Monthly-Time-Limit and Total-Time-Limit
Thank you very much Sir Alan! you rock :) I've successfuly configured freeradius 0.4 in my freebsd box, and it seems to be working very well now. i have a cisco nas configured too and the aaa via the mysql module. My problem now is that I want to implement ICradius' 'Monthly-Time-Limit' and 'Total-Time-Limit' attributes but there seems to be no support yet to these in freeradius. Am I right or is it supported already? If not, is there a way I can do this in freeradius? Any suggestions? Thanks again! jessie Feliz Navidad! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, December 17, 2001 8:07 AM To: [EMAIL PROTECTED] Subject: Re: Login-Time problem "power jessie" <[EMAIL PROTECTED]> wrote: > i also wonder what does ':=' do? how does it differ from '=='? 'man users' > also, is it possible for 'Login-Time' to have two or more > time span in a day, say in Monday 9:00 - 10:00 AM and then > 1:00 - 3:00 PM. can it be done? Yes. See the documentation that comes with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- This incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.306 / Virus Database: 166 - Release Date: 12/4/2001 --- Don't Panic! This mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.309 / Virus Database: 170 - Release Date: 12/17/2001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho out of sync
when i do a radwho, it still lists some connections that are over a week old, that have been disconnected. (I know they are disconnected, one of the users is me). I am assuming that the reason is, that for some reason the Accounting Stop packet wasn't received by free radius. Is this a valid assumption? Is there a way to make freeradius know that the session has been stopped so that radwho doesn't keep listing it?
Re: Website/ftp site down ?
At 10:29 AM 12/18/2001 +1300, Simon Byrnand wrote: > >>Thanks, I'll have look. > > > >Oh dear. radius.cistron.nl doesn't even resolve for me. Any other ideas > ? :-) > >Scrap that, I've got it. > >I found the routing problem is something between our ISP and a couple of >overseas peers like bbnplanet, our upstream provider is looking into it. >I've downloaded the file via another ISP. Sorry to waste everyones time. No worries. Glad you got it sorted. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Website/ftp site down ?
At 09:50 AM 12/18/2001 +1300, Simon Byrnand wrote: >At 11:31 AM 17/12/01 -0500, you wrote: > > >Simon Byrnand <[EMAIL PROTECTED]> wrote: > >> Is anyone else having trouble reaching the freeradius website and ftp >site ? > > > > There are often small network disconnects *somewhere* in the net. > >Yep, it looks like a routing problem, and 24 hours later, its still there :-( > >Here is a traceroute: > >traceroute www.freeradius.org >traceroute to freeradius.org (64.24.0.50), 30 hops max, 38 byte packets > 1 max3.whan.igrin.co.nz (202.49.244.250) 3.440 ms 2.506 ms 3.324 ms [ ... ] >14 p15-0.crtntx1-br1.bbnplanet.net (4.24.10.113) 284.657 ms 316.034 ms >353.938 ms That's one of Genuity ( bbnplanet.net )'s hubs, in Carrolton, TX. Genuity is one of the providers that we ( StarNet ) use for transit. In tracing back to your originating IP, I'm showing it dying in Globalcrossing in Chicago, IL: traceroute to 202.49.244.250 (202.49.244.250), 30 hops max, 40 byte packets 1 pal1-core1-f0-0.starnetinc.com (216.126.128.1) 1 ms 1 ms 1 ms 2 s11-0-1.chicago1-cr1.bbnplanet.net (4.0.194.1) 3 ms 4 ms 3 ms 3 p4-0.chicago1-nbr1.bbnplanet.net (4.0.1.113) 3 ms 3 ms 3 ms 4 p4-1.chcgil1-cr1.bbnplanet.net (4.0.2.218) 3 ms 4 ms 5 ms 5 p5-0.chcgil1-br1.bbnplanet.net (4.24.5.241) 4 ms 4 ms 3 ms 6 so-3-0-0.chcgil2-br1.bbnplanet.net (4.24.9.69) 3 ms 3 ms 4 ms 7 p1-0.chcgil2-cr1.bbnplanet.net (4.24.7.134) 4 ms 3 ms 4 ms 8 so3-2-2-155M.br2.CHI1.gblx.net (208.51.6.17) 15 ms 15 ms 15 ms 9 pos6-0-2488M.cr1.CHI1.gblx.net (208.49.59.205) 15 ms 14 ms 14 ms 10 * * * >Looks like a routing problem at bbnplanet. 24 hours seems a long time for a >routing problem like that. Who should I contact ? Your upstream bandwidth provider. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Website/ftp site down ?
>>Thanks, I'll have look. > >Oh dear. radius.cistron.nl doesn't even resolve for me. Any other ideas ? :-) Scrap that, I've got it. I found the routing problem is something between our ISP and a couple of overseas peers like bbnplanet, our upstream provider is looking into it. I've downloaded the file via another ISP. Sorry to waste everyones time. Regards, Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Website/ftp site down ?
Simon Byrnand <[EMAIL PROTECTED]> wrote: > Oh dear. radius.cistron.nl doesn't even resolve for me. Any other ideas ? :-) [aland@giles ~]$ host www.radius.cistron.nl www.radius.cistron.nl has address 195.64.65.21 Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Website/ftp site down ?
At 11:31 AM 17/12/01 -0500, you wrote: >Simon Byrnand <[EMAIL PROTECTED]> wrote: >> Is anyone else having trouble reaching the freeradius website and ftp site ? > > There are often small network disconnects *somewhere* in the net. Yep, it looks like a routing problem, and 24 hours later, its still there :-( Here is a traceroute: traceroute www.freeradius.org traceroute to freeradius.org (64.24.0.50), 30 hops max, 38 byte packets 1 max3.whan.igrin.co.nz (202.49.244.250) 3.440 ms 2.506 ms 3.324 ms 2 atm0-1-0-702.dom-vrf.orcon.net.nz (210.55.12.209) 185.547 ms 111.806 ms 116.495 ms 3 fe1-0.tshape.orcon.net.nz (210.55.12.213) 170.959 ms 82.503 ms 35.626 ms 4 fe0-0-1.int-vrf.orcon.net.nz (210.55.12.217) 25.365 ms 93.875 ms 44.841 ms 5 atm2-0-32.akcrd.orcon.net.nz (210.55.12.190) 12.615 ms 11.975 ms 16.678 ms 6 a4-0-0-22.akbr1.global-gateway.net.nz (202.50.119.197) 21.076 ms 13.677 ms 13.553 ms 7 g2-0-3.akbr2.global-gateway.net.nz (202.50.116.169) 14.500 ms 13.826 ms 14.538 ms 8 a3-0-3.sybr2.global-gateway.net.nz (202.50.116.145) 56.367 ms 46.255 ms 35.895 ms 9 p1-0-0.labr2.global-gateway.net.nz (202.50.116.154) 197.554 ms 233.485 ms 197.340 ms 10 s5-4.lsanca1-cr12.bbnplanet.net (4.24.24.17) 222.821 ms 207.596 ms 202.782 ms 11 p5-0.lsanca1-cr8.bbnplanet.net (4.24.10.109) 223.453 ms 227.366 ms 206.080 ms 12 p6-0.lsanca2-br2.bbnplanet.net (4.24.5.53) 257.481 ms * 268.957 ms 13 p9-0.crtntx1-br2.bbnplanet.net (4.24.5.62) 213.600 ms 239.348 ms 250.058 ms 14 p15-0.crtntx1-br1.bbnplanet.net (4.24.10.113) 284.657 ms 316.034 ms 353.938 ms 15 * * * 16 * * * 17 * * * 18 * * * Looks like a routing problem at bbnplanet. 24 hours seems a long time for a routing problem like that. Who should I contact ? >> A traceroute stops for me past IP addresses owned by "GENUITY". I was >> originally trying to download the latest cistron radius and I think they >> still share the same ftp server > > Some. You can also go to radius.cistron.nl Thanks, I'll have look. Regards, Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Website/ftp site down ?
>>> A traceroute stops for me past IP addresses owned by "GENUITY". I was >>> originally trying to download the latest cistron radius and I think they >>> still share the same ftp server >> >> Some. You can also go to radius.cistron.nl > >Thanks, I'll have look. Oh dear. radius.cistron.nl doesn't even resolve for me. Any other ideas ? :-) Regards, Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Seg. Fault 0.4
Okay, I did: rm /usr/local/lib/* cd radiusd (root dir of src of 0.4) make distclean ./configure --sysconfdir=/etc --localstatedir=/var --with-threads \ --with-thread-pool \ --with-rlm-sql-postgresql-include-dir=/opt/pgsql/include \ --with-rlm-sql-postgresql-lib-dir=/opt/pgsql/lib make make install gdb radiusd (gdb) set args -X (gdb) run (ran a few requests) Seg. Faulted (gdb)bt This is gdb out of 'bt' +++ START #0 0x4001a96d in sql_userparse () at eval.c:88 #1 0x4001aa61 in sql_getvpdata () at eval.c:88 #2 0x40019ae2 in rlm_sql_authorize () at eval.c:88 #3 0x80550a6 in call_modsingle (component=1, sp=0x80d5eb0, request=0x80dcdd8, default_result=6) at modcall.c:205 #4 0x80551fe in modcall (component=1, c=0x80d5eb0, request=0x80dcdd8) at modcall.c:288 #5 0x80550f5 in call_modgroup (component=1, g=0x80d5e00, request=0x80dcdd8, default_result=6) at modcall.c:227 #6 0x80551bf in modcall (component=1, c=0x80d5e00, request=0x80dcdd8) at modcall.c:281 #7 0x80549a6 in indexed_modcall (comp=1, idx=0, request=0x80dcdd8) at modules.c:456 #8 0x8054cd5 in module_authorize (request=0x80dcdd8) at modules.c:631 #9 0x8051b4c in rad_authenticate (request=0x80dcdd8) at auth.c:524 #10 0x804d763 in rad_respond (request=0x80dcdd8, fun=0x80519f0 ) at radiusd.c:1492 #11 0x804d3c3 in rad_process (request=0x80dcdd8, dospawn=0) at radiusd.c:1252 #12 0x804d09b in main (argc=2, argv=0xb994) at radiusd.c:1060 #13 0x400ae2eb in __libc_start_main (main=0x804c3ec , argc=2, ubp_av=0xb994, init=0x804b4b8 <_init>, fini=0x805deac <_fini>, rtld_fini=0x4000c130 <_dl_fini>, stack_end=0xb98c) at ../sysdeps/generic/libc-start.c:129 +END On Fri, 14 Dec 2001, Chris Parker wrote: > At 02:03 PM 12/14/2001 -0800, [EMAIL PROTECTED] wrote: > > >I've been having a seg fault in snapshots and in 0.4, I don't get it in > >0.3. Basically I run about 5 request and then it seg faults. Not exactly > >5, but aprox. The only auth I do is through SQL and it then runs a simple > >external script that returns a Reply-Message and then exits 0. > >Running 'radiusd -xx' doesn't seem to give any info on why. > >Where do I start to get this debugged? What additional info do we need? > > First thing to suggest, is remove the 'rlm_*' files in /usr/local/lib. > > Most likely you have an older lib being linked in, and some of the > function calls to that lib have changed. > > If you do this, and the server still segfaults, run it via the > following: > > system$ gdb radiusd > ... > (gdb) set args -X > (gdb) run > > When/If the server segfaults type: > > (gdb) bt > > And send the results of the server debug info and the gdb stack trace > to this list. > > Thanks, > -Chris > -- > \\\|||/// \ Chris Parker-Manager, Development Engineering > \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Without C we would have 'obol', 'basi', and 'pasal' > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Check out http://www.setfree.org It can change your life. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max Request Time (max_request_time) No Timeout - Patch for 0.4
This is not tested.
*** radiusd.c.OLD Tue Nov 20 12:13:22 2001
--- radiusd.c Mon Dec 17 13:20:52 2001
***
*** 2367,2373
*/
request->options |= RAD_REQUEST_OPTION_LOGGED_CHILD;
}
! return RL_WALK_CONTINUE;
}
/*
--- 2367,2373
*/
request->options |= RAD_REQUEST_OPTION_LOGGED_CHILD;
}
! goto setup_timeout;
}
/*
***
*** 2495,2500
--- 2495,2506
request->proxy_next_try = info->now + proxy_retry_delay;
}
difference = request->proxy_next_try - info->now;
+
+ if (difference <= 0) {
+ request->finished = TRUE;
+ rad_reject(request);
+ realm_disable(request->proxy->dst_ipaddr);
+ }
} else {
/*
* The request is NOT finished.
Max Request Time (max_request_time) No Timeout - Patch for 0.3
Tested this... Seems to work ok. would appreciate any comments/concerns with
regards to impact on existing functionality.
Thx,
Angus.
*** radiusd.c.OLD Wed Oct 10 18:58:38 2001
--- radiusd.c Mon Dec 17 13:11:17 2001
***
*** 2309,2315
*/
request->options |= RAD_REQUEST_OPTION_LOGGED_CHILD;
}
! return RL_WALK_CONTINUE;
}
/*
--- 2309,2315
*/
request->options |= RAD_REQUEST_OPTION_LOGGED_CHILD;
}
! goto setup_timeout;
}
/*
***
*** 2438,2443
--- 2438,2448
}
difference = request->proxy_next_try - info->now;
+ if (difference <= 0) {
+ request->finished = TRUE;
+ rad_reject(request);
+ realm_disable(request->proxy->dst_ipaddr);
+ }
} else {
/*
* The request is NOT finished.
Re: Simple questions
"Brandon Saunders" <[EMAIL PROTECTED]> wrote: > I am very interested in the EAP-TLS and TTLS support. Do you know whom is > leading those efforts? What is the status of the effort, and what could I > do to help? The code isn't even started, but a framework for EAP is there. Write code and send patches. Subscribe to the freeradius-devel list, and talk about the patches there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Simple questions
Alan, First, thank you for the information. I am very interested in the EAP-TLS and TTLS support. Do you know whom is leading those efforts? What is the status of the effort, and what could I do to help? Brandon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, December 17, 2001 11:03 AM To: [EMAIL PROTECTED] Subject: Re: Simple questions "Brandon Saunders" <[EMAIL PROTECTED]> wrote: > I am interested in using freeradius as an authentication proxy between my > wireless network and Kerberos/DCE cell. I have see on the web page that you > have support for use of a Kerberos backend. Can anyone comment on this? Yes, it has kerberos support. > A lot of the access points that I am looking at appear to require > proprietary RADIUS servers. Also no your web page I see a statement about > Cisco compatibility. Can someone elaborate on this compatibility? It supports all of the Cisco VSA's. > Is this compatibility for LEAP? No. > Are there other manufacturers that are supported. Download the software and look for the vendor dictionaries. > I am also interested in EAP-TLS and EAP-TTLS support. Is anyone working > towards that level of support? Yes. > Has anyone got freeradius to work on Alpha/Tru64-UNIX? I think so, but I can't recall any specifics. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Website/ftp site down ?
Simon Byrnand <[EMAIL PROTECTED]> wrote: > Is anyone else having trouble reaching the freeradius website and ftp site ? There are often small network disconnects *somewhere* in the net. > A traceroute stops for me past IP addresses owned by "GENUITY". I was > originally trying to download the latest cistron radius and I think they > still share the same ftp server Some. You can also go to radius.cistron.nl Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login-Time problem
"power jessie" <[EMAIL PROTECTED]> wrote: > i also wonder what does ':=' do? how does it differ from '=='? 'man users' > also, is it possible for 'Login-Time' to have two or more > time span in a day, say in Monday 9:00 - 10:00 AM and then > 1:00 - 3:00 PM. can it be done? Yes. See the documentation that comes with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Accounting
Eric Reischer <[EMAIL PROTECTED]> wrote: > Forgive me if this question has already been asked, but since there's no > search option for the archives, I figured asking would be quicker :-) http://www.google.com > I'm using LDAP authentication for my radius server, however I want to be > able to log accounting information to a postgres database, so we can > retrieve the information easier. I don't see any information as to how to > set this up (if it's even possible). Does anybody out there know how? See the archives from yesterday. http://lists.cistron.nl/pipermail/freeradius-users/2001-December/003660.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simple questions
"Brandon Saunders" <[EMAIL PROTECTED]> wrote: > I am interested in using freeradius as an authentication proxy between my > wireless network and Kerberos/DCE cell. I have see on the web page that you > have support for use of a Kerberos backend. Can anyone comment on this? Yes, it has kerberos support. > A lot of the access points that I am looking at appear to require > proprietary RADIUS servers. Also no your web page I see a statement about > Cisco compatibility. Can someone elaborate on this compatibility? It supports all of the Cisco VSA's. > Is this compatibility for LEAP? No. > Are there other manufacturers that are supported. Download the software and look for the vendor dictionaries. > I am also interested in EAP-TLS and EAP-TTLS support. Is anyone working > towards that level of support? Yes. > Has anyone got freeradius to work on Alpha/Tru64-UNIX? I think so, but I can't recall any specifics. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Login-Time problem
yah .. it works! thanks a lot to aleksander and to mitry...
i also wonder what does ':=' do? how does it differ from '=='?
also, is it possible for 'Login-Time' to have two or more
time span in a day, say in Monday 9:00 - 10:00 AM and then
1:00 - 3:00 PM. can it be done?
thanks!
jessie
void signature () {
cout << "Jessie Natividad-- [EMAIL PROTECTED]" << endl ;
cout << "Cell: +63 919 272 7925" << endl;
cout << "Primum Regnum Dei" << endl;
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Aleksandr
Kuzminsky
Sent: Monday, December 17, 2001 5:45 AM
To: [EMAIL PROTECTED]
Subject: Re: Login-Time problem
On Sat, 15 Dec 2001, power jessie wrote:
> Date: Sat, 15 Dec 2001 15:25:41 -0800
> From: power jessie <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Login-Time problem
>
>
>
> Version : FreeRADIUS 0.4
> Platform : FreeBSD 4.3 Release
>
> I can't seem to make Login-Time to work for me, everytime
> i add a Login-Time attribute to either user or group
> in the mysql table, it always reject the request...
> but if i remove the Login-Time attribute, it authenticate
> successfuly.
>
> What am i lacking here? any leads pls ...
I do as Randy Moore adviced (see Simultaneous-Use in SQL table?),
e.g. patch sql.conf and modify sql-scheme.
Then Login-Time attribute put to radgroupcheck table
| GroupName | Attribute | Value | op |
| mygroup | Login-Time | al0900-1800 | := |
In usergroup point that ingoth belong to "mygroup"
| UserName | GroupName |
| ingoth | mygroup |
And it seems work.
But I have not clear understanding what mean := in op field.
---
Aleksandr Kuzminsky,AK476-RIPE
System Administrator, AK16-UANIC
ISP NBI.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
---
This incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.306 / Virus Database: 166 - Release Date: 12/4/2001
---
This mail is certified Virus Free. No need to worry.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.306 / Virus Database: 166 - Release Date: 12/4/2001
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Postgresql module failure problem..
"bharani" <[EMAIL PROTECTED]> wrote: > In connection to my previous mails, still i have the postgresql = > problem.I could'nt find the reason for this... Did you even bother reading the previous response to your email? Do you really think you will get better response by sending multiple emails to the list, with them all CC'd to me? Please be more polite. Ask ONE question at a time. READ the answer. > Backend message type 0x45 arrived while idle > PostgreSQL Query failed Error: PQsendQuery() -- There is no connection = > to the backend. THIS is your problem. I don't know why the SQL server is hanging up the connection. Find out why, and the problem will be solved. FreeRADIUS does NOT hang up the SQL connection until it's about to exit. So the problem most likely is not FreeRADIUS. Please don't ask this question again, either. Do some work yourself to find out WHY the SQL server is hanging up. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simple questions
I am interested in using freeradius as an authentication proxy between my wireless network and Kerberos/DCE cell. I have see on the web page that you have support for use of a Kerberos backend. Can anyone comment on this? A lot of the access points that I am looking at appear to require proprietary RADIUS servers. Also no your web page I see a statement about Cisco compatibility. Can someone elaborate on this compatibility? Is this compatibility for LEAP? Are there other manufacturers that are supported. I am also interested in EAP-TLS and EAP-TTLS support. Is anyone working towards that level of support? Has anyone got freeradius to work on Alpha/Tru64-UNIX? Thank You, Brandon Saunders Senior Network Engineer Ohio University Communication Network Services Email: [EMAIL PROTECTED] Phone: (740)593-9835 Cell: (740)591-8022 Pager: (740)592-7828 Fax:(740)593-1944 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login-Time problem
On Sat, 15 Dec 2001, power jessie wrote: > Date: Sat, 15 Dec 2001 15:25:41 -0800 > From: power jessie <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Login-Time problem > > > > Version : FreeRADIUS 0.4 > Platform : FreeBSD 4.3 Release > > I can't seem to make Login-Time to work for me, everytime > i add a Login-Time attribute to either user or group > in the mysql table, it always reject the request... > but if i remove the Login-Time attribute, it authenticate > successfuly. > > What am i lacking here? any leads pls ... I do as Randy Moore adviced (see Simultaneous-Use in SQL table?), e.g. patch sql.conf and modify sql-scheme. Then Login-Time attribute put to radgroupcheck table | GroupName | Attribute | Value | op | | mygroup | Login-Time | al0900-1800 | := | In usergroup point that ingoth belong to "mygroup" | UserName | GroupName | | ingoth | mygroup | And it seems work. But I have not clear understanding what mean := in op field. --- Aleksandr Kuzminsky,AK476-RIPE System Administrator, AK16-UANIC ISP NBI. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgresql module failure problem..
Hi,
In connection to my previous mails, still i have
the postgresql problem.I could'nt find the reason for this...
The following changes i have made in the sql.conf
and radiusd.conf
sql.conf
sql sql_postgresql
{
driver =
"rlm_sql_postgresql"
server =
"localhost" login =
"root" password = "pwd"
radius_db =
"radius"
etc.
}
radiusd.conf
modules {
$INCLUDE
${confdir}/sql.conf
}
authorize
{
preprocess#
counter#
attr_filter
suffix
files
sql_postgresql}
authenticate
{#
pam#
unix
sql_postgresql}
authtype SQL
{
sql_postgresql
sql2 }
I have also created the tables as mentioned in
db_postgresql.
I want the necessary details, to get the successful
connection between postgresql & freeradius..So whoever have worked on
this..help.
Thanks in advance.
Bharani
The output is as follows:
Starting - reading configuration files
...reread_config: reading radiusd.conf
...etc
Module: Loaded SQL sql: driver =
"rlm_sql_postgresql" sql: server = "localhost" sql: port =
"" sql: login = "root" sql: password = "mascon" sql:
radius_db = "radius" sql: acct_table = "radacct" sql:
acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql:
authreply_table = "radreply" sql: groupcheck_table =
"radgroupcheck" sql: groupreply_table = "radgroupreply" sql:
usergroup_table = "usergroup" sql: nas_table = "nas" sql:
dict_table = "dictionary" sql: sqltrace = yes sql:
sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql:
deletestalesessions = yes sql: num_sql_socks =
5etc.
.
sql: sql_user_name =
"%{User-Name}" sql: accounting_stop_query_alt = "INSERT into radacct
(RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', '0', '%S',
'%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}',
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')" sql:
connect_failure_retry_delay = 60rlm_sql: Driver rlm_sql_postgresql loaded
and linkedrlm_sql: Attempting to connect to
root@localhost:/radiusrlm_sql: Connected new DB handle,
#0rlm_sql: Connected new DB handle, #1rlm_sql: Connected new
DB handle, #2rlm_sql: Connected new DB handle, #3rlm_sql:
Connected new DB handle, #4Module: Instantiated sql
(sql_postgresql)Module: Loaded preprocess preprocess: huntgroups =
"/usr/local/etc/raddb/huntgroups" preprocess: hints =
"/usr/local/etc/raddb/hints" preprocess: with_ascend_hack =
no preprocess: ascend_channels_per_line = 23 preprocess:
with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack =
no preprocess: with_cisco_vsa_hack = noModule: Instantiated
preprocess (preprocess)Module: Loaded realm realm: format =
"suffix" realm: delimiter = "@"Module: Instantiated realm
(suffix)Module: Loaded files files: usersfile =
"/usr/local/etc/raddb/users" files: acctusersfile =
"/usr/local/etc/raddb/acct_users" files: compat = "no"Module:
Instantiated files (files)Module: Loaded detail detail: detailfile
=
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail" detail:
detailperm = 384 detail: dirperm = 493Module: Instantiated detail
(detail)Module: Loaded System unix: cache = no unix:
passwd = "/etc/passwd" unix: shadow = "(null)" unix: group =
"/etc/group" unix: radwtmp =
"/usr/local/var/log/radius/radwtmp" unix: usegroup = noModule:
Instantiated unix (unix)Module: Loaded radutmp radutmp: filename =
"/usr/local/var/log/radius/radutmp" radutmp: perm =
384 radutmp: callerid = yesModule: Instantiated radutmp
(radutmp) main: smux_password = "" main: snmp_write_access =
noSMUX connect try 1Can't connect to SNMP agent with SMUX: Connection
refusedListening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.Ready to process requests.rad_recv: Access-Request packet from
host 192.192.1.252:1024, id=125,
length=56 User-Name =
"bharani" Password =
"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "0"modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok modcall[authorize]:
module "suffix" returns ok users: Matched bharani at
72 modcall[authorize]: module "files" returns okrlm_sql: Reserving
sql socket id: 4radius_xlat: 'bharani'sq
postgresql module failure problem....
Hi,
In connection to my previous mails, still i have the postgresql problem.I could'nt
find the reason for this...
The following changes i have made in the sql.conf and radiusd.conf
sql.conf
sql sql_postgresql
{
driver = "rlm_sql_postgresql"
server = "localhost"
login = "root"
password = "pwd"
radius_db = "radius"
etc.
}
radiusd.conf
modules {
$INCLUDE ${confdir}/sql.conf
}
authorize {
preprocess
# counter
# attr_filter
suffix
files
sql_postgresql
}
authenticate {
# pam
# unix
sql_postgresql
}
authtype SQL {
sql_postgresql
sql2
}
I have also created the tables as mentioned in db_postgresql.
I want the necessary details, to get the successful connection between postgresql &
freeradius..So whoever have worked on this..help.
Thanks in advance.
Bharani
The output is as follows:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
...etc
Module: Loaded SQL
sql: driver = "rlm_sql_postgresql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = "mascon"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = yes
sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
sql: deletestalesessions = yes
sql: num_sql_socks = 5
etc.
.
sql: sql_user_name = "%{User-Name}"
sql: accounting_stop_query_alt = "INSERT into radacct (RadAcctId, AcctSessionId
, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStart
Time, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectIn
fo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, A
cctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay,
AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%
{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port
-Type}', '0', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-
Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Frame
d-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
sql: connect_failure_retry_delay = 60
rlm_sql: Driver rlm_sql_postgresql loaded and linked
rlm_sql: Attempting to connect to root@localhost:/radius
rlm_sql: Connected new DB handle, #0
rlm_sql: Connected new DB handle, #1
rlm_sql: Connected new DB handle, #2
rlm_sql: Connected new DB handle, #3
rlm_sql: Connected new DB handle, #4
Module: Instantiated sql (sql_postgresql)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de
tail"
detail: detailperm = 384
detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "(null)"
unix: group = "/etc/group"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
main: smux_password = ""
main: snmp_write_access = no
SMUX connect try 1
Can't connect to SNMP agent with SMUX: Connection refused
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.192.1.252:1024, id=125, length=56
User-Name = "bharani"
Password = " 'bharani'
radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username =
'bharani' ORDER BY id'
query: SELECT id,UserName,Attribute,Value FROM radcheck WHER
