[Suman Dash]

Much thanks Alan,

That was some really good advice on how to make the thing work.

So now i have to write unlang statement in preprocess so that it 
directly gives the Session-Timeout . Please correct me if i am wrong.


Thanks Again
On 3/16/2011 4:09 PM, Alan DeKok wrote:

Suman Dash wrote:

  Hi Alan,

Did you managed to look into the issue ?

   No.


or maybe any hints on how to use DATETIME in Expiration instead of String ?

   Honestly, in 2.1.10, you can just write SELECT statements directly in
"unlang".

update reply {
Session-Timeout := "%{sql: SELECT ...}"
}

   Couple that with a few other things, and you should be able to replace
the sqlcounter module entirely.

   i.e. I don't use that module, and I know little or nothing about it.
I have little time to do anything with it.

   Alan DeKok.


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5924 (20110303) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Counter Escape String !

[Suman Dash]

Hi Alan,

Did you managed to look into the issue ?

or maybe any hints on how to use DATETIME in Expiration instead of String ?

Regads
Suman

On 3/15/2011 4:04 PM, Suman Dash wrote:

Dear Alan,

I have not removed any debug messages. I will try to put everything 
once again . I was not aware that i sent you a mail. I am having a 
nightmare and accidently i clicked Send All instead of selecting the 
mailing list.


sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never

query = "SELECT SUM(acctsessiontime) FROM tbl_acct where \
username = '%{%k}' AND acctstarttime BETWEEN \
(SELECT STR_TO_DATE((SELECT value FROM tbl_check \
WHERE username = '%{%k}' AND attribute = 
'Activation'), 'd M Y H:i:s')) \
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check 
WHERE username = '%{%k}' \
AND attribute = 'Expiration'), 'd M Y 
H:i:s'))"

}


DEBUG

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 122.175.85.117 port 21658, 
id=10, length=59

User-Name = "suman"
User-Password = "duman12"
Calling-Station-Id = "001122334455"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "suman", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql]   expand: %{User-Name} -> suman
[sql] sql_set_user escaped user --> 'suman'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op   
FROM tbl_check   WHERE username = '%{SQL-User-Name}'   
ORDER BY id -> SELECT id, username, attribute, value, op   
FROM tbl_check   WHERE username = 'suman'   ORDER BY id

[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op   
FROM tbl_reply   WHERE username = '%{SQL-User-Name}'   
ORDER BY id -> SELECT id, username, attribute, value, op   
FROM tbl_reply   WHERE username = 'suman'   ORDER BY id
[sql]   expand: SELECT groupname   FROM 
tbl_usergroup   WHERE username = '%{SQL-User-Name}'   
ORDER BY priority -> SELECT groupname   FROM 
tbl_usergroup   WHERE username = 'suman'   ORDER BY 
priority
[sql]   expand: SELECT id, groupname, attribute,   Value, 
op   FROM tbl_groupcheck   WHERE groupname = 
'%{Sql-Group}'   ORDER BY id -> SELECT id, groupname, 
attribute,   Value, op   FROM tbl_groupcheck   
WHERE groupname = 'Biz1Mbps-UL'   ORDER BY id

[sql] User found in group Biz1Mbps-UL
[sql]   expand: SELECT id, groupname, attribute,   value, 
op   FROM tbl_groupreply   WHERE groupname = 
'%{Sql-Group}'   ORDER BY id -> SELECT id, groupname, 
attribute,   value, op   FROM tbl_groupreply   
WHERE groupname = 'Biz1Mbps-UL'   ORDER BY id

rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT SUM(acctsessiontime) FROM tbl_acct 
where username = '%{User-Name}' AND acctstarttime 
BETWEEN (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE username = '%{User-Name}' AND 
attribute = 'Activation'), '%0%0d %0%0M %0%0Y 
%0%0H:%0%0i:%0%0s')) AND (SELECT STR_TO_DATE((SELECT 
value FROM tbl_check WHERE username = '%{User-Name}' 
AND attribute = 'Expiration'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s'))'

[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.t

Re: SQL Counter Escape String !

[Suman Dash]

 expand: %{sql:SELECT SUM(acctsessiontime) FROM 
radacct where

 username = 'suman' AND acctstarttime BETWEEN
 (SELECT STR_TO_DATE((SELECT value FROM radcheck
 WHERE username = 'suman' AND attribute = 
'Activation'), '%d %M %Y %H:%i:%s'))
 AND (SELECT STR_TO_DATE((SELECT value FROM radcheck 
WHERE username = 'suman'

 AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s'))} ->
rlm_sqlcounter: No integer found in string ""
++[monthlycounter] returns noop
[expiration] Checking Expiration time: '5 Apr 2011 23:59:59'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "duman12"
[pap] Using CRYPT password "AEgNJ3NmPjAKs"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file 
/usr/local/etc/raddb/sites-enabled/default

+- entering group post-auth {...}
[sqlippool] No Pool-Name defined.
[sqlippool] expand: No Pool-Name defined   (did %{Called-Station-Id} 
cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> No 
Pool-Name defined   (did  cli 001122334455 port  user suman)

No Pool-Name defined   (did  cli 001122334455 port  user suman)
++[sqlippool] returns noop
[sql]   expand: %{User-Name} -> suman
[sql] sql_set_user escaped user --> 'suman'
[sql]   expand: %{User-Password} -> duman12
[sql]   expand: INSERT INTO radpostauth   
(username, pass, reply, authdate)   VALUES 
(   '%{User-Name}',   
'%{%{User-Password}:-%{Chap-Password}}',   
'%{reply:Packet-Type}', '%S') -> INSERT INTO 
radpostauth   (username, pass, reply, 
authdate)   VALUES (   
'suman',   'duman12',   
'Access-Accept', '2011-03-15 18:53:17')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
radpostauth   (username, pass, reply, 
authdate)   VALUES (   
'suman',   'duman12',   
'Access-Accept', '2011-03-15 18:53:17')

rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 35 to 122.175.85.117 port 12893
Session-Timeout = 1832802
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.



On 3/15/2011 3:29 PM, Alan DeKok wrote:

Suman Dash wrote:

  sqlcounter monthlycounter {

...

 WHERE username = '%{%k}' AND attribute = 'Activation'),
'd M Y H:i:s')) \

   The debug log doesn't show that this string is being used.

   And *again* you delete large amounts of the debug log.  Why?  It just
makes it harder to help you.

   In short: you are editing a configuration file, BUT the server isn't
using the configuration file you're editing.  That is likely the *major*
source of the problems you're seeing.

   And don't CC me on messages to the list.  I *do* read the list.  And
especially do NOT set "return receipt requested".  It's rude and
annoying.  If it keeps up, I'll just delete the messages unread.

   Alan DeKok.


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5924 (20110303) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Counter Escape String !

[Suman Dash]

 '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter]expand: SELECT SUM(acctsessiontime) FROM 
tbl_acct where username = 'suman' AND acctstarttime 
BETWEEN (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE username = 'suman' AND attribute = 
'Activation'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s')) 
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 
'suman' AND attribute = 'Expiration'), '%0%0d %0%0M 
%0%0Y %0%0H:%0%0i:%0%0s')) -> SELECT SUM(acctsessiontime) FROM tbl_acct 
where username = 'suman' AND acctstarttime 
BETWEEN (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE username = 'suman' AND attribute = 
'Activation'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s')) 
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 
'suman' AND attribute = 'Expiration'), '%0%0d %0%0M 
%0%0Y %0%0H:%0%0i:%0%0s'))

rlm_sql (sql): Reserving sql socket id: 2
[monthlycounter] row[0] returned NULL
rlm_sql (sql): Released sql socket id: 2
[monthlycounter]expand: %{sql:SELECT SUM(acctsessiontime) FROM 
tbl_acct where username = 'suman' AND acctstarttime 
BETWEEN (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE username = 'suman' AND attribute = 
'Activation'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s')) 
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 
'suman' AND attribute = 'Expiration'), '%0%0d %0%0M 
%0%0Y %0%0H:%0%0i:%0%0s'))} ->

rlm_sqlcounter: No integer found in string ""
++[monthlycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_checkval: Item Name: Calling-Station-Id, Value: 001122334455
rlm_checkval: Value Name: Calling-Station-Id, Value: 001122334455
++[checkval] returns ok
[expiration] Checking Expiration time: '13 Mar 2012 21:37:23'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "duman12"
[pap] Using CRYPT encryption.
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sqlippool] No Pool-Name defined.
[sqlippool] expand: No Pool-Name defined   (did %{Called-Station-Id} 
cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> No 
Pool-Name defined   (did  cli 001122334455 port  user suman)

No Pool-Name defined   (did  cli 001122334455 port  user suman)
++[sqlippool] returns noop
[sql]   expand: %{User-Name} -> suman
[sql] sql_set_user escaped user --> 'suman'
[sql]   expand: %{User-Password} -> duman12
[sql]   expand: INSERT INTO tbl_postauth   
(username, pass, reply, authdate)   VALUES 
(   '%{User-Name}',   
'%{%{User-Password}:-%{Chap-Password}}',   
'%{reply:Packet-Type}', '%S') -> INSERT INTO 
tbl_postauth   (username, pass, reply, 
authdate)   VALUES (   
'suman',   'duman12',   
'Access-Accept', '2011-03-15 15:57:53')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
tbl_postauth   (username, pass, reply, 
authdate)   VALUES (   
'suman',   'duman12',   
'Access-Accept', '2011-03-15 15:57:53')

rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 10 to 122.175.85.117 port 21658
Session-Timeout = 31469970
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 10 with timestamp +3
Ready to process requests.



The above is the complete log , nothing removed . As you can see %0%0d 
%0%0M %0%0Y %0%0H:%0%0i:%0%0s which is nothing but d %%%M Y 
H 
I am using freeradius 2.1.8 and now i am in a process of checking the 
same in the latest release.


As for the read receipt is concerned then i am sorry in case i have 
annoyed you in any way.


Best Regards
Suman Dash




On 3/15/2011 3:29 PM, Alan DeKok wrote:

Suman Dash wrote:

  sqlcounter monthlycounter {

...

 WHERE username = '%{%k}' AND attribute = 'Activation'),
'd M Y H:i:s')) \

   The debug log doesn't show that this string is being used.

   And *again* you delete large amounts of the debug log.  Why?  It just
makes it harder to help you.

   In short: you are editing a configuration file, BUT the server isn't
using the configuration file you're editing.  That is likely the *major*
source of the problems you're seeing.

   And don't CC me on messages to the list.  I *do* read the list.  And
especially do NOT set "return receipt requested".  It's rude and
annoying.  If it keeps up, I'll just delete the messages unread.

   Alan DeKok.


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5924 (20110303) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Counter Escape String !

[Suman Dash]

bute = 'Expiration'), '%0d %0M %0Y 
%0H:%0i:%0s')) -> SELECT SUM(acctsessiontime) FROM tbl_acct where
username = 'suman' AND acctstarttime 
BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = 'suman' AND attribute = 'Activation'), 
'%0d %0M %0Y %0H:%0i:%0s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check 
WHERE username = 'suman'

AND attribute = 'Expiration'), '%0d %0M %0Y %0H:%0i:%0s'))
rlm_sql (sql): Reserving sql socket id: 2
[monthlycounter] row[0] returned NULL
rlm_sql (sql): Released sql socket id: 2
[monthlycounter]expand: %{sql:SELECT SUM(acctsessiontime) FROM 
tbl_acct where username = 'suman' AND acctstarttime BETWEEN

(SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = 'suman' AND attribute = 'Activation'), 
'%0d %0M %0Y %0H:%0i:%0s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check 
WHERE username = 'suman'
AND attribute = 'Expiration'), '%0d %0M %0Y 
%0H:%0i:%0s'))} ->

rlm_sqlcounter: No integer found in string ""
++[monthlycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_checkval: Item Name: Calling-Station-Id, Value: 001122334455
rlm_checkval: Value Name: Calling-Station-Id, Value: 001122334455
++[checkval] returns ok
[expiration] Checking Expiration time: '13 Mar 2012 21:37:23'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "duman12"
[pap] Using CRYPT encryption.
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sqlippool] No Pool-Name defined.
[sqlippool] expand: No Pool-Name defined   (did %{Called-Station-Id} 
cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> No 
Pool-Name defined   (did  cli 001122334455 port  user suman)

No Pool-Name defined   (did  cli 001122334455 port  user suman)
++[sqlippool] returns noop
[sql]   expand: %{User-Name} -> suman
[sql] sql_set_user escaped user --> 'suman'
[sql]   expand: %{User-Password} -> duman12
[sql]   expand: INSERT INTO tbl_postauth   
(username, pass, reply, authdate)   VALUES 
(   '%{User-Name}',   
'%{%{User-Password}:-%{Chap-Password}}',   
'%{reply:Packet-Type}', '%S') -> INSERT INTO 
tbl_postauth   (username, pass, reply, 
authdate)   VALUES (   
'suman',   'duman12',   
'Access-Accept', '2011-03-15 14:36:34')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
tbl_postauth   (username, pass, reply, 
authdate)   VALUES (   
'suman',   'duman12',   
'Access-Accept', '2011-03-15 14:36:34')

rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 6 to 122.175.85.117 port 19169
Session-Timeout = 31474849
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 6 with timestamp +3
Ready to process requests.



**

When the Counter Reset Period is monthly , %%' becomes '%1298917800

When the Counter Reset Period is Never , New Problem Arises i.e %0d %0M 
%0Y %0H:%0i:%0s



Best Regards
Suman

Suman Dash wrote:

I have tried almost all sql escape but looks like none are working or
maybe i am missing something. I am stuck in this issue for more than 3
days and now i don't have any clue due to which i am trying to reach for
help on the mailing list.

   Hmm... the issue seems to be that the sqlcounter module does it's own
string expansion, and gets it *horribly* wrong.

   As for why '%%' becomes '%1298917800', I have no idea.  Posting *more*
debug output might help.  What you did post was the final result of the
expansion, and didn't include *how* that expansion came about.

   Alan DeKok.


__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5924 (20110303) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Counter Escape String !

[Suman Dash]

I have tried almost all sql escape but looks like none are working or 
maybe i am missing something. I am stuck in this issue for more than 3 
days and now i don't have any clue due to which i am trying to reach for 
help on the mailing list.


SELECT SUM(acctsessiontime) FROM tbl_acct where
username = '%{%k}' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}' AND attribute = 'Activation'), 
'%d %M %Y %H:%i:%s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check 
WHERE username = '%{%k}'

AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s'));

Doesn't Work

SELECT SUM(acctsessiontime) FROM tbl_acct where
username = '%{%k}' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}' AND attribute = 'Activation'), 
'%%d %%M %%Y %%H:%%i:%%s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check 
WHERE username = '%{%k}'

AND attribute = 'Expiration'), '%%d %%M %%Y %%H:%%i:%s'));

Doesn't Work

All i am looking forward is a link to the proper documentation or a 
small example on this issue. Any help in this regard will be much 
appreciated.


Best Regards
Suman Dash

On 3/15/2011 12:02 PM, Suman Dash wrote:

New Modified Query !

SELECT SUM(acctsessiontime) FROM tbl_acct where \
 username = '%{%k}' AND acctstarttime BETWEEN \
 (SELECT STR_TO_DATE((SELECT value FROM tbl_check \
 WHERE username = '%{%k}' AND attribute =
'Activation'), '%%d %%M %%Y %%H:%%i:%%s')) \
 AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}' \
 AND attribute = 'Expiration'), '%%d %%M %%Y %%H:%%i:%%s'));


DEBUG :


sqlcounter_expand:  'SELECT SUM(acctsessiontime) FROM tbl_acct where
  username = '%{User-Name}' AND acctstarttime BETWEEN
  (SELECT STR_TO_DATE((SELECT value FROM tbl_check
  WHERE username = '%{User-Name}' AND attribute = 'Activation'),
 '%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
  AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{User-Name}'
 AND attribute = 'Expiration'), '%1298917800d 
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter]expand: SELECT SUM(acctsessiontime) FROM tbl_acct where
  username = '%{User-Name}' AND acctstarttime BETWEEN
 (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check
 WHERE username = '%{User-Name}' AND attribute 
= 'Activation'),
 '%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
 AND (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE
username = '%{User-Name}'
 AND attribute = 'Expiration'), '%1298917800d 
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));
 ->  SELECT SUM(acctsessiontime) FROM tbl_acct 
where
 username = 'suman' AND acctstarttime BETWEEN
 (SELECT STR_TO_DATE((SELECT va

Re: SQL Counter Escape String !

[Suman Dash]

nthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter]expand: SELECT SUM(acctsessiontime) FROM tbl_acct where
 username = 'suman' AND acctstarttime BETWEEN
 (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check
 WHERE username = 'suman' AND attribute = 
'Activation'),
 '%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
 AND (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE
username = 'suman'
 AND attribute = 'Expiration'), '%1298917800d 
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));
 -> SELECT SUM(acctsessiontime) FROM tbl_acct 
where
 username = 'suman' AND acctstarttime BETWEEN
 (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check
 WHERE username = 'suman' AND attribute = 
'Activation'),
 '%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
 AND (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE
username = 'suman'
     AND
rlm_sql (sql): Reserving sql socket id: 2
[monthlycounter] row[0] returned NULL
rlm_sql (sql): Released sql socket id: 2
[monthlycounter]expand: %{sql:SELECT SUM(acctsessiontime) FROM
tbl_acct where
 username = 'suman' AND acctstarttime BETWEEN
 (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check
 WHERE username = 'suman' AND attribute = 
'Activation'),
 '%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
 AND (SELECT STR_TO_DATE((SELECT value FROM 
tbl_check WHERE
username = 'suman'
 AND attribute = 'Expiration'), '%1298917800d 
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));} ->
rlm_sqlcounter: No integer found in string ""
++[monthlycounter] returns noop




On Tue, Mar 15, 2011 at 11:41 AM, Alan DeKok  wrote:
> Suman Dash wrote:
>> Please anyone advice me the way to escape run-time variables in
>> freeradius. I am using STR_TO_DATE and freeradius run-time variable is
>> over-riding the mysql time variables
>
>  Yes... that's what it does.
>
>> I have tried escaping as per the thread
>> http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328
>
>    What's wrong with reading the documentation?
>
>> But no luck ..
>>
>> My Entire Counter is :
>
>  ... which doesn't follow the escaping rules of either the above
> message, or the documentation.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SQL Counter Escape String !

[Suman Dash]

Please anyone advice me the way to escape run-time variables in
freeradius. I am using STR_TO_DATE and freeradius run-time variable is
over-riding the mysql time variables

SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
2012-03-14 21:37:23 in MySQL

Whereas in freeradius

SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives

'14 0 2011 20:001122334455:_

14 = Current Date

0 = MTU

2011 = Current Year

001122334455 = Calling-Station-ID

_ = Speed

I have tried escaping as per the thread
http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328

But no luck ..

My Entire Counter is :

query = "SELECT SUM(acctsessiontime) FROM tbl_acct where \
   username = 'suman' AND acctstarttime BETWEEN \
   (SELECT STR_TO_DATE((SELECT value FROM tbl_check \
   WHERE username = 'suman' AND attribute =
'Activation'), '%d %M %Y %H:%i:%s')) \
   AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = 'suman' \
   AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s'))"

The Above Query Ends Up Showing 14 0 2011 23:001122334455:_


Any help in this matter will be highly appreciated !

Cheers !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

String Escape in SQL Counter !

[Suman Dash]

Please anyone advice me the way to escape run-time variables in
freeradius. I am using STR_TO_DATE and freeradius run-time variable is
over-riding the mysql time variables

SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
2012-03-14 21:37:23 in MySQL

Whereas in freeradius

SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives

'14 0 2011 20:001122334455:_

14 = Current Date

0 = MTU

2011 = Current Year

001122334455 = Calling-Station-ID

_ = Speed

I have tried escaping as per the thread
http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328

But no luck ..

My Entire Counter is :

query = "SELECT SUM(acctsessiontime) FROM tbl_acct where \
username = 'suman' AND acctstarttime BETWEEN \
(SELECT STR_TO_DATE((SELECT value FROM tbl_check \
WHERE username = 'suman' AND attribute =
'Activation'), '%d %M %Y %H:%i:%s')) \
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = 'suman' \
AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s'))"

The Above Query Ends Up Showing 14 0 2011 23:001122334455:_


Any help in this matter will be highly appreciated !

Cheers !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Concurrent Sessions per user

[Suman Dash]

Please anyone advice me the way to escap run-time variables in freeradius. I
am using STR_TO_DATE and freeradius run-time variable is over-riding the
mysql time variables

SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
2012-03-14 21:37:23 in MySQL

Whereas in freeradius

SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives

'14 0 2011 20:001122334455:_

14 = Current Date

0 = MTU

2011 = Current Year

001122334455 = Calling-Station-ID

_ = Speed

I have tried escaping as per the thread
http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328

But no luck ..

Thanks in advance !!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Concurrent Sessions per user

[Suman Dash]

Yes .. Simultaneous-Use Attribute

On Mon, Mar 14, 2011 at 10:38 PM, Moayad Mohammad  wrote:

> Dear,
>
> Is there is a way to control the concurrent sessions per user?
>
>
>
> Regards,
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Calling-Station-Id problem

[Suman Dash]

You need to check the Calling-Station-Id format sent by the NAS. Start
radius in debug more and send a auth request, the debug will show whether
your NAS sends Calling-Station-Id or not .

If it sends the Calling-Station-Id you can clearly see the format of the
same.

Best Regads
Suman Dash

On Sun, Mar 13, 2011 at 5:07 PM, ziko  wrote:

> Hello. I am using freeradius2 on my CentOS5.
> It's working great.
> But now I have one problem. I need to use wireless and pppoe together in my
> network.
> Users must login both in wireless and pppoe. wireless using MAC format
> 00-00-00-00-00 and pppoe 00:00:00:00:00
> How can i indicate calling-station-id for one user for both, wireless and
> pppoe?
>
> I tried both format together like this:
>
> user1  Calling-Station-Id == 00-00-00-00-00
> user1  Calling-Station-Id == 00:00:00:00:00
>
> but no success.
>
> I am using mikrotik and ubiquity products as NAS and ubiquity  as clients.
>
> Please help me.
>
> Sorry for my poor English.
> *Looking up "00-00-00-00"*... Please wait...
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Encountering error when using "radius -X"

[Suman Dash]

path issue.

create symlink to the particular files.

ln -s /usr/local/lib/* libfreeradius-radius-2.1.0.so /usr/lib

there may be some more missing files whose symlink you need to do .

Let me know if it works.


*
On Wed, Aug 18, 2010 at 5:53 PM, Fabien COMBERNOUS wrote:

> kartik dadwal wrote:
>
>> Hi,
>>
>> -freeradius version:   freeradius-2.1.0+dfsg (downloaded from
>> http://packages.ubuntu.com/source/karmic/freeradius)
>> -OS:  Ubuntu 9.10 (Karmic Koala)
>>
>
> I was unable to download but now i get a page that is not empty.
>
> But, if i check depends of my binary deb :
> *Depends: lsb-base (>= 3.0-6), libc6 (>= 2.7-1), libfreeradius2 (=
> 2.0.4+dfsg-6), libgdbm3, libltdl3 (>= 1.5.2-2), libpam0g (>= 0.99.7.1),
> libperl5.10 (>=
>5.10.0), libsnmp15 (>= 5.4.1~dfsg), libssl0.9.8 (>= 0.9.8f-5),
> python2.5 (>= 2.5), freeradius-common
>
> If you want to compile your own freeradius, it should be easier to use the
> .deb source. You'll get a .deb binary package and all the advantages of
> .deb.
>
> *
> --
> *Fabien COMBERNOUS*
> /unix system engineer/
> www.kezia.com 
> *Tel: +33 (0) 467 992 986*
> Kezia Group
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34

[Suman Dash]

No Worries .. I managed to get past the error. Actually, i was using a same
username that was in my /etc/shadow . I renamed the user and it worked.

Cheers

On Sun, Mar 14, 2010 at 7:04 PM, Alan Buxey  wrote:

> Hi,
> > Hi,
> >
> > I am unable to locally authenticate a user from users file. Below is the
> log :
>
> what does the entry in your users file look like?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34

[Suman Dash]

No, The Password is in Cleartext. How do i disable / Enable the CRYPT
password ?

On Sun, Mar 14, 2010 at 1:45 AM, YvesDM  wrote:

> On Sat, Mar 13, 2010 at 8:14 PM, Suman Dash  wrote:
>
> > +- entering group PAP {...}
> > [pap] login attempt with password "hello"
> > [pap] Using CRYPT encryption.
> > [pap] Passwords don't match
> > ++[pap] returns reject
>
> I don't think you used a crypt password in your users file
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34

[Suman Dash]

Hi,

I am unable to locally authenticate a user from users file. Below is the log
:

Server :

rad_recv: Access-Request packet from host 127.0.0.1 port 37881, id=29,
length=57
User-Name = "suman"
User-Password = "hello"
NAS-IP-Address = 20x.20x.20x.20x
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "suman", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] users: Matched entry suman at line 90
[files] expand: Hello, %{User-Name} -> Hello, suman
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "hello"
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> suman
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.10 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 29 to 127.0.0.1 port 37881
Reply-Message = "Hello, suman"
Waking up in 4.9 seconds.
Cleaning up request 2 ID 29 with timestamp +164
Ready to process requests.


Radtest

sudo radtest suman hello 127.0.0.1 0  testing123



Log


Sending Access-Request of id 203 to 127.0.0.1 port 1812
User-Name = "suman"
User-Password = "hello"
NAS-IP-Address = 204.232.205.196
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=203,
length=34
Reply-Message = "Hello, suman"


Please let me know what i am doing wrong as i am a complete starter.

Thanks and Regards
Suman Dash
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html