Anyone has patch about sql.c or rlm_sql.c to support operator?

[Rubby]

Hi,all,
I saw someone posted a patch about sql.c or rlm_sql.c to support operator processing
for sql module before, but now I searched all the maillist archive and cannot find it,
I use SQL to authorize and authenticate , but the sql module in 0.4 does not support
operator processing,so I need it.
Anyone has it?
Thanks.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin - fatal error resolved ...

[Do-Risika RAFIEFERANTSIARONJY]

I have finally find the source of my problem, it was my fault. I added a
link lib/sql/defaults.php3 -> lib/defaults.php3 so it looped ... 

Now I just put a void file in lib/sql/defaults.php3.

I see that it is interesting but I have some questions or notes if
possible :

* in tre accounting report, isn't there navigations buttons ? (to see
the next or previous records),

* is not there something to manage radgroupcheck, radgroupreply and
usergroup ?

* i noticed that it does not support yet operator in radcheck and
radreply tables ? is it planed or not ?

Thanx

@+
--
DouRiX




Do-Risika RAFIEFERANTSIARONJY wrote:
> 
> Kostas Kalevras wrote:
> >
> > On Mon, 21 Jan 2002, Do-Risika RAFIEFERANTSIARONJY wrote:
> >
> > >
> > > Hi all,
> > >
> > > As it is referenced as a an interface php for freeradius
> > > (http://sourceforge.net/projects/dialup-admin/), I think somebody here
> > > use it.
> > >
> > > I have the fatal error below when I try to edit or create user, so I
> > > want to ask if it is a bug or if there is something wrong in my config ?
> > > (i'm using mysql in accounting)
> > >
> > > Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
> > > allocate 11520 bytes) in
> > > /usr/local/dialup_admin/lib/defaults.php3 on line 10
> > >
> > Are you runing anything else on the machine? From the error message it seems
> > that defaults.php3 tried to allocate just 11KB which is quite reasonable.
> > I am not sure if the php memory_limit directive applies to a single page or to
> > the whole php process.
> 
> I have just freeradius, mysql, apache on a debian box ...
> 
> @+
> --
> DouRiX
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Do-Risika RAFIEFERANTSIARONJY
mailto:[EMAIL PROTECTED]

Simicro Internet, mailto:[EMAIL PROTECTED], http://internet.simicro.mg
Tel : (+261) 20 22 648 83 (GMT +3), Fax : (+261) 20 22 661 83

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Could not find proper Chap-Password Lucent AP

[wc87.tw]

rlm_chap: could not find proper Chap-Password
attribute in request

I use Lucent AP with EAP-MD5 to interact with
FreeRadius
But The FreeRadius show the above message to me
I don't know how to handle it 
pls give me a advice .
Thank U


-
< ¨C¤Ñ³£ Yahoo!©_¼¯ >  www.yahoo.com.tw

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin - fatal error ...

[Do-Risika RAFIEFERANTSIARONJY]

Nicola Orru' wrote:
> 
> > > Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
> > > allocate 11520 bytes) in
> > > /usr/local/dialup_admin/lib/defaults.php3 on line 10
> 
> There must be an infinite loop somewhere...

Yes, may be because on line 10, it seems that the file defaults.php3 is
including itself. So if that is the problem, I think it is a bug, or
should I change something in my configuration files ?

-- default.php3, line 10 --
if (is_file("../lib/$config[general_lib_type]/defaults.php3"))
include("../lib/$config[general_lib_type]/defaults.php3");
(END) 

Does someone have any idea ?

@+
--
;-DouRiX

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin - fatal error ...

[Do-Risika RAFIEFERANTSIARONJY]

Kostas Kalevras wrote:
> 
> On Mon, 21 Jan 2002, Do-Risika RAFIEFERANTSIARONJY wrote:
> 
> >
> > Hi all,
> >
> > As it is referenced as a an interface php for freeradius
> > (http://sourceforge.net/projects/dialup-admin/), I think somebody here
> > use it.
> >
> > I have the fatal error below when I try to edit or create user, so I
> > want to ask if it is a bug or if there is something wrong in my config ?
> > (i'm using mysql in accounting)
> >
> > Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
> > allocate 11520 bytes) in
> > /usr/local/dialup_admin/lib/defaults.php3 on line 10
> >
> Are you runing anything else on the machine? From the error message it seems
> that defaults.php3 tried to allocate just 11KB which is quite reasonable.
> I am not sure if the php memory_limit directive applies to a single page or to
> the whole php process.

I have just freeradius, mysql, apache on a debian box ...

@+
--
DouRiX

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Concept problem

[Willie Twonk]

Hi,

I have an old working radius server that handles my accounting just fine
with my PM2e

Now trying to authenticate from a new server setwork.

Problem is that the new network uses proxy-radius and apparently needs at
least 180 characters though my old radius server only handles 128
characters.

My thought is to use FreeRadius as a proxy between their proxy radius
servers and mine and hopefully have FreeRadius modify the packets etc.

Is this even possible or am I wasting my time even trying?

I am not a programmer :-\

Willie.





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PAM RHS Attribute Pairing

[Tony Hriczo]

This question may be a limitation of PAM methodology, but I figure it is
worth asking the experts.  

Is there a way to pass RHS Attribute values [eg- Framed-IP-Address] to
the free-radius environment when doing PAM authentication?  I have found
no public domain PAM modules which serve as an example for this.

It appears the PAM structure allows for passing this type of data
through environment variables [using the pam_putenv() call].  In looking
at the rlm_pam module, I find no provision to accomplish this type of
configuration.

My bottom line goal is to authenticate using PAM and pull the
corresponding RHS values from a MySQL table (using chained PAM modules?)
of much simpler structure than what is currently implemented using MySQL
authentication.  Perhaps there is a better way?

Any suggestions are appreciated!

Tony




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Stop queries

[Oleg Gritsinevich]

On Mon, Jan 21, 2002 at 05:59:11PM +0200, Igor Chen wrote:
> Hi!
> Anyone uses cisco nas and freeradius?
> I think that freeradius sometimes drops Stop queries and user record in
> radacct is not updated then. (Is it really possible?). I happen's
> not often, but happens, i can not even figure out why :-\
> I asked our cisco dealer, they say that nas  always sends Stop queries,
> and problem is in my radius.  Our partners use patched
> cistron and cisco nas, and they have not expirienced such problem.
> I hope to get any advice...
> 
> my configuration:
> cisco 3620 (30 modems), freeradius 0.3, postgresql 7.1
So you have got hanging sessions, right? Possibly UDP packets
get lost in noisy network and radius doesn't recieve them. Try to increase
number of retransmission on NAS. Also you can look for bugreports on
your IOS version (we use Cisco NASes and have no problems with them,
although we don't use freeradius).
-- 
With best regards, Oleg Gritsinevich.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Question reagarding Radius

[Maxim789]

Hi!
I'm looking for radius that I can integrate with my billing/accounting
software, so when I add customer to my b/a software, his login name and
pass. would be included in the radius database at the same time.
Is XTRadius will do the job or I have to look for something else?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Windows

[aland]

"Tarquin Douglass \(Astronet Internet Access\)" <[EMAIL PROTECTED]> wrote:
> has anyone managed to compile freeradius for windows, winnt, win2k yet ?

  No.

> If so, please email me the binary.

  Uh... right.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Windows

[Tarquin Douglass \(Astronet Internet Access\)]

Hi all,
 
has anyone managed to compile freeradius for 
windows, winnt, win2k yet ?
If so, please email me the binary.
 
 
Regards
 
Tarquin DouglassAstronet Internet 
AccessTel: (031) 2692954Cel: (083) 
5557890_http://www.astronet.co.za

rlm_sql cisco accounting hack...

[Kevin C. Miller]

Hello-

We are using freeradius-0.4, and noticed a couple log entries for 
'zero session length'. I tracked it down to the block (below) in 
rlm_sql.c.

Now, we only got a couple log entries, but in both cases we had 
"open" sessions in the database that were not closed due to a 
0-length session time (so we are treating them as "valid".)

My question is basically: The comment here notes that you only want 
to return RLM_MODULE_FAIL if the session length is 0 AND no previous 
session was found. Does this actually check for previous sessions? A 
cursory glance did not reveal where it was checking this.

-Kevin

#ifdef CISCO_ACCOUNTING_HACK
/*
 * If stop but zero session length AND no previous
 * session found, drop it as in invalid packet
 * This is to fix CISCO's aaa from filling our
 * table with bogus crap
 */
if ((pair = pairfind(request->packet->vps, 
PW_ACCT_SESSION_TIME)) != NULL)
acctsessiontime = pair->lvalue;

if ((acctsessiontime <= 0) && (acctstatustype == 
PW_STATUS_STOP)) {
radius_xlat(logstr, MAX_QUERY_LEN, "rlm_sql:  Stop 
packet with zero session length.  (user '
%{User-Name}', nas '%{NAS-IP-Address}')", request, NULL);
radlog(L_ERR, logstr);
sql_release_socket(inst, sqlsocket);
return RLM_MODULE_FAIL;
}
#endif


---
Kevin C. Miller <[EMAIL PROTECTED]>
Network Group
Carnegie Mellon University

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PAM and Huntgroups

[aland]

Paul Khavkine <[EMAIL PROTECTED]> wrote:
> I have the following design in mind:
> 
> 1) All authentication is done through PAM -> Krb5
> 2) All user info such as uis/gid is kept in NIS database
> 
> Now i cant seem to figure out how to do that (or even if it's possible) 
> with FreeRADIUS.

  NIS is a big nasty evil monster, so I haven't seen many applications
using it directly.

  And PAM only does username/password authentication, so it can't
return uid/etc information.

> I need to have huntgroups for different type service so users would 
> belong to a different unix group.

  I'm not sure what you mean by that.  Huntgroups are mostly NAS
based, not Unix group name based.

  Do you want to ensure that people logging into NAS 1 are in Unix
group A, and people logging into NAS 2 are in Unix group B?

> But since PAM have no idea about unix groups so i cant use Group = 
> "dialup" in users file when using PAM.

  That's a common problem with PAM.

> Is there any other way to implement huntgroups with PAM authentication ?

  Not really.  PAM does authentication, and nothing more.

  It *may* be possible to write an 'rlm_nis' module, but I don't know
what that would gain you over just using 'getgrnam'.  If you have NIS,
you can set /etc/nsswitch.conf to get the groups from NIS.

  So in that case, a NIS module for the server would only be saving
you one function call...

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin - fatal error ...

[Nicola Orru']

On Mon, 21 Jan 2002 19:05:14 +0200 (EET)
Kostas Kalevras <[EMAIL PROTECTED]> wrote:

> On Mon, 21 Jan 2002, Do-Risika RAFIEFERANTSIARONJY wrote:
> 
> >
> > Hi all,
> >
> > As it is referenced as a an interface php for freeradius
> > (http://sourceforge.net/projects/dialup-admin/), I think somebody here
> > use it.
> >
> > I have the fatal error below when I try to edit or create user, so I
> > want to ask if it is a bug or if there is something wrong in my config ?
> > (i'm using mysql in accounting)
> >
> > Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
> > allocate 11520 bytes) in
> > /usr/local/dialup_admin/lib/defaults.php3 on line 10

There must be an infinite loop somewhere...

> >
> > Here attached a copy of my admin.conf ...
> >
> > Thanx in advance,
> >
> > @+
> > --
> > DouRiX
> 
> Are you runing anything else on the machine? From the error message it seems
> that defaults.php3 tried to allocate just 11KB which is quite reasonable.
> I am not sure if the php memory_limit directive applies to a single page or to
> the whole php process.
> 
> --
> Kostas Kalevras   Network Operations Center
> [EMAIL PROTECTED]National Technical University of Athens, Greece
> Work Phone:   +30 10 7721861
> 'Go back to the shadow'   Gandalf
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


Nicola Orru'

ENERGIT
Via Efisio Melis, 26
09134 Cagliari - Italia
Tel. +39 070 7521 317  Fax +39 070 7521 51
www.energit.it

Energia  Telefonia  Servizi Internet  Sistemi di Gestione per le Aziende


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Stop queries

[Kostas Kalevras]

On Mon, 21 Jan 2002, Igor Chen wrote:

> Hi!
> Anyone uses cisco nas and freeradius?
> I think that freeradius sometimes drops Stop queries and user record in
> radacct is not updated then. (Is it really possible?). I happen's
> not often, but happens, i can not even figure out why :-\
> I asked our cisco dealer, they say that nas  always sends Stop queries,
> and problem is in my radius.  Our partners use patched
> cistron and cisco nas, and they have not expirienced such problem.
> I hope to get any advice...
>
> my configuration:
> cisco 3620 (30 modems), freeradius 0.3, postgresql 7.1
>
> --
> cron-ripe

Check your radius.log file if you get any messages like the following:

rlm_sql: All sockets are being used! Please increase the maximum number of
sockets!

If you do get this message try increasing the num_sql_socks directive in
sql.conf.
If you also do accounting in a detail file check if the stop packets for those
stale entries have been recorded there.
In any case the server will log whatever the nas sends it.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin - fatal error ...

[Kostas Kalevras]

On Mon, 21 Jan 2002, Do-Risika RAFIEFERANTSIARONJY wrote:

>
> Hi all,
>
> As it is referenced as a an interface php for freeradius
> (http://sourceforge.net/projects/dialup-admin/), I think somebody here
> use it.
>
> I have the fatal error below when I try to edit or create user, so I
> want to ask if it is a bug or if there is something wrong in my config ?
> (i'm using mysql in accounting)
>
> Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
> allocate 11520 bytes) in
> /usr/local/dialup_admin/lib/defaults.php3 on line 10
>
> Here attached a copy of my admin.conf ...
>
> Thanx in advance,
>
> @+
> --
> DouRiX

Are you runing anything else on the machine? From the error message it seems
that defaults.php3 tried to allocate just 11KB which is quite reasonable.
I am not sure if the php memory_limit directive applies to a single page or to
the whole php process.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Seg. Fault 0.4

[aland]

"Alex L. Demidov" <[EMAIL PROTECTED]> wrote:
> Same problem here. Try this patch.

  Applied, thanks.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Stop queries

[Igor Chen]

Hi!
Anyone uses cisco nas and freeradius?
I think that freeradius sometimes drops Stop queries and user record in
radacct is not updated then. (Is it really possible?). I happen's
not often, but happens, i can not even figure out why :-\
I asked our cisco dealer, they say that nas  always sends Stop queries,
and problem is in my radius.  Our partners use patched
cistron and cisco nas, and they have not expirienced such problem.
I hope to get any advice...

my configuration:
cisco 3620 (30 modems), freeradius 0.3, postgresql 7.1

-- 
cron-ripe


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: passwd

[aland]

Lee W <[EMAIL PROTECTED]> wrote:
> Thanks for the timely responces. I'm 100% up and running
> now. However I would like to have a separate password file, be it
> PAM or System. Do both methoeds only use the system passwd with no
> other options?

  I don't know about PAM, but rlm_unix has a 'passwd' configuration
directive, which tells it where to get the password file from.

  See 'radiusd.conf'

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

passwd

[Lee W]

Hi all,

Thanks for the timely responces. I'm 100% up and running now. However I would 
like to have a separate password file, be it PAM or System. Do both methoeds 
only use the system passwd with no other options?  



Lee





-- 
Lee Wolf
EMR Data Services
[EMAIL PROTECTED]
623-764-0870 cell
623-581-0842 voice
623-582-9499 fax

                 EMR Internet
           A Serious Internet Experience

**  56K Dial-up   **    DSL   **  Web-hosting  **
**  Co-location   **    T1s   **     ISDN      **
**  High-Speed Fiber Backbone ** Linux powered **
**   Custom Web Design  **   Site Development  **
**  Search Engine Placement & Web Consultation **
      Visit us at http://www.emr.net!    

Ask about our reseller programs!

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Seg. Fault 0.4

[Igor Karpov]

Thanks a lot! It's working whole day :)


On Sat, Jan 19, 2002 at 09:09:43PM +0300, Alex L. Demidov wrote:
> Same problem here. Try this patch.
> 
> --- src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c.origSat 
>Jan 19 21:00:39 2002
> +++ src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c Sat Jan 19 
>20:55:50 2002
> @@ -255,8 +255,8 @@
> pg_sock->num_fields = records;
>  
> if ((PQntuples(pg_sock->result) > 0) && (records > 0)) {
> -   pg_sock->row = (char **)rad_malloc(records*sizeof(char *)+1);
> -   memset(pg_sock->row, '\0', records*sizeof(char *)+1);
> +   pg_sock->row = (char **)rad_malloc((records+1)*sizeof(char *));
> +   memset(pg_sock->row, '\0', (records+1)*sizeof(char *));
>  
> for (i = 0; i < records; i++) {
> len = PQgetlength(pg_sock->result, pg_sock->cur_row, i);
> 
> 

-- 
Igor A. Karpovphone: +380(44)238-0624
Unix System Administrator   

  Has Hell frozen over yet?

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

dialup_admin - fatal error ...

[Do-Risika RAFIEFERANTSIARONJY]

Hi all,

As it is referenced as a an interface php for freeradius
(http://sourceforge.net/projects/dialup-admin/), I think somebody here
use it.

I have the fatal error below when I try to edit or create user, so I
want to ask if it is a bug or if there is something wrong in my config ?
(i'm using mysql in accounting)

Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
allocate 11520 bytes) in
/usr/local/dialup_admin/lib/defaults.php3 on line 10

Here attached a copy of my admin.conf ...

Thanx in advance,

@+
--
DouRiX

#
# it can be el (greek) or default
#
general_prefered_lang: el
general_prefered_lang_name: Greek
#
general_base_dir: /usr/local/dialup_admin
general_radiusd_base_dir: /usr
general_domain: tana.simicro.net
#
general_ldap_attrmap: %{general_radiusd_base_dir}/etc/raddb/ldap.attrmap
general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap
general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap
#
# it can be either ldap or sql
#
general_lib_type: sql
general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs
general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs
general_default_file: %{general_base_dir}/conf/default.vals
general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
#
# this information is used from the server check page
#
#general_test_account_login: test
#general_test_account_password: testpass
general_test_account_login: test
general_test_account_password: xx

#
# These are used as default values for the user test page
#
general_radius_server: localhost
general_radius_server_port: 1812
#
# sorry, single valued for now. Should become something like
# password[server-name]: x
#
general_radius_server_secret: testing123
general_auth_request_file: %{general_base_dir}/conf/auth.request
#
# can be one of crypt,md5,clear
#
general_encryption_method: crypt

nas1_name: nas1.%{general_domain}
nas1_model: Cisco 2511 access server
nas1_ip: 147.122.122.121
nas1_port_num: 16
nas1_community: public
nas2_name: nas2.%{general_domain}
nas2_model: Cisco 2511 access server
nas2_ip: 147.122.122.123
nas2_port_num: 16
nas2_community: public
nas3_name: nas3.%{general_domain}
nas3_model: Cisco 5300 access server
nas3_ip: 147.122.122.124
nas3_port_num: 210
nas3_community: public

ldap_server: ldap.%{general_domain}
ldap_base: dc=company,dc=com
ldap_binddn: cn=Directory Manager
ldap_bindpw: XXX
ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
ldap_default_dn: uid=default-dialup,%{ldap_base}
ldap_regular_profile_attr: dialupregularprofile

#
# can be one of mysql,pg where:
# mysq: MySQL database (port 3306)
# pg: PostgreSQL database (port 5432)
#
sql_type: mysql
sql_server: localhost
sql_port: 3306
sql_username: radiusadmin
sql_password: xx
sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
#
# true or false
#
sql_use_user_info_table: false
sql_password_attribute: Crypt-Password
sql_date_format: Y-m-d
sql_full_date_format: Y-m-d H:i:s
#
# Used in the accounting report generator so that we
# don't return too many results
#
sql_row_limit: 40

counter_default_daily: 14400
counter_default_weekly: 72000
counter_default_monthly: none

Simultaneous-Use don't work

[Алексей Кекин]

Hi.
We have got trouble with parameter Simultaneous-Use. It doesn't work when we
try to autorize user. Although parameter Login-Time works correctly.
I use FreeRadius 0.4 + PostgreSQL

table radgroupcheck:
+---+---+---+---+--+
|id |GroupName |Attribute  |Value  |op|
+---+---+---+---+--+
|1 |DEFAULT |Simultaneous-Use |1  |:=|
|2 |night  |Login-Time  |Any2100-0800 |:=|
+---+---+---+---+--+

radiusd.conf
BEGIN-
authenticate {
 sql
}
authorize {
sql
files
}
preacct {
files
preprocess
}
accounting {
detail
unix
radutmp
sql
}
session {
radutmp
}
END---




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html