RE: duplicate sessions
I think you need to analyse more the accounting request because the MAC and IP address would be different. Check the attributes framedipaddress and calledstationid in Accountig request. Date: Sun, 28 Feb 2010 20:56:16 +0400 From: na...@ultel.net To: freeradius-users@lists.freeradius.org Subject: duplicate sessions Hello All! I have great problems with duplicate sessions! ~2500 online users, accounting per minute, 25 db socket limit for radius daemon. Nas port id, accstoptime, session id, inputoctets, outputoctets is same in duplicate sessions. But most duplicate sessions only have difference with acctstarttime (1 second difference) Any ideas? Thanks! _ ¿Aún sin la última versión de Internet Explorer 8? ¡Actualízate gratis! http://www.vivelive.com/internetexplorer8- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: framedipaddress
We worked with Meru as Access Point, but not as NAS. If you want to autrhenticate users, then it is not the correct device; use another one. Anyway I think there is other better devices in the market at he same cost. Date: Tue, 11 May 2010 17:16:31 +0200 From: al...@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: framedipaddress Paweł Pogorzelski wrote: Unfortunately Meru claims that the client IP address is not sent to the radius in any other attribute either. Buy a NAS that works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Diseñar aplicaciones tiene premio. ¡Si eres desarrollador no esperes más! http://www.imaginemobile.es- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: plpgsql freeradius authentication function
In which statement do you implement this query? Date: Sat, 16 Oct 2010 11:49:36 -0400 Subject: plpgsql freeradius authentication function From: kak...@gmail.com To: freeradius-users@lists.freeradius.org Hi I have a plpgsql function being called from freeradius to do authentication but i keep getting Access-Reject from radius although when i run the function without freeradius it works fine. Please find below the function and how i call it CREATE OR REPLACE FUNCTION try (your_name TEXT, tiger TEXT) RETURNS RECORD AS $$ DECLARE users_rec RECORD; BEGIN if tiger = '' then SELECT INTO users_rec * FROM aniradcheck WHERE username = your_name; else SELECT INTO users_rec * FROM radcheck WHERE username = your_name; end if; RETURN users_rec.username; END; $$ LANGUAGE plpgsql; SELECT id,username,attribute,op,value FROM try('714094','') as(id integer,username varchar,attribute varchar,op character,value varchar); Appreciate if you can help Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Redundant SQL
Hi Chester, I think for a good behaviour of SQL server, all of them have to be working in a normal startup of a freeradius service. Try to repair why your SQL server are down. You have to have a stable system. Regards, Santiago From: howmanynamesdoihaveto...@googlemail.com To: freeradius-users@lists.freeradius.org Subject: Redundant SQL Date: Mon, 18 Oct 2010 22:00:42 +0100 I’m trying to implement the redundant SQL feature into my freeradius setup. The one problem I am coming up against is when freeradius is starting, but not all the SQL servers are available. I have set up sql1 and sql2 as a single virtual module and would ideally like it to *try* to connect to all servers on start-up, but if an error occurs (can’t connect to one), then just bypass and continue. Assuming the total failure to is what is meant to happen, I can understand why, but in my case I’d rather have it connect to at least one database server than fail if it can’t connect to them all. Is this setup possible? Regards, Chester. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
Hi, I normally use MK for lots of things. The Mikrotik-Xmit-Limit attribute is recognize for MK as a limitation, so when the limit arrives, the MT cuts the user account. You can write a exec program to modify the Mikrotik-Xmit-Limit attribute or insert a trigger in the DB or use sqlcounter. You choose what solucion is easier for you. Santiago From: sh...@sme.net.au Date: Sat, 27 Nov 2010 20:44:24 +1000 Subject: Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons... To: freeradius-users@lists.freeradius.org Hi all, Doing some trials with freeradius 2.x with the intention of moving from 1.1.7 I have an odd problem with mikrotik nas. An account with download limit will not enforce the limit on the first logon but will on subsequent logons. On the first logon, no limit is imposed in mikrotik and the account can use unlimited traffic. If I log off then log on again, the limit is enforced... (I have checked in winbox and the limit bytes in column is not populated on first logon). It is taking me a while to get use to v2 of freeradius. Tks Setup details below: User account has attribute Mikrotik-Xmit-Limit := 10471200 in radcheck Do I need to have something in radreply as this is where the shaping is done? In: sql/mysql/counter.conf sqlcounter downloadbytecounter { counter-name = Mikrotik-Xmit-Limit check-name = Mikrotik-Xmit-Limit reply-name = Mikrotik-Xmit-Limit sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(acctoutputoctets) FROM radacct WHERE username='%{%k}' } In sites-available/default authorize { downloadbytecounter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Load-Balancing concept
People, I have several radius severs who have configurated the same databases. As you said radius service has a fail-over when they connect to DB and the first one fails. However, the main problem that I see in your configuration is the concurrency of database access. If you, at least, has two DB servers, both DB have to have the same data. So you have to solve the access concurrency firstly. Date: Fri, 4 Jan 2008 10:20:44 +0100 Subject: Re: Radius Load-Balancing concept From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Hi, load-balancing between the radius servers is not necessarily needed. I think the servers we're going to by will be capable to manage all dialin accounts. So the radius servers will be in fail over mode. If the first one is up, all requests will be handled by it. If it fails, the second one will take over. But will I get any trouble if both servers write their accounting data into the same database? Do I need to setup radrelay? Is the second radius server able to take over if radrelay isn't running? Regards Sebastian On Thu, January 3, 2008 22:54, liran tal wrote: Hey Duane, On Jan 3, 2008 4:31 PM, Duane Cox [EMAIL PROTECTED] wrote: I'm doing this with no problem. I have 2 freeradius servers both writing/reading the same dbmsIn a case where the entire transaction goes through one server it's ok, but if it gets split up through the two of them, then I'm not sure what will be the outcome. Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ MSN Video. http://video.msn.com/?mkt=es-es- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: alan's book, or anything new on the horizon
I have been following you since three years and I trust you, so I will buy your book. Date: Tue, 15 Jan 2008 17:03:52 +0100 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: alan's book, or anything new on the horizon Duane Cox wrote: I wonder if Alan ever released that book that he had talked about in 2006? Or did it become a collection of wiki pages? I'm up to 180 pages. There's more content than the O'Reilly book, by a long shot. However, I moved countries in 2007, and various factors meant I couldn't spend much time on the book. I've recently been doing 10 pages a week, so I hope to finish it eventually. Now that 2.0 is out, I'm hoping to feel less guilty about that, and more guilty about the book. Is anyone working on a second revision to Hassell's O'Reilly RADIUS? O'Reilly won't be issuing one. The books sales were high for the first few weeks, and dropped off quickly after that. Everyone figured out that it's pretty much content-free. i.e. one well known O'Reilly author described it to me as The worse book that O'Reilly has published. I've talked with them, too. They're not interested in a second edition, and they're not interested in a FreeRADIUS book. Any other publisher I've talked to projects small amounts of money in sales, so they're not interested either. So... I'm going to self-publish. I think there's enough money to make it worth my time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última Guapos y guapas, clips musicales y estrenos de cine. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 1.1.7 and rlm_sql_mysql duplicated query
The answer is not totally correct. Because a microcuts in the connectibity of hotspot cause that hotspot re-sends the acct request. In that case, you have to desactivate: - accounting_start_query_alt - accounting_stop_query_alt Maybe It can cause that some requests do not register, and it is a risk that you must accept. Date: Mon, 18 Feb 2008 01:36:54 + From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: 1.1.7 and rlm_sql_mysql duplicated query So when the user logs I have two queries inserting similar data with different sessions ids:47B7691A2F4300 and 47B7691A2F4301 I would really appreciate some guidance from this point on as I'm pretty much out of ideas. Your NAS is broken / misbehaving. It sends the Acct-Session-Id and it's sending two. Consult your NAS documentation for possible reasons (e.g. some Cisco NAS send accounting sessions for the PPP LCP and IPCP layers - this can be disabled) or open a bug with the vendor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ La vida de los famosos al desnudo en MSN Entretenimiento http://entretenimiento.es.msn.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[no subject]
Hi, I have two radius server since three years ago. They are my two production AAA servers and can authenticate until 300.000 accounts. So my RADIUS database (PostgreSQL) grew up enough and I realize that my SQL queries slow down. I know that I have four table with almost 500.000 registers each one. Any suggestion for improving the throughput and accelerating the queries? Thanks, Santiago _ La vida de los famosos al desnudo en MSN Entretenimiento http://entretenimiento.es.msn.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS database growing up
Hi, I have two radius server since three years ago. They are my two production AAA servers and can authenticate until 300.000 accounts. So my RADIUS database (PostgreSQL) grew up enough and I realize that my SQL queries slow down. I know that I have four table with almost 500.000 registers each one.Any suggestion for improving the throughput and accelerating the queries? Thanks, Santiago Sigue los principales acontecimientos deportivos en directo. MSN Motor _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Database performance (was Re: )
I usually execute VACUMM. But the time of the queries does not decrease. PostgreSQL 7.4 Date: Tue, 11 Mar 2008 10:39:47 + From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: Database performance (was Re: ) Hi,Any suggestion for improving the throughput and accelerating the queries?Index the tables.Increasing database performance is usually documented on the database web site. depending on version of PostGreSQL you may also need to 'vacuum' the database to clean up nodes etc - once again, check the database documentation site. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última Guapos y guapas, clips musicales y estrenos de cine. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Postgres SQL Alarm on duplicated record
HI, I supposed you have in radiusd.conf file this code: # Create a unique accounting session Id. Many NASes re-use or# repeat values for Acct-Session-Id, causing no end of# confusion.# # This module will add a (probably) unique session id# to an accounting packet based on the attributes listed# below found in the packet. See doc/rlm_acct_unique for# more information.# acct_unique {key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port} However, it is true that there is sometimes a duplicate key. This is because of in the original configuration of database schema, the primary key of radacct table is only radacctid. I modified the primary keys by (radacctid, acctuniqueid) CREATE TABLE radacct( radacctid bigserial NOT NULL, acctsessionid varchar(32) NOT NULL, acctuniqueid varchar(32) NOT NULL, username varchar(127), realm varchar(30), nasipaddress inet NOT NULL, nasportid varchar(32), nasporttype varchar(32), acctstarttime timestamptz, acctstoptime timestamptz, acctsessiontime int8, acctauthentic varchar(32), connectinfo_start varchar(32), connectinfo_stop varchar(32), acctinputoctets int8, acctoutputoctets int8, calledstationid varchar(50), callingstationid varchar(50), acctterminatecause varchar(32), servicetype varchar(32), framedprotocol varchar(32), framedipaddress inet, acctstartdelay int8, acctstopdelay int8, nasidentifier varchar(40), clientipaddress inet, CONSTRAINT radacct_pkey PRIMARY KEY (acctuniqueid, radacctid)) Date: Fri, 14 Mar 2008 03:38:52 -0700 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Postgres SQL Alarm on duplicated record Hello. Some times my NAS resend START record to RADIUS. The And I get the alarm messages like that , because the differences in this start record is only in Start time and radacct_acctuniqueid_key are always equal for such sessions. : Wed Mar 12 18:05:10 2008 : Error: rlm_sql (sql): Couldn't insert SQL accounting START record - ERROR: duplicate key violates unique constraint radacct_acctuniqueid_key But, in any case all such start records are put to database. How I cat stop put such duplicate records? -- View this message in context: http://www.nabble.com/Postgres-SQL-Alarm-on-duplicated-record-tp16046727p16046727.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ MSN Video. http://video.msn.com/?mkt=es-es- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS ports
Hi, Recently I have just configured another RADIUS server and I use /etc/services for radius service ports. I use auth port 1645 and acct port 1646. But, are these ports better than auth port 1812 and act port 1813 ? What ports are more standart ? Santiago _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Mikrotik as NAS with PPPoE - checkval
Yes, you needn't. What you need is to create a normal user account and add these attributes in radreply: Framed-Protocol = PPP, Framed-IP-Address = 10.0.0.x, Framed-IP-Netmask = 255.255.255.0, Be carefull because you have to modify the ppp profiles in the Mikrotik client in the option /ppp profiles. You have to set the remote address with the PPP gateway. See the next explample where my PPP gateway is 10.200.0.10 /ppp profile set default change-tcp-mss=yes comment= name=default only-one=default \remote-address=10.200.0.10 use-compression=default use-encryption=default \use-vj-compression=default you set the pptp/l2tp client with this profile when you insert the username/password. You needn't to add Dafault route. If you need mor help, ask for and I will send you my manual in Spanish. Sanitago To: freeradius-users@lists.freeradius.org Subject: Re: Mikrotik as NAS with PPPoE - checkval Date: Wed, 20 Aug 2008 11:26:05 +0100 From: [EMAIL PROTECTED] I want to bind a login with Calling-Station-Id but i've got problems... *I've had added the Calling-Station-Id to mysql radcheck table. *I've had turned on the rlm_checkval by adding it into authorize section *I've had set the notfound-reject variable to yes I get the following errors in debug: rlm_checkval: Item Name: Calling-Station-Id, Value: 00:11:22:33:44:55 rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs ++[checkval] returns notfound What is the problem? Why do you need checkval? User will be rejected if there is no Calling-Station-Id in the request anyway since you have that attribute in radcheck. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Nuevo Canal Messenger http://www.vivelive.com/ilovemessenger/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Double entries in Radacct - FreeRadius + MT
Yes, what Alan says is true, in part . I have undred of MT and in some locatios I have the same problem. But I arrive to one conclusion for this affair: the main problem is the lack of conectivity to the Radius server and NAS. From:Alan DeKok [EMAIL PROTECTED]Reply-To:FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo:[EMAIL PROTECTED], FreeRadius users mailing list freeradius-users@lists.freeradius.orgSubject:Re: Double entries in Radacct - FreeRadius + MTDate:Wed, 21 Mar 2007 11:19:51 +0100Matthew Neumark wrote: Hello, I have a MikroTik router that is passing accounting data to the freeradius database. I look in radacct and every entry is has duplicates with the exact same information. Does anyone know if this is the MikroTik causing this or freeradius? How do I fix this? The server logs what the NAS sends it. The queries *should* use Acct-Session-Id, or the unique session Id todiscard duplicates. Alan DeKok.-- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlÉxitos, grandes clásicos y novedades. Un millón de canciones en MSN Music. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
realms in my Postgres DB
Hi people, I have several roaming agreements and usually add a new entry in proxy.conf file when I sign a new one. I realize that I my DB about radius appears the realms table. Do you know it this table is useful? Can I put my realm from proxy.conf file to realm table? Thanks, SantiagoBusca a la vez en Internet, en directorios, en enciclopedias... Atrévete con el nuevo MSN Search - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RE : FreeRadius + Freetds + unixodbc
so by starting radiusd -X i have this error:rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linkedrlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radiusrlm_sql (sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Server is unavailable or does not exist. rlm_sql_unixodbc: Connection failed rlm_sql (sql): Failed to connect DB handle #0rlm_sql (sql): starting 1rlm_sql (sql): starting 2rlm_sql (sql): starting 3rlm_sql (sql): starting 4rlm_sql (sql): Failed to connect to any SQL server As you can figure out you have an connection error to your MS SQL DB. It is not a specificaly radius problem, it is only a misconfiurate db connection. First of all, try to connect with the db with the isql progam. Previously there is an aricle in this list about this: http://lists.cistron.nl/pipermail/freeradius-users/2005-October/047463.html Busca a la vez en Internet, en directorios, en enciclopedias... Atrévete con el nuevo MSN Search - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy.conf regex
DEFAULT User-Name =~ "(([a-zA-Z]+\.)*foo.com", Proxy-To-Realm := "foo.com" Will cause the following to be proxied to "foo.com": [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ... How can I integrate this entryof user file in a DB? Must I put this entries in radcheck table or in radreply table?Encuentra una aventura, un romance o al amor de tu vida. Date de alta gratis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Multiple shared secrets?
I think there is no problem. I have in my nas table (or clients.conf): 80.45.78.12/32 and 80.45.78.0/24 with diferent secret and I do not have any conflict. From:Mark J Elkins [EMAIL PROTECTED]Reply-To:FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo:FreeRadius users mailing list freeradius-users@lists.freeradius.orgSubject:Multiple shared secrets?Date:Mon, 11 Jun 2007 18:41:19 +0200Can one have multiple shared secrets for the same client(NAS) ?ie - in clients.conf - something like...client192.168.10.20{ secret= secret1 secret= secret2 shortname = mynas nastype = other}...so that if the first secret does not work - the second secret is tried?(or how else could I solve the problem)I'm merging two Radius Servers - and authenticating packets from myIncumberant Telcom Provider - who is using proxies (a handful) from(hundreds of) multiple NAS's...from different services (Dialup - isone system, aDSL is another system).I currently have two different shared secrets - and these seem to bebleeding together...I'm looking for a stop-gap until I can get the right people to do theright thing.-- .. ___. .__Posix Systems - Sth Africa/| /| / /__ [EMAIL PROTECTED]-Mark J Elkins, SCO ACE, Cisco CCIE/ |/ |ARK \_/ /__ LKINSTel: +27 12 807 0590Cell: +27 82 601 0496-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlEncuentra una aventura, un romance o al amor de tu vida. Date de alta gratis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with NULL realm..
But, can Freeradius 2.x.x read a realm table instead of proxy.conf file? I guess FreeRadius 2.xx will make things easier? Éxitos, grandes clásicos y novedades. Un millón de canciones en MSN Music. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting exec when Acct-Status-Type == Stop
hello all, i have added the following lines in acct_users file DEFAULT Acct-Status-Type == Start Exec-Program-Wait = "/usr/local/start.sh" DEFULT Acct-Status-Type == Stop Exec-Program-Wait = "/usr/lcal/stop.sh" started radius in debug mode and i haven't seen Exec-Program-Wait executing those scripts. It works fine, however, I want to execute different script depending on the user group. Iread froma DB for passing my radius attributes. I pass attribute Exec-Program-Wait and each username executes its one scriptwell. However, how can I say to the freeradius that it does the same when a username does a Acct-Status-Type == stop using my DB instead of acct_users file? Thanks! Ofertas y reservas para viajar por todo el mundo. Organiza y contrata tus viajes aquí. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting exec when Acct-Status-Type == Stop
Nobody understood my question. I want to know how to custom a specific account with an specific sh exec. One different for each group of accounts. And I want to do using my database. From: Santiago Balaguer García[EMAIL PROTECTED]Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo: freeradius-users@lists.freeradius.orgSubject: accounting exec when Acct-Status-Type == StopDate: Tue, 10 Jul 2007 10:58:22 + hello all,i have added the following lines in acct_users fileDEFAULT Acct-Status-Type == StartExec-Program-Wait = "/usr/local/start.sh"DEFAULT Acct-Status-Type == Stop Exec-Program-Wait = "/usr/local/stop.sh"started radius in debug mode and i haven't seen Exec-Program-Wait executing those scripts. It works fine, however, I want to execute different script depending on the user group. Iread froma DB for passing my radius attributes. I pass attribute Exec-Program-Wait and each username executes its one scriptwell. However, how can I say to the freeradius that it does the same when a username does a Acct-Status-Type == stop using my DB instead of acct_users file? Thanks! Ofertas y reservas para viajar por todo el mundo. Organiza y contrata tus viajes aquí. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Excursiones y escapadas a sitios mágicos. No te lo pierdas en MSN Entretenimiento - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS attributes: acctoutputoctects and acctinputoctect in mikrotik
Hi, Iam working with freeradius and mirkrotik routers since two years. However, I have never realized that the radius attributes acctoutputoctects and acctinputoctects are intechanged in mikrotik. Does anyone know ths mikrotik bug? SantiagoÉxitos, grandes clásicos y novedades. Un millón de canciones en MSN Music. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS attributes: acctoutputoctects and acctinputoctect inmikrotik
However, I work with a Nomadix 2000 and Nomadix 2100, and I did the same 10 MB download. So I did a test downloading the last MT firmware version: 2.9.44 (10.4 MB):Nomadix [Acct-Input-Octets]: 12533328Nomadix [Acct-Output-Octets]: 271598Mikrotik[Acct-Input-Octets]: 248630Mikrotik[Acct-Output-Octets]: 11441495 Are you sure that it works fine? From:[EMAIL PROTECTED]Reply-To:FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo:"FreeRadius users mailing list" freeradius-users@lists.freeradius.orgSubject:Re: RADIUS attributes: acctoutputoctects and acctinputoctect inmikrotikDate:Tue, 24 Jul 2007 20:16:10 +0100I have RouterOSv2.9 and input is input and output is output.Ivan KalikKalik Informatika ISPDana 24/7/2007, "Santiago Balaguer García" [EMAIL PROTECTED]pi¹e: Hi, I am workingwith freeradiusand mirkrotik routers since two years. However, I have never realized that the radius attributes acctoutputoctects and acctinputoctects are intechanged in mikrotik. Does anyone know ths mikrotik bug? SantiagoÉxitos, grandes clásicos y novedades.Un millón de canciones en MSN Music. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlRecibe ofertas de empleo adaptadas a tu perfil. Introduce tu CV en MSN Empleo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[2]: Adding a NAS via SQL
I have one question to this, you suposed that RADIUS and DataBase services are in the same machine, what happens if these services are in severa or there are replicate servers? My advice is to create a database trigger on INSERTs, UPDATEs,DELETEs.For example, my postgresql trigger written in plperlu:CREATE OR REPLACE FUNCTION restart_radiusd() RETURNS TRIGGER AS $rr_rad$ system("/usr/bin/sudo /usr/bin/killall -HUP radiusd"); return;$rr_rad$ LANGUAGE plperlu;DROP TRIGGER IF EXISTS need_to_restart_radiusd ON nas_table;CREATE TRIGGER need_to_restart_radiusd AFTER INSERT OR UPDATE OR DELETE ON nas_tableFOR EACH STATEMENT EXECUTE PROCEDURE restart_radiusd();/etc/sudoers:postgresqluserALL=(radiususer) NOPASSWD: /usr/bin/killall -HUP radiusdThis way, you will restart freeradius only when needed.You said that your backend is mysql, you will probably be able to comeup with the mysql version, but your main issue is not that.SIGHUP must work.Coches nuevos, coches de ocasión, coches de Km 0 Si piensas en cambiar de coche, MSN Motor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: healthcheck?
Use: Auth-Type := reject From:Kevin J [EMAIL PROTECTED]Reply-To:FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo:freeradius-users@lists.freeradius.orgSubject:healthcheck?Date:Thu, 16 Aug 2007 09:40:56 -0700 (PDT) We want to reject slb health checks immediately. What is the best way to do that? tried to add "healthcheck Auth := Reject" but it still go through all authorization/authentication modules. Is there anyway that we can immediately reject it so we can make it lighter?Thanks in advance.Kevin Be a better Globetrotter. Get better travel answers from someone who knows.Yahoo! Answers - Check it out. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ofertas y reservas para viajar por todo el mundo. Organiza y contrata tus viajes aquí. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: access only particular website through RADIUS
Yes, it forbit the access to some site it is easy if you have the correct NAS. You need for instance a mikrotik device where in the walled garden you can allow some site but you can ban others. ;) From:"Parham Beheshti" [EMAIL PROTECTED]Reply-To:FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo:"FreeRadius users mailing list" freeradius-users@lists.freeradius.orgSubject:RE: access only particular website through RADIUSDate:Mon, 27 Aug 2007 13:12:38 +0330Hello,We do this kind of stuff for our users.When our users run out of credit, instead of rejecting them, we return adifferent ip-pool to the user(ex: 10.10.X.X) From that ip-pool, users can only access our ticketing system, paymentgateways and such.(ex: from 10.10.X.X users can access few ip addresses)After making payment, they reconnect and get a normal ip address whichthey have full access to everything.CheersParhamCoches nuevos, coches de ocasión, coches de Km 0 Si piensas en cambiar de coche, MSN Motor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS and iODBC
What is the question? Perfectly You can use a MS SQL server using iodbc. From:"Josh Howlett" [EMAIL PROTECTED]Reply-To:FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo:"FreeRadius users mailing list" freeradius-users@lists.freeradius.orgCC:Josh Howlett [EMAIL PROTECTED]Subject:FreeRADIUS and iODBCDate:Wed, 19 Sep 2007 20:24:01 +0100You must use a DSN of 'radius' in odbc.ini when using the iodbc SQLmodule. You can't use any other name. I have this working against MSSQL.josh.JANET(UK) is a trading name of The JNT Association, a company limitedby guarantee which is registered in England under No. 2881024and whose Registered Office is at Lumen House, Library Avenue,Harwell Science and Innovation Campus, Didcot, Oxon OX11 0SG-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlRecibe ofertas de empleo adaptadas a tu perfil. Introduce tu CV en MSN Empleo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accept or deny users depending on the realm
Hi, I use freeradius for a long time and now we are authenticating users of roaming partners. I normally allow all the users of a domain. For example: trustive/johndoeor teo/maria and I use mydomain realm. realm trustive { type= radiusauthhost = 88.66.99.22:1812 accthost = 88.66.99.22:1813secret = secretTrustive} realm teo {type= radiusauthhost = 55.66.9.34:1812 accthost = 55.66.9.34:1813secret = secretTeo} However, I do not want that a Teo user validates in Trustive through me. An example of username is /trustive/mydomain/teo/maria. I want to detect the Teo user maria and block this kind of autentication in Trustive network. How can I implement this behiavior in freeradius ? Santiago _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dynamic Realm
Is there any way to put all domains in a table and when freeradius start up, it read this table and recognizes them? I do not understand the realm table in radius DB. Any suggestion? From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; freeradius-users@lists.freeradius.org Subject: Re: Dynamic Realm Date: Tue, 27 Nov 2007 14:11:40 +0100 Hi, I don't really want to create a custom module for it, as I like to keep this kind of thing config based and not modular. Any Ideas? at least in the users file, Proxy-To-Realm := realmname as a reply item works. No idea if it will also do in SQL radcheck, but it's worth a try. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dynamic Realm
Thanks for the aclaration about realms. It is my repeated question. Now I am waiting to freeradius 2.0 and try it. By the way, I usually write in plain text. It was a browser bug. From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: Dynamic Realm Date: Wed, 28 Nov 2007 13:26:27 +0100 Is there any way to put all domains in a table and when freeradius start up, it read this table and recognizes them? I do not understand the realm table in radius DB. Any suggestion? I have multiple suggestions: 1) Write with a mailer that doesn't fuck up formatting in non-HTML. Your mail was only barely readable in plain-text. 2) Don't hijack other people's threads with an only mildly related subject. 3) forget about the realm table in SQL. AFAIK, it's not used in 1.1.x. realms go into proxy.conf. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.:+352 424409-1 http://www.restena.lu Fax: +352 422473 _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Distributed Data Base
I have to replicate my RADIUS databases, one in my central office and the another in another city. I prepare my RADIUS server to support that. As it is usual I have a MySQL database. Do you know if MySQL can fucntion as Distributed DataBase ? Santiago _ Acepta el reto MSN Premium: Correos más divertidos con fotos y textos increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_correosmasdivertidos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Execute a script at the end of a session
Hi, I am using RADIUS for more than 9 months and for each client a initial script is executed since the radreply table in MySQL has a field: * id *UserName * Attribute * OP * Value * * 25859 * aaaj100 * Idle-Timeout * := * 300 * * 25858 * aaaj100 * Session-Timeout * := * 3600 * * 25857 * aaaj100 * Exec-Program-Wait * = * /home/blackbox/todo.sh %u %n * * If the attribite name of start session is Exec-Program-Wait, I want to know the attibute name of the end of session and if I must put in radreply table. Thanks, Santiago _ Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. http://astrocentro.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute Name of end of session
Hi, I am using Radius for more than 9 months. I am using the attribute Exec-Program-Wait in radreply as initial script. Is there another attibute to add in radreply to specify the path of a script of end of session? _ Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor Amistad. http://match.msn.es/match/mt.cfm?pg=channeltcid=162349 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Execute a script at the end of a session
Could you explain me what attribute I must add? As accounting section, do you refer to proxy.conf file? From: [EMAIL PROTECTED] (Paul Hampson) Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Execute a script at the end of a session Date: Fri, 10 Dec 2004 21:02:19 +1100 On Fri, Dec 10, 2004 at 09:23:12AM +, Santiago Balaguer García wrote: Hi, I am using RADIUS for more than 9 months and for each client a initial script is executed since the radreply table in MySQL has a field: * id *UserName * Attribute * OP * Value * * 25859 * aaaj100 * Idle-Timeout * := * 300 * * 25858 * aaaj100 * Session-Timeout * := * 3600 * * 25857 * aaaj100 * Exec-Program-Wait * = * /home/blackbox/todo.sh %u %n * * If the attribite name of start session is Exec-Program-Wait, I want to know the attibute name of the end of session and if I must put in radreply table. For an end of session script (eg. Accounting Stop) you want to use rlm_exec with the Packet-Type set to Stop (off the top of my head) in your accounting section of the FreeRADIUS configuration. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Moda para esta temporada. Ponte al día de todas las tendencias. http://www.msn.es/Mujer/moda/default.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Execute a script at the end of a session
I read acct_users and others files, but what I want to do is to add some register in the MySQL DB and can execute a different script to each user. This is my idea but I don't know if it is possible. On Fri, Dec 10, 2004 at 09:23:12AM +, Santiago Balaguer García wrote: Hi, I am using RADIUS for more than 9 months and for each client a initial script is executed since the radreply table in MySQL has a field: * id *UserName * Attribute * OP * Value * * 25859 * aaaj100 * Idle-Timeout * := * 300 * * 25858 * aaaj100 * Session-Timeout * := * 3600 * * 25857 * aaaj100 * Exec-Program-Wait * = * /home/blackbox/todo.sh %u %n * * If the attribite name of start session is Exec-Program-Wait, I want to know the attibute name of the end of session and if I must put in radreply table. For an end of session script (eg. Accounting Stop) you want to use rlm_exec with the Packet-Type set to Stop (off the top of my head) in your accounting section of the FreeRADIUS configuration. _ Moda para esta temporada. Ponte al día de todas las tendencias. http://www.msn.es/Mujer/moda/default.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Execute a script at the end of a session
The action you proposed is create a new attribute, for instance, Exec-Program-End, and insert in the radreply table. For example, if I have this entries in this table: +-+--+---++--+ | id | UserName | Attribute | op | Value| +-+--+---++--+ | 168 | 11101| Exec-Program-Wait | = | /home/blackbox/start_script.sh %u %n | | 169 | 11101| Session-Timeout | := | | | 170 | 11101| Idle-Timeout | := | 300 | The information for this user would be: +-+--+---++--+ | id | UserName | Attribute | op | Value| +-+--+---++--+ | 168 | 11101| Exec-Program-Wait | = | /home/blackbox/start_script.sh %u %n | | 169 | 11101| Session-Timeout | := | | | 170 | 11101| Idle-Timeout | := | 300 | | 171 | 11101| Exec-Program-End | = | /home/blackbox/finish_script.sh %u %n | I locate the accounting section, but I unknown what I must modify. So I attach my radius.conf. Subject: Re: Execute a script at the end of a session Date: Sat, 11 Dec 2004 15:26:18 +1100 On Fri, Dec 10, 2004 at 04:38:05PM +, Santiago Balaguer García wrote: I read acct_users and others files, but what I want to do is to add some register in the MySQL DB and can execute a different script to each user. Create yourself a new attribute, with the name of the script, create a new instance of the exec module and call it in the accounting stanza of radius.conf. Of course, if the script name is the same as the user name or some other attribute, you don't need to add a new one. ^_^ Find the exec echo instance in radius.conf for an example. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Descarga gratis la Barra de Herramientas de MSN http://www.msn.es/usuario/busqueda/barra?XAPID=2031DI=1055SU=http%3A//www.hotmail.comHL=LINKTAG1OPENINGTEXT_MSNBH ## ## radiusd.conf -- FreeRADIUS server configuration file. ## ## http://www.freeradius.org/ ## $Id: radiusd.conf.in,v 1.148 2003/06/24 12:54:05 3APA3A Exp $ ## # The location of other config files and # logfiles are declared in this file # # Also general configuration for modules can be done # in this file, it is exported through the API to # modules that ask for it. # # The configuration variables defined here are of the form ${foo} # They are local to this file, and do not change from request to # request. # # The per-request variables are of the form %{Attribute-Name}, and # are taken from the values of the attribute in the incoming # request. See 'doc/variables.txt' for more information. prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct # Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd # # The logging messages for the server are appended to the # tail of this file. # log_file = ${logdir}/radius.log # # libdir: Where to find the rlm_* modules. # # This should be automatically set at configuration time. # # If the server builds and installs, but fails at execution time # with an 'undefined symbol' error, then you can use the libdir # directive to work around the problem. # # The cause is usually that a library has been installed on your # system in a place where the dynamic linker CANNOT find it. When # executing as root (or another user), your personal environment MAY # be set up to allow the dynamic linker to find the library. When # executing as a daemon, FreeRADIUS MAY NOT have the same # personalized configuration. # # To work around the problem, find out which library contains that symbol, # and add the directory containing that library to the end of 'libdir', # with a colon separating the directory names. NO spaces are allowed. # # e.g. libdir = /usr/local/lib:/opt/package/lib # # You can also try setting the LD_LIBRARY_PATH environment variable # in a script which starts the server. # # If that does not work, then you can re-configure and re-build the # server to NOT use shared libraries, via: # # ./configure --disable-shared # make # make install # libdir = ${exec_prefix}/lib:/usr/local/lib:/usr/lib/mysql libdir = /usr/lib/mysql # pidfile: Where to place the PID of the RADIUS server. # # The server may be signalled while it's running by using
Re: Exec-Program
You should have something like this in radiusd.conf: files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } And you also should have something like this in radiusd.conf: preacct { preprocess acct_unique # Read the 'acct_users' file files } Then the acct-users file will be processed and your scripts should be executed. I have this in the acct-users file and that works for me: DEFAULT Acct-Status-Type == Start Exec-Program = /opt/radhome/bin/acct.pl DEFAULT Acct-Status-Type == Alive Exec-Program = /opt/radhome/bin/acct.pl DEFAULT Acct-Status-Type == Stop Exec-Program = /opt/radhome/bin/acct.pl Is there any way to put this information about the program to execute in (start, alive, Stop) status in the MySQL DB? _ ¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en MSN Motor. http://motor.msn.es/researchcentre/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Primary key in radacct table
Hi, I am using a freeradius 1.1.7 + postgres since 3 years ago. The AAA service works fine, however my radacct table has sonetimes duplicate registers. I realize that it happens when a NAS does not have a realiable Internet conection, so NAS send the accounting packets several times. My radacct table has 'radacctid' as primary key. I realize that two (or more) duplicate registers share 'acctsessionid' and 'acctuniqueid' fields amog others. I know 'acctsessionid' field can be the same in diferent NASes. Would be a good idea change the primery key by 'acctuniqueid' ? Santiago _ Llega la nueva temporada. Consulta las nuevas tendencias en MSN Estilo http://estilo.es.msn.com/moda/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Primary key in radacct table
I have a script to delete duplicate entries and stale session. But the duplicate accounting records were created in real time, I have to create a trigger in the database to detect these entries or activate a exec in accounting module. Is the 'acctuniqueid' attribute unique in all database in a default freeradius configuration? Date: Mon, 6 Oct 2008 17:53:32 +0200From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Re: Primary key in radacct table You can do it and it will solve your problem but it can create small overhead because radius tries to write into database and it will be rejected. you will see this in your log files.Another idea is to change NAS or you can create cron script to delete duplicated entries. MT On Mon, Oct 6, 2008 at 5:35 PM, Santiago Balaguer García [EMAIL PROTECTED] wrote: Hi,I am using a freeradius 1.1.7 + postgres since 3 years ago. The AAA service works fine, however my radacct table has sonetimes duplicate registers. I realize that it happens when a NAS does not have a realiable Internet conection, so NAS send the accounting packets several times. My radacct table has 'radacctid' as primary key. I realize that two (or more) duplicate registers share 'acctsessionid' and 'acctuniqueid' fields amog others.I know 'acctsessionid' field can be the same in diferent NASes.Would be a good idea change the primery key by 'acctuniqueid' ? Santiago La cartera, las gafas. ¿te falta algo? Ahora llévate Messenger en tu móvil-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ ¿Sigue el calor? Consulta MSN El tiempo http://eltiempo.es.msn.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Primary key in radacct table
I work with Mtik too, and I have the same problem with duplicate sessions. I am going to try Alex's solution. Thanks!!! Date: Wed, 8 Oct 2008 10:46:43 +0100 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: Primary key in radacct table I use an index on acctuniqueid along with acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id } It works fine for me. Thanks, Alex 2008/10/7 Marinko Tarlac [EMAIL PROTECTED]: acctuniqueid is not unique in default configuration. according to my experience, problem with duplicated session is very strange. My NAS (Mtik 2.9.x and Mtik 3.x) sends duplicated session ids but almost in the same time. For example one session is started now and the second one is transfered 1 second later. On Tue, Oct 7, 2008 at 8:54 AM, Santiago Balaguer García [EMAIL PROTECTED] wrote: I have a script to delete duplicate entries and stale session. But the duplicate accounting records were created in real time, I have to create a trigger in the database to detect these entries or activate a exec in accounting module. Is the 'acctuniqueid' attribute unique in all database in a default freeradius configuration? Date: Mon, 6 Oct 2008 17:53:32 +0200 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: Primary key in radacct tableYou can do it and it will solve your problem but it can create small overhead because radius tries to write into database and it will be rejected. you will see this in your log files. Another idea is to change NAS or you can create cron script to delete duplicated entries. MT On Mon, Oct 6, 2008 at 5:35 PM, Santiago Balaguer García [EMAIL PROTECTED] wrote: Hi, I am using a freeradius 1.1.7 + postgres since 3 years ago. The AAA service works fine, however my radacct table has sonetimes duplicate registers. I realize that it happens when a NAS does not have a realiable Internet conection, so NAS send the accounting packets several times. My radacct table has 'radacctid' as primary key. I realize that two (or more) duplicate registers share 'acctsessionid' and 'acctuniqueid' fields amog others. I know 'acctsessionid' field can be the same in diferent NASes. Would be a good idea change the primery key by 'acctuniqueid' ? Santiago La cartera, las gafas. ¿te falta algo? Ahora llévate Messenger en tu móvil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ahora llévate lo mejor de MSN y Windows Live, en tu móvil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Llega la nueva temporada. Consulta las nuevas tendencias en MSN Estilo http://estilo.es.msn.com/moda/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
xDSL with dynamic addressing
Hi, I am using freeradius since four years and I used PPTP/L2TP tunnel for autenticating users against my RADIUS servers with one of my NAS has a dynamic IP (xDSL). However, I can not rely on these connections and the connectivity sometimes fall down and the tunnel, too. I have some reasons for not to use dyndns or this kind of services. I decided to autenticate my NAS using only the shared key: client 0.0.0.0/0 { secret = same_secret_for_eveyone shortname = my_network } I recognize a problem with DoS attack to my DB. I can not autenticate the client IP because I have xDSL with dynamic IP. Do you know some other solucion instead of autenticating the public IP in the authorize step? Thanks, Santiago _ ¿Sigue el calor? Consulta MSN El tiempo http://eltiempo.es.msn.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting bug in Mikrotik
Hi, I am working with freeradius and mikrotik gateway for a long time, but recently I detect in my PostgreSQL database, in radacct table some inconsistencies. First af all, I say that I have the standard configuration file (postgres.sql) for accounting queries. My problem is sometimes the field acctstoptime is full when the user is connected. I can see the user in my hotspot as alive session. What is my problem? the issue is all interim update queries are rejected because the SQL update query does not find the folloing SQL WHERE: AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND FramedIPAddress= '%{Framed-IP-Address}' AND AcctStopTime IS NULL because AcctStopTime = 'date' When this field is fill in? Another thing is when the acctsopttime is not null, too the acctterminatecause = '' (it is a blank, instad of a NULL value) . Thanks. _ Descarga el nuevo Messenger, más divertido que nunca. http://download.live.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting bug in Mikrotik
It is what I thought: Accounting Stop packet should be the only thing that inserts dates. Thanks. To: freeradius-users@lists.freeradius.org Subject: Re: accounting bug in Mikrotik Date: Thu, 11 Dec 2008 10:59:26 +0100 From: [EMAIL PROTECTED] I am working with freeradius and mikrotik gateway for a long time, but recently I detect in my PostgreSQL database, in radacct table some inconsistencies. First af all, I say that I have the standard configuration file (postgres.sql) for accounting queries. My problem is sometimes the field acctstoptime is full when the user is connected. I can see the user in my hotspot as alive session. What is my problem? the issue is all interim update queries are rejected because the SQL update query does not find the folloing SQL WHERE: AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND FramedIPAddress= '%{Framed-IP-Address}' AND AcctStopTime IS NULL because AcctStopTime = 'date' If you are using default configuration you should have detail file logs as well. That log is created for each NAS daily by default (NAS IP/detail-date). Check the detail file to see if accounting Stop packet was received while the session was still alive. Accounting Stop packet should be the only thing that inserts dates there. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Descarga el nuevo Messenger, más divertido que nunca. http://download.live.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Repeated accopunting packets
Hi, In a normal revision of detail file of radius logs I see: - Wed Dec 10 18:27:04 2008Acct-Status-Type = AliveNAS-Port-Type = Wireless-802.11Calling-Station-Id = 00:15:AF:09:5E:B5 Called-Station-Id = hs-AKIWIFINAS-Port-Id = br-AKIWIFI User-Name = aadu0052NAS-Port = 2149582184Acct-Session-Id = 80200568Framed-IP-Address = 10.5.50.88Mikrotik-Attr-10 = 0x0a053258Location-ID = isocc=es,cc=34,ac=12004,network=AKIWIFI Location-Name = AKIWIFI,RteCarcellerEvent-Timestamp = Dec 10 2008 18:27:03 CETAcct-Input-Octets = 112613Acct-Output-Octets = 1037627Acct-Input-Gigawords = 0Acct-Output-Gigawords = 0 Acct-Input-Packets = 1034Acct-Output-Packets = 1135 Acct-Session-Time = 1200NAS-Identifier = ESCS0020-HOTCAB001:RteCarcellerNAS-IP-Address = 192.168.10.2 Acct-Delay-Time = 0Client-IP-Address = 195.53.203.127 Acct-Unique-Session-Id = c3398d8d08896bc2Timestamp = 1228930024 Wed Dec 10 18:27:07 2008Acct-Status-Type = AliveNAS-Port-Type = Wireless-802.11Calling-Station-Id = 00:15:AF:09:5E:B5 Called-Station-Id = hs-AKIWIFINAS-Port-Id = br-AKIWIFI User-Name = aadu0052NAS-Port = 2149582184Acct-Session-Id = 80200568Framed-IP-Address = 10.5.50.88Mikrotik-Attr-10 = 0x0a053258Location-ID = isocc=es,cc=34,ac=12004,network=AKIWIFI Location-Name = AKIWIFI,RteCarcellerEvent-Timestamp = Dec 10 2008 18:27:03 CETAcct-Input-Octets = 112613Acct-Output-Octets = 1037627Acct-Input-Gigawords = 0Acct-Output-Gigawords = 0 Acct-Input-Packets = 1034Acct-Output-Packets = 1135 Acct-Session-Time = 1200 NAS-Identifier = ESCS0020-HOTCAB001:RteCarceller NAS-IP-Address = 192.168.10.2Acct-Delay-Time = 3 Client-IP-Address = 195.53.203.127Acct-Unique-Session-Id = c3398d8d08896bc2Timestamp = 1228930027 Wed Dec 10 18:27:10 2008Acct-Status-Type = AliveNAS-Port-Type = Wireless-802.11Calling-Station-Id = 00:15:AF:09:5E:B5 Called-Station-Id = hs-AKIWIFINAS-Port-Id = br-AKIWIFI User-Name = aadu0052NAS-Port = 2149582184Acct-Session-Id = 80200568Framed-IP-Address = 10.5.50.88Mikrotik-Attr-10 = 0x0a053258Location-ID = isocc=es,cc=34,ac=12004,network=AKIWIFI Location-Name = AKIWIFI,RteCarcellerEvent-Timestamp = Dec 10 2008 18:27:03 CETAcct-Input-Octets = 112613Acct-Output-Octets = 1037627Acct-Input-Gigawords = 0Acct-Output-Gigawords = 0 Acct-Input-Packets = 1034Acct-Output-Packets = 1135 Acct-Session-Time = 1200NAS-Identifier = ESCS0020-HOTCAB001:RteCarcellerNAS-IP-Address = 192.168.10.2 Acct-Delay-Time = 6Client-IP-Address = 195.53.203.127 Acct-Unique-Session-Id = c3398d8d08896bc2Timestamp = 1228930030 --- Is it means that the NAS does not receive the answer from radius server? Yes, the NAS timeout = 3 seg during three times. _ Comparte hasta 500 fotos en un solo email con Windows Live http://download.live.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Best Config
If you have these figures, yours database has to be GOOD DB server and a GOOD machine. To: freeradius-users@lists.freeradius.org Subject: Re: Best Config Date: Sat, 24 Jan 2009 11:08:53 +0100 From: t...@kalik.net From experience, what would be the best server configuration for 200,000 users with 75,000 concurrent users throttling 50,000 connections per second (with 1 NAS Client) in terms of: Your network usage numbers look very wrong. 200,000 users are highly unlikely to use 75,000 concurrent connections and 75,000 connections are most unlikely to produce 50,000 requests per second - that would mean average session time of less than 5 seconds!!! 200,000 users with peak contention ratio of 10:1 and average session time of 10 minutes will produce about 100 requests per second at peak times. A single database might struggle with this peak rate. You should consider using something like buffered-sql virtual server: that will keep authentication working at max pace, while accounting might lag a few seconds at peak times but it will catch up when demand drops. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Descubre cómo compartir tus fotos con Windows Live. ¡Pruébalo ya! http://home.live.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Custom error messages
Hi, I use freeradius 1.1.7 for autenticate users to provide Internet connectivity. I have groups of usernames who has access from anywhere. However, I have others groups which only has access from one NAS (promotional codes). I know how to block these accounts from my Postgres Database: table radgroupcheck promotion NAS-IP-Address !~ 1.2.3.(4|5) I reject the request from the NAS wich IP 1.2.3.4 or 1.2.3.5. My question is: Can I send the error message: You are not allow from this site? If it is so, how? Thanks, Santiago _ Llévate Messenger en tu móvil allá donde vayas ¿A qué esperas? http://serviciosmoviles.es.msn.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Implementing 'Invalid before' feature
Good morning, I am working with FR some years ago, and I have implemented a prepaid card system. I want to get an account which are not valid until some date. I am looking for some freeradius attribute which means 'account invalid until 15th march 2009'. I do not know if I have to use freeradius attributes (Expiration, Session-Terminate-Time or some other attribute) with special operator. Can someone help me to find out this freeradius feature? Thanks. _ Chatea sin límites en Messenger con la tarifa plana de Orange http://serviciosmoviles.es.msn.com/messenger/orange.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: stop old open session and star new..
You have to implement some (perl, PHP, shell) code to remove the 'stale session' from your database. Date: Fri, 6 Mar 2009 20:33:05 -0300 From: alexan...@ondainternet.com.br To: freeradius-users@lists.freeradius.org Subject: stop old open session and star new.. Hello, How i can solve this problem: sometimes, some users connections stay locked on radius.. and with, Simutaneous-Use resulting = 1 ... Fri Mar 6 20:29:11 2009 : Auth: Multiple logins (max 1) [MPP attempt]: [alines] (from client Orbit port 256018 cli xxx) Fri Mar 6 20:29:11 2009 : Auth: Multiple logins (max 1) [MPP attempt]: [alines] (from client Orbit port 256018 cli xxx) Fri Mar 6 20:29:12 2009 : Auth: Multiple logins (max 1) [MPP attempt]: [cacildof] (from client Orbit port 256019 cli ) Fri Mar 6 20:29:12 2009 : Auth: Multiple logins (max 1) [MPP attempt]: [cacildof] (from client Orbit port 256019 cli ) Fri Mar 6 20:29:17 2009 : Auth: Multiple logins (max 1) [MPP attempt]: [arnaldo] (from client Orbit port 256021 cli xxx) Fri Mar 6 20:29:17 2009 : Auth: Multiple logins (max 1) [MPP attempt]: [arnaldo] (from client Orbit port 256021 cli ) Fri Mar 6 20:29:17 2009 : Auth: Multiple logins (max 1) [MPP attempt]: [vanessam] (from client Orbit port 256020 cli xxx) how to disconnect previous session and create a new ? -- Sds. Alexandre Jeronimo Correa Onda Internet www.onda.net.br Linux User ID #142329 UNOTEL S/A - http://www.unotel.com.br - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ ¿Quieres ver los mejores videos de MSN? Enciende Messenger TV http://messengertv.msn.com/mkt/es-es/default.htm- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Correct operator in radcheck
Hi, I am several years working woth freeradius, bit recently I surgeg me a question: I do not want that johndoe account never connect from NASES with Client IP: * 195.56.53.23 * 96.53.26.59 * 56.15.86.35 * 56.15.86.36 I know I have to use the attribute Client-IP-Address, so radckech will content: usernameattribute op value johndoe Cleartext-Password := mypassword johndoe Client-IP-Address?? 195.56.53.23 johndoe Client-IP-Address?? 96.53.26.59 johndoe Client-IP-Address?? 56.15.86.35 johndoe Client-IP-Address?? 56.15.86.36 What is the correct op that I have to write? Thank you!! _ Descubre todas las formas en que puedes estar en contacto con amigos y familiares. http://www.microsoft.com/windows/windowslive/default.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Expiration vs WISPr-Session-Terminate-Time
Hi, Today I did some test with radreply.WISPr-Session-Terminate-Time and radcheck.Expiration. It is supposed both attributes do the same, but Expiration is from AAA server side, meanwhile Session-Terminate-Time is from NAS side. However, there is a difference if you want to to set a username with Session-Timeout (johndoe, Session-Timeout, :=, 3600) since the NAS rewrite the Session-Timeout according to the Date in Session-Terminate-Time. This behaviour does not happen with Expiration attribute. Do you confirm this? _ ¿Quieres ver los mejores videos de MSN? Enciende Messenger TV http://messengertv.msn.com/mkt/es-es/default.htm- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing
Postgres does supposedly have a version in beta for full master-master replication, but every time we've tried to get it running it's crashed on us as soon as we tried to actually write any data. Postgres in general seemed much slower than MySQL for reading the data we needed as well. I use a PostgreSQL DB form my three AAA server and the DB is enough quick for serveral request per second. However, I am looking for a (free) master-master DB, and the replication in postgres crashes. And the problem in MySQL it was told before. I admit suggestions for a BETTER free DB. _ ¿Quieres crear tus propios emoticonos gratis? Descubre cómo hacerlo en el Club Oficial de Messenger http://vivelive.com/ilovemessenger/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: failover and load balancing POSTGRESQL
Yes, man. We know the PostgreSQL solution does not work. ORACLE is expensive. MySQL is one master and serveral slaves. Do you know another master-master database management system which is cheap? Santiago Ok. That is true. In that case you are talking about loosing money if the database is offline. But that is not an application issue, therefore you will need a real database cluster. And I am not talking about oracle RAC :-) I would prefer to have some fallback solution to write data to a flat file if the database is offline (which should be a question of minutes or an hour) and import it later on. Or try to find out, how much performance sqltrace option in freeradius will cost. BR Uwe -- kiste lat: 54.322684, lon: 10.13586 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Más rápido, sencillo y seguro. Descárgate ya el nuevo Internet Explorer 8 ¡Es gratis! http://www.vivelive.com/ie8 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
username with sereral passwords. Which op value?
Hi, I want the 'san0001' user has two passwords. There is in my radcheck table: Username | Attribute | op | value san0001 Password ?? santi1 san0001 Password ?? santi2 Which op value have to use (=, :=, +=, ==) ? Thanks, Santiago _ ¿Quieres crear tus propios emoticonos gratis? Descubre cómo hacerlo en el Club Oficial de Messenger http://vivelive.com/ilovemessenger/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dynamic clients and NAS-Identifier
I'm sure that I'm not the only one that have NAS's behind dynamic IPs, and this would make radius traffic from such NAS's much more secure. OK, if you have Dynamic public IP you have two options: 1) use a DNS to identify the dynamic IP of your hotspot. It means that your DSL router or hotspot has capability to update its public IP every x minutes. You can use dyndns.org service. DSL routers normally have this feature. 2) Install a VPN tunnel like PPPTP/L2TP/OVPN... and route all the autentication request for this range. For instance, you have your radius server with IP 10.200.0.11 and your NASes with 10.200.0.x range. All the auth request are sent by the tunnel, so all ones are valid. I tried both methods with good results. However second option is better because you have another way to access to your hotspots since you know which is hotspot IP (tunnel IP (10.200.0.x)). Santiago _ ¡Quítate unos clics! Ahora, Internet Explorer 8 tiene todo lo que te gusta de Windows Live ¡Consíguelo gratis! http://ie8.msn.com/microsoft/internet-explorer-8/es-es/ie8.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stop alive requests in a dead realm
Hi, I am using freeradius 2.1.3 for my AAA servers. I have a little problem when a third-patner RADIUS is dead. My problem is my freeradius send the following status packect every 2-5 seconds. Sending Access-Request of id 77 to 200.160.126.23 port 1812 User-Name := User-Password := Service-Type := Authenticate-Only Message-Authenticator := 0x NAS-Identifier := Status Check. Are you alive? Waking up in 1.0 seconds. Cleaning up request 3 ID 151 with timestamp +723 Waking up in 2.9 seconds. I want to avoid this test because my partner tell me that I send too many trafic ('operator' is the realm name). proxy.conf file -- proxy server { default_fallback = yes } home_server localhost { type = auth ipaddr = 127.0.0.1 port = 1812 secret = testing123 require_message_authenticator = no response_window = 20 zombie_period = 40 revive_interval = 120 status_check = none check_interval = 30 num_answers_to_alive = 3 } home_server virtual.example.com { virtual_server = virtual.example.com } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { type= radius authhost= LOCAL accthost= LOCAL } realm operator { type= radius authhost= 200.160.126.23 :1812 accthost= 200.160.126.23 :1813 secret = my_secret strip } _ ¿Quieres ver los mejores videos de MSN? Enciende Messenger TV http://messengertv.msn.com/mkt/es-es/default.htm- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How use tagged atrributes?
1) The name os the rewrite name is wrong: try with add_service_volume 2) Do you have in your dictionary the 'ERX-Service-Volume:1' attribute. Unlass try only with 'ERX-Service-Volume' To: freeradius-users@lists.freeradius.org Subject: How use tagged atrributes? From: r.fila...@ttk.ru Date: Thu, 4 Jun 2009 15:39:12 +0400 Hello! This construction don't work # radiusd -X FreeRADIUS Version 2.1.6, for host x86_64-unknown-linux-gnu, built on Jun 2 2009 at 23:23:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf . attr_rewrite add.service-volume { attribute = ERX-Service-Volume:1 searchfor = searchin = packet replacewith = 1000 append = no ignore_case = yes new_attribute = no max_matches = 1 } rlm_attr_rewrite: No such attribute ERX-Service-Volume:1 /usr/local/etc/raddb/modules/attr_rewrite[48]: Instantiation failed for module add.service-volume /usr/local/etc/raddb/sites-enabled/default[482]: Failed to find module add.service-volume. /usr/local/etc/raddb/sites-enabled/default[480]: Errors parsing pre-proxy section. Errors initializing modules May be trouble in my /dev/hands? Best Regards Filatov Ruslan _ Chatea sin límites en Messenger con la tarifa plana de Orange http://serviciosmoviles.es.msn.com/messenger/orange.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failover fails in proxy.conf
Hi, I am using in my AAA servers the freeradius 2.1.3 version. I am configuring the failover for the myrealm.com in proxy.conf. For myrealm.com realm I have two AAA servers: 1.2.3.4 and 1.2.3.5 home_server primary_server { type = auth+acct ipaddr = 1.2.3.4 port = 1812 secret = mysecret require_message_authenticator = no response_window = 5 zombie_period = 60 revive_interval = 5 status_check = status-server check_interval = 60 num_answers_to_alive = 3 } home_server secondary_server { type = auth+acct ipaddr = 1.2.3.5 port = 1812 secret = mysecret require_message_authenticator = no response_window = 5 zombie_period = 60 revive_interval = 5 status_check = status-server check_interval = 60 num_answers_to_alive = 3 } home_server_pool roam_pool { type = fail-over home_server = primary_server home_server = secondary_server } realm myrealm.com { nostrip pool= roam_pool } # With the primary server everything works fine, but my problem is when I force to switch to fallover server (I switch off IP 1.2.3.4 machine) my freeradius server does not change to request 1.2.3.5 server. I try the fowoling configuration: 3 home_server primary_server { ... } home_server secondary_server { ... } home_server_pool roam_pool { type = fail-over home_server = primary_server } realm myrealm.com { nostrip pool= roam_pool } home_server_pool roam_pool2 { type = fail-over home_server = secondary_server } realm myrealm.com { nostrip pool= roam_pool2 } 3 With the same result -- does not work. Any suggestion? _ Nuevo Windows Live, un mundo lleno de posibilidades. Descúbrelo. http://www.microsoft.com/windows/windowslive/default.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Failover fails in proxy.conf
With the primary server everything works fine, but my problem is when I force to switch to fallover server (I switch off IP 1.2.3.4 machine) my freeradius server does not change to request 1.2.3.5 server. How hard have you tried? It does not mark home server as dead on the first packet that doesn't get answered. Have a look at proxy.conf and dead and zombie times. Sincerely I do not know how to mark a home server as 'dead'. The only way is response_window = 5 ('dead' after five seconds, I think). See my new proxy.conf ### home_server primary_server { type = auth+acct ipaddr = 1.2.3.4 port = 1812 secret = mysecret require_message_authenticator = no response_window = 5 zombie_period = 30 revive_interval = 900 status_check = status-server check_interval = 60 num_answers_to_alive = 3 } home_server secondary_server { type = auth+acct ipaddr = 1.2.3.5 port = 1812 secret = mysecret require_message_authenticator = no response_window = 5 zombie_period = 30 revive_interval = 900 status_check = status-server check_interval = 60 num_answers_to_alive = 3 } home_server_pool roam_pool { type = fail-over home_server = primary_server home_server = secondary_server } realm myrealm.com { nostrip pool= roam_pool } _ Chatea sin límites en Messenger con la tarifa plana de Orange http://serviciosmoviles.es.msn.com/messenger/orange.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Simutaneus Check Query in FR2?
Hi, Currently my Simultaneous-Use attribute is not working and I have few questions regarding this. Following are my setup: OS: CentOS 5.3 freeradius2-2.1.6 MySQL 5.0.45 PERL 5.8.8 === I am consulting the FAQ checklist. Some are not applicable to me since I am doing everything from SQL. 1) FAQ says uncheck the Simutaneus check query in sql.conf but I couldn't find that in in my sql.conf. Where is this in FR2? You are looking for in the wrong directory. In FR2 the SQL queries are in sql/mysql/dialup.conf. In this file you will find the simulaneus-use queries. 2) in /etc/raddb/sites-enable/default I noticed that radutmp is uncommented by default in session and accounting section. I tried disabling this but no effect on simultaneous use. Do I need to turn on radutmp for something else (like for radwho? (What I mean is does any other part the freeradius use this feature for session and accounting purpose? Is it necessary to turn on this feature if I am using SQL for my session and accounting?) This service is check using SQL queries in radacct table. Think that all checks are in the Database and not in files. 3) I am trying to use radwho and it is giving me the error == radwho: Error reading /var/log/radius/sradutmp: No such file or directory. == It is looking for sradutmp instead of radutmp which is not there. I guess probably it has its historical reasons. May be I can solve this my renaming the radutmp to sradutmp but I am not sure if I want to do that. 4) What are the other things I need to look for to solve this problem? Some suggestions greatly appreciated Thanks -- == Registered Linux User #460714 Currently Using Fedora 10, CentOS 5.3 == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Internet Explorer 8 más sencillo y seguro ¡Descárgatelo gratis! http://events.es.msn.com/noticias/internet-explorer-8/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Simutaneus Check Query in FR2?
Date: Tue, 4 Aug 2009 14:42:55 +0800 Subject: Re: Simutaneus Check Query in FR2? From: d88...@gmail.com To: freeradius-users@lists.freeradius.org You are looking for in the wrong directory. In FR2 the SQL queries are in sql/mysql/dialup.conf. In this file you will find the simulaneus-use queries. Thanks for the quick reply. This solved the problem. What about the radutmp thing? Do I need to leave it uncommented or disable it in default file since I am using SQL? I think you do not understand why you use radutmp. If you use a DB system, then you needn't use a flat file for save the session log. Look at radacct table. _ Entérate de todas las noticias al instante ¡Suscríbete al servicio de Alertas MSN! http://especiales.es.msn.com/noticias/msninforma.aspx- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS ? What is the best option
Hi, I am using MikroTik and I am vry satisfied. However, it is not a easy device to configura and understand all its different configurations. I do not understand why you have to ue POD packets. If you do correctly the configurations and you have you want to offer your users, I think you needn't it. Think twice what you want to offer! The best device are Cisco ones, but you have to prepare a good quantity of money. Not 200-300€ which a mikrotik cost. Sincerely, Santiago Date: Tue, 13 Oct 2009 01:29:40 +0200 From: mangi...@gmail.com To: freeradius-users@lists.freeradius.org Subject: NAS ? What is the best option I know that this list is not connected with any hardware vendor but I see that every couple days someone cries here NAS problems... I use Mikrotik and I'm not satisfied (duplicated packets, does not support POD correctly , etc) Also, yesterday I see that Cisco can be pain in the a*** too :) So, dear friends... What is the best solution for ISP (PPPoE)? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ ¿Estás fuera de temporada? Entra ya en Nueva Temporada y entérate antes que nadie de sobre famosos, moda, belleza y el look que se lleva este otoño. http://events.es.msn.com/entretenimiento/nueva-temporada/vuelta-al-cole/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:
You need additional attributes if you use vendor attributes. Special attributes are related to the NAS you use. The migration from MySQL to PostgreSQL is easy since there is th postgresql DB schema in the instalacion sources (find some file with sql extension). The use of a DHCP server depends on the service configuration you have. In PPP connections (PPPoE, PPTP, L2TP) the AAA service can asign a IP to the user device. Date: Mon, 19 Oct 2009 17:08:11 + From: inacioal...@yahoo.de Subject: RE: To: freeradius-users@lists.freeradius.org Thanks Ivan Kalik, Now my server is authenticating the users (Linux and Windows). First. How I reply to my email go in the thread. I need set some attribute? Second. The next step is migrate my users to MySQL or PostgreSQL database. So I need alter the file sites-available/default to include the line sql and remove the lines unix and files. Is this? I think that the http://wiki.freeradius.org/SQL_HOWTO has a how-to out-of-date because I don't find the schema to the table usergroup. Third. I set the Framed-IP-Address := 192.168.2.253, Framed-IP-Netmask = 255.255.255.0 to my user, but I don't receive this IP on my machine. I disable the DHCP on my AP and continue not receive this configuration. I need install a DHCP server on my server and close MACxIP to send this configurations to my machine? No more, thanks again. Inácio Alves http://www.polluxweb.com/inacioalves/site _ Infórmate, mantente en contacto y encuéntralo todo, a la vez. Con la nueva Toolbar de MSN nunca has tenido tantas ventajas en tan poco espacio. http://toolbar.es.msn.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radacct and db handles
The problem is 'Reply-Msg' attribute is not recognized by the radius server becasuse it is a specific vendor attribute. Try to find the specific dictionary. From: adem...@netwizard.com.br To: t...@kalik.net; freeradius-users@lists.freeradius.org Subject: RE: radacct and db handles Date: Fri, 23 Oct 2009 12:34:05 -0200 Hi Ivan, I run Server with radiusd -X log and could'n found the same error in log. The only sql fail I found is a Msg reply field: [sql] expand: SELECT id, username, attribute, value, op FROM radrepl y WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE usern ame = 'alexandre' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE use rname = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'alexandre' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op F ROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM radgro upcheck WHERE groupname = 'SUSPENSO' ORDER BY id rlm_sql: Failed to create the pair: Invalid octet string Conta Suspensa. Entre em contato com o setor financeiro. for attribute name Reply-Msg rlm_sql (sql): Error getting data from database [sql] Error retrieving check pairs for group SUSPENSO [sql] Error processing groups; rejecting user rlm_sql (sql): Released sql socket id: 2 ++[sql] returns fail -Original Message- From: Ivan Kalik [mailto:t...@kalik.net] Sent: quinta-feira, 22 de outubro de 2009 21:22 To: adem...@netwizard.com.br; FreeRadius users mailing list Subject: Re: radacct and db handles I'm installed freeradius with daloradius in a FC11 box, everything new. After some corrections everything is working, but in radius.log I receive constantly the error message below: Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 I checked my radius db and radacct table and there are many indexed and nothing I could found is the problem. It only append when I enable radius accounting in SQL. Run server in debug mode and see which queries are failing. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Infórmate, mantente en contacto y encuéntralo todo, a la vez. Con la nueva Toolbar de MSN nunca has tenido tantas ventajas en tan poco espacio. http://toolbar.es.msn.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate SQL queries
Hi, It is a long time since I work with FR and hotspots. I am using a Postgres database, but I want to move to a ORACLE database. To keep the consistency and the service I want to run simultaneously both databases, so the INSERTs and UPDATEs have to be done in Postgres and ORACLE databases. Which file do I have to modify and what I have to add in the config file? Thank you! Santiago _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting
1. Can freeradius log accounting info in a local file, meaning not to use a sql database? If yes, how to enable that and where the log files will be (configurable?) You needn't use a database if you do ot want. Depend on the level of the detail you want there is the var/log/freeradius directory where you can find log files. You can find the exact directory in radiusd.conf. 2. I loaded freeradius 2.13.fc9.i386. rpm -qa shows that freeradius-mysql-2.1.3-1.fc9.i386 is installed. However, which mysql: shows this command is not available. Do I need to download mysql and install it or does this version of freeradius install mysql automatically? You needn't. In the file radiusd.conf you can see the file you need. _ Date una vuelta por Sietes y conoce el pueblo de los expertos en Windows 7 http://www.sietesunpueblodeexpertos.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is it possible to authenticate RADIUS users just on Username with no password?
Yes, It is possible and I use it for authenticating routers and IP phones. These devices don't respond a login request with login/passwd. a solution is, if your NAT supports it, put as login = device MAC address and as PASSWORD = nothing. Obviusly, your have to declare this user=MAC in radcheck, radreply, radgroupcheck tables as a normal user. Hi All, I am using radius for my personal wireless ISP venture. I got some pre-paid cards used for long distance voice calls and I want to use them for occasional wi-fi users. Though radius needs a username/pwd pair for authentication they have only PIN printed on them. Can I use these PINs as RADIUS username? Each PIN is 16 digits long. In short how can I make password un-necessary for RADIUS authentication? Thanks, Sagar _ ¿Cuánto vale tu auto? Tips para mantener tu carro. ¡De todo en MSN Latino Autos! http://latino.msn.com/autos/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Security in the network traffic
Hi people, I am still using freeradius 0.9.3 in a server with devian distribution for more than one year. However I have a doubt: Can I use acctSessionId AcctUniqueId attributes in order to crypt the traffic to achieve a safer communications ? If it is so, How do you implement in the system? Thanks, SantiagoDescubre la descarga digital segura. Medio millón de canciones en MSN Music. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-SIM HOWTO
I have the same problem although my RADIUS server is running for two years. I don't know how authenticate the SIM cards?? From: "Giorgos Kostopoulos" [EMAIL PROTECTED] Reply-To: freeradius-users@lists.freeradius.org To: freeradius-users@lists.freeradius.org Subject: EAP-SIM HOWTO Date: Wed, 13 Apr 2005 15:42:28 +0300 Hi all, Does enybody knows if there is an EAP-SIM HOWTO available? Thank you Giorgos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Descubre la descarga digital segura. Medio millón de canciones en MSN Music. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Database Replication
Hi people, I am using freeradius 1.0.3 for lot od months and in the previous version it had been working so well. Nowadays I am changes my systems: servers. And I using instead of MySQL, Postgres. Everythings work OK. My both Postgres servers have database replicacion working well. My question is for safety: Must I put Radius replication too? What I means in radius.conf, have I to create a new Postgres configuration entry sql2 in the file? Is there any configuration for when my DB server 1fall down, Radius server writes in the DB server 2? Encuentra una aventura, un romance o al amor de tu vida. Date de alta gratis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proble with an Accounting query
Hi people, I am using freeradius with mysql support for two years. I installed the last version of freeradius 1.0.4 and a Postgres DB. My Radius server authorize well, however it can not account. When I debug with radius -X in the inictial mesages appear this query: INSERT into radacct ??(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctAuthentic, ??ConnectInfo_start, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) ??values('8060014b', 'cf3ead15f9af8ca7', '22107', '', '192.168.0.51', ??'2153775435', 'Cable', (now() - '0'::interval), '', '', ??'hs-eth1', '00:08:02:D2:72:0F', '', '', ??NULLIF('10.5.0.16', '')::inet, '0')' In postgres.conf file I only modifyhost, user and passwd. So, why do double question mark appear???Acepta el reto MSN Premium: Envía hasta 500 megas diarios de fotos desde Hotmail. Descárgalo y pruébalo 2 meses gratis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgres problem
I am migrating mu MySQL DB to Postgres. My authentication ios OK, but the accounting query insertion fails with the following error: rlm_sql_postgresql: Status: PGRES_FATAL_ERRORrlm_sql_postgresql: affected rows =rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWNrlm_sql (sql): failed after re-connectrlm_sql (sql): Couldn't insert SQL accounting START record - ERROR: relation "radacct_radacctid_seq" does not exist I create all tables in the database RADIUS. Could you help me someone?Qué hacer en tu ciudad por la tarde y por la noche. No te lo pierdas en MSN Entretenimiento Content-Type: text/html; charset=iso-8859-1; format=flowed Hi people, I am using freeradius with mysql support for two years. I installed the last version of freeradius 1.0.4 and a Postgres DB. My Radius server authorize well, however it can not account. When I debug with radius -X in the inictial mesages appear this query: INSERT into radacct ??(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctAuthentic, ??ConnectInfo_start, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) ??values('8060014b', 'cf3ead15f9af8ca7', '22107', '', '192.168.0.51', ??'2153775435', 'Cable', (now() - '0'::interval), '', '', ??'hs-eth1', '00:08:02:D2:72:0F', '', '', ??NULLIF('10.5.0.16', '')::inet, '0')' In postgres.conf file I only modifyhost, user and passwd. So, why do double question mark appear???Acepta el reto MSN Premium: Envía hasta 500 megas diarios de fotos desde Hotmail. Descárgalo y pruébalo 2 meses gratis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Ading NAS to MySQL DB
I am very keen on knowing how I can replace my clients.conf file by a SQL query. From: "Alex M" [EMAIL PROTECTED]Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.orgTo: "'FreeRadius users mailing list'" freeradius-users@lists.freeradius.orgSubject: Ading NAS to MySQL DBDate: Tue, 25 Oct 2005 00:58:49 -0400 Hi, Im keeping playing around with mysql manipulation, and im having trouble to force radius to obtain list of authorized clients (NASes) from SQL DB, I assume I have to enter NAS info in NAS table (im using suggested schema that was created automatically by script that came with distribution) but I not really sure what data should go where and if it is right table for clients info? Please help! -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Qué hacer en tu ciudad por la tarde y por la noche. No te lo pierdas en MSN Entretenimiento - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DNS non reachable
Hi people, I noticed a possible error in freeradius 1.0.5 running in a Debian Server. Iuse clients.conf file to list my NAS clients.What happens if one DNS entry in clients.conf is not reachable by the RADIUS server? My experience is when you re-launch the radiusd process, this process can not continue if youdon'terase this wrong entry.Busca a la vez en Internet, en directorios, en enciclopedias... Atrévete con el nuevo MSN Search - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS table
Hi people, I am using freeradius as authentication service for two years. I use freeradius 1.0.4 in a Debian servers. My quiestion is I use clients.conf file for mu nas clients, however I read in the freeradius doc that this file can be supported in an database ( it is very useful for me because I have an administration web for control my radius accounts). I detect that I put 'readclients=yes ' in my postgres.conf file perhaps it works, but it is not works. So, What do I have to write in order to have all nas information in my database? Thanks, SantiagoÉxitos, grandes clásicos y novedades. Un millón de canciones en MSN Music. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
realms in DB
Hi people, I am using freeradius-1.0.4 for more than two years in a Debian machine. I have all my user configurations in a Postgres DB. Now I migrate the clients.conf to DB successfully. For that porpouse I write at the end of my clients.conf: # Set to 'yes' to read radius clients from the database ('nas' table) readclients = yes I want to do the same with realm.conf file, but I don't know what line I must write in postgresql.conf file for reading realms table in my DB. Any suggestion??Recibe ofertas de empleo adaptadas a tu perfil. Introduce tu CV en MSN Empleo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realms in DB
Hi people, I am using freeradius-1.0.4 for more than two years in a Debian machine. I have all my user configurations in a Postgres DB. Now I migrate the clients.conf to DB successfully. For that porpouse I write at the end of my sql.conf: # Set to 'yes' to read radius clients from the database ('nas' table). readclients=yes I want to do the same with realm.conf file, but I don't know what line I must write in postgresql.conf file for reading realms table in my DB. Any suggestion?? _ Acepta el reto MSN Premium: Protección para tus hijos en internet. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccioninfantil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS
Hi people, When I configure eap.conf file and re-launch ./radiusd -X appears: * rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = /usr/local/etc/raddb/certs/demoCA/ tls: pem_file_type = yes tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: certificate_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: CA_file = /usr/local/etc/raddb/certs/demoCA/cacert.pem tls: private_key_password = whatever tls: dh_file = /usr/local/etc/raddb/certs/dh tls: random_file = /usr/local/etc/raddb/certs/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = yes tls: check_cert_cn = %{User-Name} rlm_eap: Loaded and initialized type tls Segmentation default --ERROR --- *** Is it necessary to recompile freeradius source to active EAP-TTLS? Anyway, I read all doc/ about this topic. I am very lucky if someone recomends me links to get more information about these protocol. _ Descubre la descarga digital con MSN Music. Más de un millón de canciones. http://music.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Realms in DB
I do roaming with third companies, so instead of add all the realms in the file proxy.conf file, I would prefer to have them in realm table in my postgres DB. It is easier to handle. Otherwise, what is the use of realms and realmgroup tables?? I can also see a dictionary table commented out in the database shema, are there any plans for dictionary in SQL support? No. I don't see why it would be necessary, or how it would help. Alan DeKok. _ Acepta el reto MSN Premium: Correos más divertidos con fotos y textos increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_correosmasdivertidos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting
Hi, I do proxy RADIUS correctly. so a radius account can be connected by different NAS'es. Each NAS is owned by a Hotspot Operator. I have different costs of roaming service depending on the Hotspot Operator. How can I controll the NAS of a hotspot Operator (not is valid the nasipaddress) ? How can I include the 'WISPr Operator' or 'WISPr Location' attribute in my Request? An I supposed that these attributes are not supported by radacct table. Is it true?? _ Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. http://astrocentro.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy RADIUS problem
Hi people, I have a LINUX machine with freeradius 1.1.10. I do proxy RADIUS correctly with one remote server, but if I add in my proxy.conf file a redundant one because the primary RADIUS fails, it doesn't work correctly. I want to do roaming with two remote RADIUS servers to the domain1 since my RADIUS. However, I get only do roaming with the first one, because withe the first fails, my RADIUS doesn't ask to the second remote RADIUS server. Could you tell me where is the configuration bug? I attached my proxy.conf file: *** proxy server { synchronous = no retry_delay = 5 retry_count = 3 dead_time = 120 default_fallback = yes post_proxy_authorize = yes } realm domain1 { type= radius authhost = 123.123.123.123:11812 accthost = 123.123.123.123:11813 secret = secret nostrip } realm domain1 { type= radius authhost= 123.123.123.124:11812 accthost= 123.123.123.124:11813 secret = secret nostrip } _ Descarga gratis la Barra de Herramientas de MSN http://www.msn.es/usuario/busqueda/barra?XAPID=2031DI=1055SU=http%3A//www.hotmail.comHL=LINKTAG1OPENINGTEXT_MSNBH - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxy RADIUS problem
My problem with the configuration above described is my RADIUS proxy doesn't active fallover. It means the first entry falis, freeradius doesn't verify the following entry of domain1. I test putting the label: ldflag = fail_over in the description os a realm entry. Whay can I do??? Hi people, I have a LINUX machine with freeradius 1.1.10. I do proxy RADIUS correctly with one remote server, but if I add in my proxy.conf file a redundant one because the primary RADIUS fails, it doesn't work correctly. I want to do roaming with two remote RADIUS servers to the domain1 since my RADIUS. However, I get only do roaming with the first one, because withe the first fails, my RADIUS doesn't ask to the second remote RADIUS server. Could you tell me where is the configuration bug? I attached my proxy.conf file: *** proxy server { synchronous = no retry_delay = 5 retry_count = 3 dead_time = 120 default_fallback = yes post_proxy_authorize = yes } realm domain1 { type= radius authhost = 123.123.123.123:11812 accthost = 123.123.123.123:11813 secret = secret ldflag = fail_over nostrip } realm domain1 { type= radius authhost= 123.123.123.124:11812 accthost= 123.123.123.124:11813 secret = secret ldflag = fail_over nostrip } _ ¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en MSN Motor. http://motor.msn.es/researchcentre/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Allowed and forbitten users in a NAS.
I have a freeradius 1.1.0 and a DB with all my users. I have two kinds of users: * users who can connect to all hotspots * user who can only connect to one or some hotspots. Actually I can use a script in Exec-Program-Wait property to differenciate, but I don't seem a very clean method. However, I don't know another method for diferenciating users. Any idea??? _ Moda para esta temporada. Ponte al día de todas las tendencias. http://www.msn.es/Mujer/moda/default.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Several passwords for a user
Hi, I use freeradius-1.1.0. Where is any problem an account has two or more entries in radcheck table??? I use : 11:22:33:44:55:66 :='' 11:22:33:44:55:66 :=mypassword I change the op := instead of ==. Is there any problem??? _ Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. http://astrocentro.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Several passwords for a user
The answer why I have several password for a same radius account is easy. I have two or more hotspot models (Nomadix, Mikrotik, Gemtek...) and I want to active successfully MAC authentication method of these kind od devices. While one hotspot accept blank password (see some previous entries in this foro), others can not eat blanks and these hotspots need no blank password such as 'mypasswordMAC'. Do you understand now??? *** From: Seferovic Edvin [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED],FreeRadius users mailing listfreeradius-users@lists.freeradius.org To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Subject: RE: Several passwords for a user Date: Thu, 11 May 2006 16:24:04 +0200 Hello, besides the comment of Alan D. I think you should have a damn good reason for entering more than one password for ONE user. Are you trying to make your system THAT complicated? Or are your users just stupid to remeber ( or even write down ) a given password? Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Alan DeKok Sent: Donnerstag, 11. Mai 2006 15:46 To: FreeRadius users mailing list Subject: Re: Several passwords for a user =?iso-8859-1?B?U2FudGlhZ28gQmFsYWd1ZXIgR2FyY+1h?= [EMAIL PROTECTED] wrote: I use freeradius-1.1.0. Where is any problem an account has two or more entries in radcheck table??? I use : 11:22:33:44:55:66 :='' 11:22:33:44:55:66 :=mypassword WHat are you trying to do? Those entries don't match anything in the FreeRADIUS documentation, and will *not* do anything useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Acepta el reto MSN Premium: Protección para tus hijos en internet. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccioninfantil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Several passwords for a user
I made a mistake!! the correct 'op' attribute is '+=' instead of '==' or ':=' * [EMAIL PROTECTED] wrote: I use freeradius-1.1.0. Where is any problem an account has two or more entries in radcheck table??? I use : 11:22:33:44:55:66 :='' 11:22:33:44:55:66 :=mypassword WHat are you trying to do? Those entries don't match anything in the FreeRADIUS documentation, and will *not* do anything useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Acepta el reto MSN Premium: Correos más divertidos con fotos y textos increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_correosmasdivertidos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Forbidden allowed NASes
Hi people, I use freeradius-1.1.0 for several months. I have several types of prepaid accounts, these accounts are limited in time, but I want some accounts are only allow in some hotspots, and they are forbiden in the rest. I read it is possoble from huntgroup file. But is it possible to pick up these data from my DB?? How??? Because I don't know what attribute I have to put in radgroupcheck. _ Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor Amistad. http://match.msn.es/match/mt.cfm?pg=channeltcid=162349 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nas table
Hi people, I use freeradius 1.0.5 and am getting my nas information from nas table since several months ago. How ever, I realize I have to put DNS in this table because I have DDNS entries. Where must I put the DDNS in this table?? In ipddr I can not because is inet type and a primary key. What can I do?? _ ¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en MSN Motor. http://motor.msn.es/researchcentre/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to specify multiple values for Called-Station-Id (checkval)
This is a very interesting question because I am looking for a solution for enable/forbitten NAS. From: Mike Jakubik [EMAIL PROTECTED] Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.org To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: How to specify multiple values for Called-Station-Id (checkval) Date: Thu, 25 May 2006 14:01:09 -0400 Kostas Kalevras wrote: On Wed, 24 May 2006, Mike Jakubik wrote: Hello, I am trying to setup group checks for Called-Station-Id in freeradius 1.1.1 and mysql. I have enabled the checkval module in radiusd.conf and set notfound-reject = yes. In my radgroupcheck table when i specify restricted Called-Station-Id := number, it works fine. However i need to specify more than one number. I have tried the following format; number, number, number and number, number, number and number, number but none of those seem to work. Could someone please tell me how this can be accomplished? You just need to add more attribute/value pairs, one for each number you wantto allow. You can also use a regular expression if you use the =~ operator. I have tried that, but it does not work either. I have also tried using regexp, while it seems to function, it no longer seems to use the checkval module and throws the following notice: Info: rlm_sql (sql): No matching entry in the database for request from user [user] But the checkval module shows: Auth: Invalid user (rlm_checkval: This Called-Station-Id is not allowed for the user) Whats the point of this checkval module if it can only check a single value? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Grandes éxitos, superhéroes, imitaciones, cine y TV... http://es.msn.kiwee.com/ Lo mejor para tu móvil. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
huntgroup file
Can someone send me an example of huntgroup file and it ísn`t the huntgroup one that appears in the examples or faqs? Thanks _ Charla con tus amigos en línea mediante MSN Messenger. http://messenger.microsoft.com/es - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i limit traffic use?
Hi people, I am working about traffic limitations and all the answers are not complete. As a person said, RADIUS can control the traffic off-line when a user connects and, in the case this user spent all his quota, RADIUS reject him. However, this kind of control has to be done on-line, that is to use a device to throw away users when their quota finish. This characteristic is specific of ecah device and the device has to work with QoS (bandwidth restrictions). In that case RADIUS send the attribute of quota and QoS to the device, and the device controls to users. For instance, I have a AMPHOR@ MTR device from VAYRIS S.L. and it controls users. Santiago _ ¿Vas a comprar algo a través de Internet? Ordénalo por el mejor precio en MSN Compras. http://www.msn.es/compras/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate conections to mysql
Hi people, I have installed freeradius-0.93 with Debian Distribution. The system functions, however I don't know why there are 4 conncection to mysql: * rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:3306/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) *** I only want an answer of this behaivour. Thanks Santiago The complete inicialitation log is: Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib:/usr/local/lib:/usr/lib/mysql main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib:/usr/local/lib:/usr/lib/mysql Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = 192.168.2.3 sql: port = 3306 sql: login = radius sql: password = radius sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = no sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} sql:
Simultaneous Use Verification
Hi People, I have freeradius-0.9.3 with Debian Distribution. I read all the documentation about Simultaneous-Use in the manual and some web pages, but i'm not sure how to install it. Ii is supposed that if I install `mrtg' package and set DEFAULT Simultaneous-Use:=1 in users file ? Obviusly I have perl package installed. Thanks, Santiago _ Protege tu correo del spam y los virus con MSN 8. Prueba gratis dos meses MSN 8. http://join.msn.com/?pgmarket=es-esXAPID=199DI=1055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate conections to mysql
The system functions, however I don't know why there are 4 conncection to mysql: [ snip ] I only want an answer of this behaivour. Thanks Well, there are actually 5 connections listed there. This would be why: sql: num_sql_socks = 5 If you want to increase/decrease the number of connections to your MySQL server, then change this number. A default install will have this option in sql.conf. What is the best number of connections to the MySQL server? I set 5. _ ¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en MSN Motor. http://motor.msn.es/researchcentre/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql libraries
Hi People, I have freeradius.9.3 running in a Mandrake Distribution. Can someone send me a precompiled drivers to mysql? I need the files of /usr/local/lib/rlm_sql_mysql.* . Thanks _ Déjanos tu CV y recibe ofertas de trabajo en tu buzón. Multiplica tus oportunidades con MSN Empleo. http://www.msn.es/Empleo/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: expiration attribute
It is easy for with my method. I suposse that you have RADIUS counts with a specific login, if you want that a count expires in 30 days after its activation, you only have to get the activation date (you know with NOW() in mysql) and add to this date 30 in MySQL sentences. This calculated date is save in the radcheck table in the field ExpitationDate. Santiago Milver S. Nisay [EMAIL PROTECTED] wrote: The next challenge for a prepaid dialup would be , is there a possibility that an account's expiration would be modified, using MsSQL queries inside sqlcounter.conf, on the first successful authentication I would suggest running an external program to do that. For Ex. An prepaid dialup card is to expire within 30 days starting May 1, but the user who bought it used the prepaid dialup account on the May 29, is there an attribute that will modify or prolong the expiration for 29 days more since it was used successfully on the 29th day of the month, therefore activating the dialup account on the first successful usage. That is a *very* specialized requirement, and is not possible with the default modules. You should be able to write a simple shell script to catch that case, and update the database. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Protege tu correo del spam y los virus con MSN 8. Prueba gratis dos meses MSN 8. http://join.msn.com/?pgmarket=es-esXAPID=199DI=1055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VoIP Implementation
Hi people, First of all I want to thank Allan to assist ourselves in any kind of question. I proposed to myself and to my company if the VoIP service can be served with RADIUS. If so, I want to know how it will be possible and the steps to follow. Thanks, Santiago _ Reserva desde ahora tus vacaciones en MSN Viajes. Más cómodo, más barato y más opciones. http://www.msn.es/Viajes/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: public secret and public radius server. Is it secure?
If you don't want Dynamic address use VPN between your RADIUS server an your hotspots. My question is : - What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type) one is spell it out and try rumble it so he forms a new word from it Is it a real security problem? I will be using accounting for facturation purposes... - Is there a way of maintaining a per hotspot secret with dynamic ip addresses? yes. check client and clients.conf relationship I did not find. clients.conf entry seems to be ip based. How do I setup a NAS without knowing its ip? (and differentiate between several of them) - why not implement static IP for APs? -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor Amistad. http://match.msn.es/match/mt.cfm?pg=channeltcid=162349 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Malfunctioning Nomadix
True. Nomadix developers told me ir is a problem of my RADIUS server. I think it is almost impossible because Radius server it is a 'silly' machine. If a NSE tells radius thatinsert a registes in radacct, radius server does and it is supposed NAS controls its ID's. It is true I can add a DB rule that verifies the existence of a ID unique. Sincerelly, I wrork with other NASes (Gemtek P-560, P-564, ISS2000, MTR amphora, MT...) and Nomadix ( AG2000 and 2100) cause some errors. Moreover, this device can not well implemented the SNMP MIB. Hi, I've seen this with our Nomadix USG and AG series devices as well - often the NSE will send requests multiple times, but I can never understand why. There are a few other bugs in the RADIUS code in Nomadix as well, for example I have never managed to get round robin working as I would expect (50% to each server). With our RADIUS setup the multiple stop or start packets do not cause any problems as the session ID is unique so a duplicate cannot be inserted into our accounting database. I am in discussions with developers at Nomadix at the moment about stability issues, and I have also mentioned these RADIUS issues to them as well - hopefully they will be fixed soon! Which devices and firmware versions do you have this problem with? _ Acepta el reto MSN Premium: Protección para tus hijos en internet. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccioninfantil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diferent Session-Timeout depending on NAS
Hi people, I have been working with RADIUS for sereral years and now we want to implement a different accounting for prepaid cards. I will explain my quesion shortly. Two types of hotspots zones: Spain and Mexico. Everyone know prizces in Mexico are cheaper than in Spain. Well, my accounts are valid in both countries, however the conection time are shorter in Spain than in Mexico. How can I modify the Session-Timeout attribute depending on NAS? Thanks. _ Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. http://astrocentro.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html