HELP

[Troy Davis]

Ok I have tried all these below to try and get timeonline to work
Login-Time = "Wk0800-1700,Sa,Su"
Login-Time = "Wk0800-1700,Sa,Su",
Login-Time = Wk0800-1700,Sa,Su
Login-Time = Wk0800-1700,Sa,Su,

the error I get is 
/etc/raddb/users[279]: Parse error (reply) for entry foxcreek

The radius is
RADIUS version cistron-1.5.4.3-beta17 27-Apr-1999
Compilation flags:  ATTRIB_NMC linux

Thanks for any help
Troy


COMSTECH SYSTEMS  ICQ 6083429
Shop 5 Old Coach Village [EMAIL PROTECTED]
Aldinga Bch   http://www.comstech.com
*** Tel 85 577-777  Mob 0417 873 506***
*** Internet and Computer - Support and Training ***
** Hardware Sales & Upgrades **
-



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Which program is responsible for kicking users out....?

[Graham Fountain]

At the time of connection, radius tells the NAS (portslave in your case),
the maximum length of the session, by the Session_Timeout parameter.  Simply
set up your radius so that one of the attributes is:
Session_Timeout=
where  is the number of seconds the session can last for.  This is the
last that radius has to do with the disconnection, the NAS then remembers
the parameter and disconnects the call after the appropriate number of
seconds.
Radius can't do any disconnection control EXCEPT at the time of the
connection by reporting the attribute to the NAS.  ie, if you don't specify
a Session_Timeout in your reply attributes, the radius server can't cause
the user to be kicked.

- Original Message -
From: "Peter Santiago" <[EMAIL PROTECTED]>
To: "Freeradius-Users@Lists. Cistron. Nl"
<[EMAIL PROTECTED]>
Sent: Wednesday, February 13, 2002 12:14 PM
Subject: Which program is responsible for kicking users out?


> Another question... which or what program is responsbile for disconnecting
> users once their available online time is used  up?  I'm using portslave..
> Thanks
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [fradius] Re: UUNET VIP Configuration

[R P Herrold]

On Tue, 12 Feb 2002, Eric Dean wrote:

> Does BWing require the VSA or old X-Ascend style?

> > Herrold:
> > Broadwing does, and mandated (for anti-UCE purposes) just such
> > a set of attributes effective January 7 this year; While it

I have elided the customer's C class info ... I believe this 
is called the old style extended attributes, but I am away 
from my paper notes.  I do not have an electronic copy of 
their advisory at hand.

#
DEFAULT Framed-Protocol = PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP,
Ascend-Send-Auth=Send-Auth-PAP,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip xxx.yyy.zzz.0/24",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in forward"
#
#   RPH 011228 -- added per Broadwing for mail anti-spam
#

-

-- Russ Herrold



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: [fradius] Re: UUNET VIP Configuration

[David Woolley]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At OzEmail were tested sucessfully the following on the UUNET DAN.

Ascend-Data-Filter = "ip in  forward dstip 203.2.192.0/24 tcp dstport
= smtp"
Ascend-Data-Filter = "ip in drop tcp dstport = smtp"
Ascend-Data-Filter = "ip in forward"



> -Original Message-
> From: Eric Dean [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 13 February 2002 15:14
> To: [EMAIL PROTECTED]
> Subject: Re: [fradius] Re: UUNET VIP Configuration
> 
> 
> 
> Does BWing require the VSA or old X-Ascend style?
> 
> On Tue, 12 Feb 2002, R P Herrold wrote:
> 
> > On Tue, 12 Feb 2002, Eric Dean wrote:
> > 
> > > UUNET does not support Ascend VSAs...and neither do any 
> other commercial
> > > carriers to my knowledge.  I add the following in a user
> > > profile.  
> > > 
> > > X-Ascend-Data-Filter += "ip in forward tcp est",
> > > X-Ascend-Data-Filter += "ip in forward dstip
> > > 10.1.1.0/24", 
> > > X-Ascend-Data-Filter += "ip in drop tcp dstport = 25",
> > > X-Ascend-Data-Filter += "ip in forward"
> > 
> > Broadwing does, and mandated (for anti-UCE purposes) just such
> > a set of attributes effective January 7 this year; While it
> > may be heresy to say it here, I applied one of the unofficial
> > patches, revised teh .spec file, and rebuilt a custom SRPM and
> > RPM Cistron RADIUS, which I am using on a production basis.
> > 
> > The files, which I just rebuilt on a 'patched to current' Red 
> > Hat 7.2 host, are at:
> > 
> > ftp://ftp.owlriver.com/pub/local/ORC/radius
> > 
> > -- Russ Herrold
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> > 
> 
> Eric Dean
> President, Crystal Ball Inc.
> W 703-322-8000
> F 703-322-8010 
> M 703-597-6921 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.3 for non-commercial use 

iQA/AwUBPGlfDWfDS3MHDXAcEQKHWQCglXUe59SuPh7OM+u56suhWfTOiWIAoOkZ
4vww79RoXyWpqofq42Axxd7F
=VZPS
-END PGP SIGNATURE-

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [fradius] Re: UUNET VIP Configuration

[Eric Dean]

Does BWing require the VSA or old X-Ascend style?

On Tue, 12 Feb 2002, R P Herrold wrote:

> On Tue, 12 Feb 2002, Eric Dean wrote:
> 
> > UUNET does not support Ascend VSAs...and neither do any other commercial
> > carriers to my knowledge.  I add the following in a user profile.
> > 
> > X-Ascend-Data-Filter += "ip in forward tcp est",
> > X-Ascend-Data-Filter += "ip in forward dstip 10.1.1.0/24",
> > X-Ascend-Data-Filter += "ip in drop tcp dstport = 25",
> > X-Ascend-Data-Filter += "ip in forward"
> 
> Broadwing does, and mandated (for anti-UCE purposes) just such
> a set of attributes effective January 7 this year; While it
> may be heresy to say it here, I applied one of the unofficial
> patches, revised teh .spec file, and rebuilt a custom SRPM and
> RPM Cistron RADIUS, which I am using on a production basis.
> 
> The files, which I just rebuilt on a 'patched to current' Red 
> Hat 7.2 host, are at:
> 
> ftp://ftp.owlriver.com/pub/local/ORC/radius
> 
> -- Russ Herrold
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

Eric Dean
President, Crystal Ball Inc.
W 703-322-8000
F 703-322-8010 
M 703-597-6921 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [fradius] Re: UUNET VIP Configuration

[R P Herrold]

On Tue, 12 Feb 2002, Eric Dean wrote:

> UUNET does not support Ascend VSAs...and neither do any other commercial
> carriers to my knowledge.  I add the following in a user profile.
> 
> X-Ascend-Data-Filter += "ip in forward tcp est",
> X-Ascend-Data-Filter += "ip in forward dstip 10.1.1.0/24",
> X-Ascend-Data-Filter += "ip in drop tcp dstport = 25",
> X-Ascend-Data-Filter += "ip in forward"

Broadwing does, and mandated (for anti-UCE purposes) just such
a set of attributes effective January 7 this year; While it
may be heresy to say it here, I applied one of the unofficial
patches, revised teh .spec file, and rebuilt a custom SRPM and
RPM Cistron RADIUS, which I am using on a production basis.

The files, which I just rebuilt on a 'patched to current' Red 
Hat 7.2 host, are at:

ftp://ftp.owlriver.com/pub/local/ORC/radius

-- Russ Herrold


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: UUNET VIP Configuration

[Eric Dean]

UUNET does not support Ascend VSAs...and neither do any other commercial
carriers to my knowledge.  I add the following in a user profile.

X-Ascend-Data-Filter += "ip in forward tcp est",
X-Ascend-Data-Filter += "ip in forward dstip 10.1.1.0/24",
X-Ascend-Data-Filter += "ip in drop tcp dstport = 25",
X-Ascend-Data-Filter += "ip in forward"


On Tue, 12 Feb 2002, Net Admin wrote:

> Freeradius 0.4
> 
> We have been trying to establish a radius connection with UUNET VIP services for a 
>few weeks now and just can't seem to get the Ascend Filters to work.
> 
> Could someone using UUNET VIP with Freeradius 0.4 on this list e-mail me their 
>radius config files so that I can compare them to mine to see what I am doing wrong.  
>We are using straight system authentication.
> 
> Thanks in advance to anyone that can help!
> 
> Tom
> [EMAIL PROTECTED]
> 
> 
> 

Eric Dean
President, Crystal Ball Inc.
W 703-322-8000
F 703-322-8010 
M 703-597-6921 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Fix for consideration: re: checkrad timeout

[scott.list]

I rarely get a chance to contibute, and may get shot down here, but I think
I have a fix for implementation. The script I debugged to fix was from
Cistron 1.6.6.  I had tried the current freeradius version of checkrad with
the same (not working) result.  Therefore I am assuming (without
verification) this problem is the same on both checkrad scripts.  My
apologies
for the static if that's not the case.

The "fix" to the timeout errors was found.  I added a ton of debug
statements to checkrad and found that even though I had the password in the
naspassword file, and the checkrad script picked it up, it still forced a
"public" community string.  My strings are not "public" and thus the script
failed.

My $login was SNMP (as that's what the directions I read carefully like a
good boy said to make it in the naspasswd file)

The problem comes starting with the if at line 322
   if ($login && $login ne 'SNMP') {

I test true for $login and false for login ne SNMP.  That causes me
to go to line  328 which is just else followed by $pass="public"  which is
not what should happen.

I think line 328, if meant to be a default if someone messed up and didn't
put SNMP, should read:

   } elsif ( $login ne 'SNMP') {

And that way if you do use SNMP as instructed, the $pass variable remains
what was read from the naspassword file, not "public".

Anyway, this fixes it for me.  Hope this helps someone else.

Scott






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Which program is responsible for kicking users out....?

[Peter Santiago]

Another question... which or what program is responsbile for disconnecting
users once their available online time is used  up?  I'm using portslave..
Thanks


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Diff time

[horape]

Use standard session time. 

On Tue, Feb 12, 2002 at 05:48:24PM -0500, Gus Rios wrote:
> hello,
> I'm working with cisco 5300 and  i want to get the difference beetween the 
> start time (h323-connect-time) and the stop time (h323-disconnect-time) at 
> the same time i get the stop time...
> is this a parameter sent by cisco?  or i have to do it manually...
> 
> regards.
> 
> _
> Con MSN Hotmail súmese al servicio de correo electrónico más grande del 
> mundo. http://www.hotmail.com/ES
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

-- 
HoraPe
---
Horacio J. Peña
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: Is their a way to check for a suspended account?

[Galileo]

> Session_Timeout figure of 1 second - user connects and before they get a
> chance to do anything they are disconnected.  I also use the same principle
> of controlling the Session_Timeout parameter for my prepaid users.  When
> they run out of time, the Session_timout becomes 1 second and they are
> disconnected instantly.  Postgresql TRIGGER commands take care of
> subtracting the time remaining each time a customer disconnects.  Works a
> peach.

Could you send your conf files to the list or to me directly ?

An explanation of how you implemented   Postgresql triger commands
would be useful if I'm not asking to much.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

attributes based on NAS

[Matthew Schumacher]

Hello all,

Is it possible to configure freeradius to serve different attributes 
based on which NAS is asking to authenticate?  I want to make DSL and 
Dialup static addresses not conflict with each other.

I am using ldap so I would need the same radius server to return 
(ldap)dialupaddress as Framed-IP-Address and (ldap)dsladdress as 
Framed-IP-Address depending on the NAS IP.

I know I can do this with two radius servers, but I would prefer not to 
have a separate radius server for each service.

Thanks,

schu
-- 
__
Matthew Schumacher  [EMAIL PROTECTED]
Alaska Power and Telephone  desk: 907-563-2199 x223
Systems Administrator   cell: 907-240-2275


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: okeeffe.bestweb.net re-sending all freeradius posts back to list

[Miquel van Smoorenburg]

In article <[EMAIL PROTECTED]>,
dan kelley  <[EMAIL PROTECTED]> wrote:
>okeeffe.bestweb.net is re-sending every message that's been sent to this
>list in the last week or so.  Is there any way that this address can be
>blocked until they fix thr problem?

Has already been done, see my other message. They didn't do this
to just the freeradius-users list, btw - NANOG and postfix lists
were also victims.

Mike.
-- 
Computers are useless, they only give answers. --Pablo Picasso


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Diff time

[Gus Rios]

hello,
I'm working with cisco 5300 and  i want to get the difference beetween the 
start time (h323-connect-time) and the stop time (h323-disconnect-time) at 
the same time i get the stop time...
is this a parameter sent by cisco?  or i have to do it manually...

regards.

_
Con MSN Hotmail súmese al servicio de correo electrónico más grande del 
mundo. http://www.hotmail.com/ES


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

checkrad timeout

[scott.list]

Hi guys:

I'm having trouble getting checkrad to work.  Can someone advise?

I have the nas in the naslist with it's appropriate fields.  I left it
out of naspaswswd per the instr since I'm using snmp

naslist:
# NAS Name  Short Name  Type
#   --  
xx.xx.xx.8 nas8  cisco
DEFAULT default other

>From a box where I currently gather information via snmpget I try to
execute checkrad.pl:

[root@my5 src]# ./checkrad.pl -d cisco xx.xx.xx.8 229 booboo 020A03E5
Timeout: No Response from xx.xx.xx.8.
  user at port S229:
   Returning 0 (login ok)

During the above I capture the following debug snmp from the cicso
box:

Feb 12 14:40:34.838 CST: SNMP: Packet received via UDP from xx.xx.xx.5
on FastEthernet0/0
Feb 12 14:40:35.842 CST: SNMP: Packet received via UDP from xx.xx.xx.5
on FastEthernet0/0
Feb 12 14:40:36.854 CST: SNMP: Packet received via UDP from xx.xx.xx.5
on FastEthernet0/0
Feb 12 14:40:37.862 CST: SNMP: Packet received via UDP from xx.xx.xx.5
on FastEthernet0/0
Feb 12 14:40:38.874 CST: SNMP: Packet received via UDP from xx.xx.xx.5
on FastEthernet0/0
Feb 12 14:40:39.882 CST: SNMP: Packet received via UDP from xx.xx.xx.5
on FastEthernet0/0

I can do a plain snmpget:

[root@my5 src]# snmpwalk nas8 notpublic
.1.3.6.1.4.1.9.9.163.1.2.3.1.9.363634 -m ALL -Os

cctActiveUserId.363634 = booboo

I also have mrtg installed and working on this box and it also
sucessfully polls this cisco box.


Can anyone help me fix the timeout problem?

Thanks!
Scott



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

UUNET VIP Configuration

[Net Admin]

Freeradius 0.4
 
We have been trying to establish a radius 
connection with UUNET VIP services for a few weeks now and just can't seem to 
get the Ascend Filters to work.
 
Could someone using UUNET VIP with Freeradius 0.4 
on this list e-mail me their radius config files so that I can compare them to 
mine to see what I am doing wrong.  We are using straight system 
authentication.
 
Thanks in advance to anyone that can 
help!
 
Tom
[EMAIL PROTECTED]
 
 

Re: LDAP Authentication

[Kostas Kalevras]

On Tue, 12 Feb 2002, Steve Tolman wrote:

> I have the latest CVS Snapshot installed and running using Netscape LDAP
> for authentication. My users are grouped in LDAP into 4 major groups. Is
> there a way in FreeRadius to control access based on the different
> groups configured in LDAP? If so where is this configuration done? I
> have been able to make this work using the radiusd.conf file using the
> "access-group", but this only allows control of one group.  Any help
> would be greatly appreciated.
>
> Steve
>

Could you give us an example of what you want to do?
One thing you can do is do checks for ldap group membership in the users file.
Something like:

DEFAULT Group == "nodialup", Auth-Type := Reject
DEFAULT Group == "goin", Auth-Type := Accept
DEFAULT Group == "big-customers", Max-Daily-Session := 36000

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [List-Error] Doubled up messages..

[Vincent_Giovannone]

Yeah, I'm having that problem with the list also.  (receiving double messages all of a sudden.)  Although, as I write this, it _seems_ to have stopped.  seems.  :)

Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

"Monday" is the term used to signify the eighth day of my work week.








Matthew Wallis <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/11/02 08:49 PM
Please respond to freeradius-users

        
        To:        [EMAIL PROTECTED]
        cc:        
        Subject:        [List-Error] Doubled up messages..


Is it just me, or have a few people been recieving copies of old mail?

I've recieved a second copy of Alan's reply to the Windows XP PPPoE
client bug, and various other freeradius emails in the last 10 minutes.

I'm on half a dozen mailing lists, and I'm only getting freeradius-users
a second time.

Matt.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: postgreSQL

[Igor Chen]

Yep, i use freeradius 0.4 (snapshot) and postgresql. Need an sql.conf? or
what?

On Mon, 11 Feb 2002, vladimir ezcurra wrote:

> Someone know somethink about this matter:
>
> Freeradius using postgreSQL (Configuration)
>
> Vlad
>
>
>
> __
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-- 
cron-ripe


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

LDAP Authentication

[Steve Tolman]

I have the latest CVS Snapshot installed and running using Netscape LDAP 
for authentication. My users are grouped in LDAP into 4 major groups. Is 
there a way in FreeRadius to control access based on the different 
groups configured in LDAP? If so where is this configuration done? I 
have been able to make this work using the radiusd.conf file using the 
"access-group", but this only allows control of one group.  Any help 
would be greatly appreciated.

Steve




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unsubscribe

[Vijay Akasapu]

Please unsubscribe me.

thanks.



_
Chat with friends online, try MSN Messenger: http://messenger.msn.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius detail log question

[Peter Santiago]

This is taken from the detail log file...  I have already set the
MAX-DAILY-SESSION variable in the users file
syntax :  DEFAULT Max-Daily-Session := 3600

How come that variable is not seen in this log?

Tue Feb 12 12:38:26 2002
Acct-Status-Type = Start
User-Name = "peter.santiago"
NAS-IP-Address = 10.0.0.1
NAS-Port = 100
NAS-Port-Type = Async
Connect-Info = "115200"
Acct-Session-Id = "3C689BC61777"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 10.0.0.150
Framed-Compression = Van-Jacobson-TCP-IP
Acct-Delay-Time = 0
Client-IP-Address = 192.168.1.1
Timestamp = 1013488728


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius detail log question

[Alan DeKok]

"Peter Santiago" <[EMAIL PROTECTED]> wrote:
> This is taken from the detail log file...  I have already set the
> MAX-DAILY-SESSION variable in the users file
> syntax :  DEFAULT Max-Daily-Session := 3600
> 
> How come that variable is not seen in this log?

  Because it's not actually added to the request.  It's value is
discovered through a callback, which means that you don't need
'counter' in the 'authorize' section, and it will still work.

  If you care, you can submit a patch to the module, which adds the
current value of the counter attribute to the request.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ADMIN: somebody reinjecting old messages.

[Miquel van Smoorenburg]

>In article <[EMAIL PROTECTED]>,
>Alan DeKok <[EMAIL PROTECTED]> wrote:

No he didn't - somebody is reinjecting old messages with a new
message-id and new Received: headers back into the list.

I've mailed the admins and blocked the machine that is doing that.
Unfortunately already 200 messages have been re-injected .. lusers ..

Mike.
-- 
Computers are useless, they only give answers. --Pablo Picasso


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using PAM to auth to FR w/ mysql?

[Alan DeKok]

"Michael Letchworth" <[EMAIL PROTECTED]> wrote:
> Correct me if I an wrong but doesn't PAM return the same information
> like UID,GID, shell and home directory that the getpasswd does?

  No.  PAM doesn't do that.  It's impossible.  PAM only does
username/password authentication.

  You'll need to use something other than PAM.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Alan DeKok]

[EMAIL PROTECTED] (Rainer Clasen) wrote:
> And BTW, this list is far better than most commercial support I had to
> struggle with.

  There's a reason for that.  The biggest one is that commercial
"support" usually doesn't include a "users" list, where everyone helps
everyone else.  Even if there WAS such a list, no one would have
incentive to use it.

  Also, most "support" involves people who have little or no
understanding of how things work.  They've been given a sheet of
questions with answers, and they read the answers to the questions.
If something isn't on the sheet, it takes them days to contact
engineering, to find an answer.

  And the engineers aren't allowed to talk to customers, because then
the truth about the products would get out. :)


  With free software, the people writing the software are also usually
doing the front-line support.  This means you get answers quickly, and
that they're usually the correct answers.

  It also means that the answers may not be phrased in a corporate
politically correct way to kiss up to the customer.  But that's life.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

okeeffe.bestweb.net re-sending all freeradius posts back to list

[dan kelley]

Hi-

okeeffe.bestweb.net is re-sending every message that's been sent to this
list in the last week or so.  Is there any way that this address can be
blocked until they fix thr problem?

Thanks-

Dan


-- Forwarded message --
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 21194 invoked by uid 1006); 12 Feb 2002 13:18:09 -
Received: from [EMAIL PROTECTED] by mx1.gc.ny.otec.com
 by uid 1003 with qmail-scanner-1.10 (avpdaemon. Clear:0. Processed
in 0.179725 secs); 12 Feb 2002 13:18:09 -
Received: from unknown (HELO smtp2.cistron.nl) (195.64.68.41)
  by mx1.hq.ny.otec.com with SMTP; 12 Feb 2002 13:18:09 -
Received: from localhost ([127.0.0.1] helo=lwaxana.cistron.net)
by smtp2.cistron.nl with esmtp (Exim 3.12 #1 (Debian))
id 16aboD-0003AG-00; Tue, 12 Feb 2002 13:13:17 +0100
Received: from newman2.bestweb.net ([209.94.102.67])
by smtp2.cistron.nl with esmtp (Exim 3.12 #1 (Debian))
id 16aSKi-0002ep-00
for <[EMAIL PROTECTED]>; Tue, 12 Feb 2002 03:06:12 +0100
Received: from okeeffe.bestweb.net (okeefe.bestweb.net [209.94.100.110])
by newman2.bestweb.net (Postfix) with ESMTP id 02AD22328A
for <[EMAIL PROTECTED]>; Mon, 11 Feb 2002 21:06:26 -0500 (EST)
Received: by okeeffe.bestweb.net (Postfix, from userid 0)
id AB0599EF01; Mon, 11 Feb 2002 21:04:53 -0500 (EST)
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Freeradius and RSA SecurID
Date: Mon, 11 Feb 2002 16:31:51 -0500
Message-Id: <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0beta5
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
List-Id: FreeRadius users mailing list 

Cleo <[EMAIL PROTECTED]> wrote:
> You guys are very responsive. This is one of the most
> instructive mailing list.

  That's nice to hear.

  Many of my posts are responsive because I'm waiting for a 5-minute
job to finish in another window, and I can fire off a quick reply.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Using PAM to auth to FR w/ mysql?

[Michael Letchworth]

I'm still trying to figure out all the possibilities about how I can use
freeradius on our system? Is it possible or even a good idea to 
configure a system like the following?
 
I want to have the users (10,000) in the radius server running mysql
and not /etc/passwd file except for the system users. I was hoping that
I could use pam so the users can authenticate for other program
like proftpd or qmail etc. I'm not sure if it would be possible to enforce
disk quotas and each user still having a unique UID number.

Correct me if I an wrong but doesn't PAM return the same information
like UID,GID, shell and home directory that the getpasswd does?

Michael Letchworth


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Is their a way to check for a suspended account?

[Do-Risika RAFIEFERANTSIARONJY]

Michael Letchworth wrote:
> 
> I'm trying to figure if their is a field for checking a suspended account?

if you try the Expiration attribute ? you just pull it out when you
reactivate the account ...

@+
--
DouRiX

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

me- unsubscribe

[Supriya]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

bug: no default auth port

[Rainer Clasen]

Hello,

if you specify the port in radiusd.conf as 0, the auth port is set after
the configs were read. But while reading the realms file, it is already
used as default.

You end up with 0 as the auth port for those entries without a :.

And even more anoying: There is only a debug message, when radiusd is
run with -xx.

Rainer

-- 
KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0  B0E1 0556 E25A 7599 75BD

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: UTF-8

[Alan DeKok]

Raghu Seshadri <[EMAIL PROTECTED]> wrote:
> Hi, does FreeRadius support usernames encoded in UTF-8 ?

  No.

> I would like usernames such as j=F6rg and har=E4ld to be
> authenticated. If yes, which version of FreeRadius should I =
> download ?

  If you can type the binary characters into a string, then the server
can send them in a packet, or look at them from a packet.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Alan DeKok]

"Tim Monaghan" <[EMAIL PROTECTED]> wrote:
> And another thing, I wouldnt mind helping in a documentation effort,
> if one is underway, Im kinda dumb about radius at the moment, but Im
> getting a crash course, and I think a good set of docs would not
> exactly require experts on the case. Is there anything underway at
> the moment?

  Follow the instructions on the web page for doing an anonymous CVS
checkout from cvs.freeradius.org, but check out 'manual' instead of
'radiusd'.

  It's the current in-progess version of the manual.  It could use a
LOT of work.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unsubscribe

[Supriya]

its blocking my account,plz unsubscribe me, 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[List-Error] Doubled up messages..

[Matthew Wallis]

Is it just me, or have a few people been recieving copies of old mail?

I've recieved a second copy of Alan's reply to the Windows XP PPPoE
client bug, and various other freeradius emails in the last 10 minutes.

I'm on half a dozen mailing lists, and I'm only getting freeradius-users
a second time.

Matt.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)

[vladimir ezcurra]

It is a good question, I could like to know
how to configure the freeradius using postgreSQL?

Vlad

__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Simultaneous Use not working

[Graham @ LEC Dalby]

No, I'm not using realms.  It is just the straight username / password.

checkrad isn't even getting called.  If i run checkrad manually it gives the
results you would expect, but radiusd isn't running it at all - ever.

- Original Message -
From: "Randy Moore" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 11, 2002 2:15 PM
Subject: Re: Simultaneous Use not working


> Are you using realms?  If so, you'll need to get a current CVS
> snapshot.  Even v 0.4 will not work. (radutmp stores the username with the
> realm stripped, but the checksimul routine looks for usernames without the
> realm stripped).
>
> There are *lots* of fixes to the SQL handling code, even since v 0.4.  I'd
> recommend setting up a test server with the latest CVS to see if it works
> for you.
>
> At 12:31 PM 2/11/2002 +1000, you wrote:
> >Simultaneous Use is not working for me.  The checkrad script works fine
when
> >I call it manually, but it is never executed by radius.  I have turned
> >debugging on in checkrad - but the script is never executed.  running
> >radiusd -xx does not give any indication that it is trying to call
checkrad
> >or that it is doing anything about the Simultaneous Use.  I am using
> >Freeradius 0.3 (had such a time getting it running smoothly with my
> >PostgreSQL database, other than simultaneous use, that i'm too scared to
try
> >0.4).  I have read all of the doc's about simultaneous use, as well as
> >followed the instructions given in one of the archived posts.  However in
> >that post, it doesn't look like the person having the problem got it
sorted
> >out either.  What am I doing wrong?
> >
> >In my users file I have:
> >
> >DEFAULT Auth-Type := System, Simultaneous-Use :=1
> > Fall-Through = 1
> >
> >in radiusd.conf I have
> >authorize {
> > preprocess
> >#   counter
> >#   attr_filter
> > suffix
> > sql
> > files
> >}
> >authenticate {
> > unix
> >}
> >preacct {
> > suffix
> > files
> > preprocess
> >}
> >
> >accounting {
> >#   acct_unique
> > detail
> >#   counter
> > unix
> > sql
> > radutmp
> >#   sradutmp
> >}
> >
> >session {
> > radutmp
> >}
> >
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
> Randy Moore
> Axion Information Technologies, Inc.
>
> email [EMAIL PROTECTED]
> phone   301-408-1200
> fax301-445-3947
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Access Reject

[Thomas Jalsovsky]

Hello

I would like to send an Access reject packet to NAS when the 
User-Name and User-Password fields match (successfull auth.)
I want to do that with DB, but I don't know what and where I have to put.
Could anybody tell me?

I tryed put to radgroupreply:
mygroup | Auth-Type | Reject

But it still returns Access accept and the sw in the NAS requires Access 
reject.

Thanks,
Thomas




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius with 802.1x

[Nick]

I am trying to configure FreeRaduis to work with 802.1x LEAP/CISCO 350
Access Point and CISCO 350 card. Has anyone been able to get this working?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

problem with DEFAULT realm

[Rainer Clasen]

Hello,

during my tests of Freeradius, I found a tiny annoyance when all servers
for a realm are marked "dead":

Although there are entries with an exact match (but marked dead), the
DEFAULT entry is used. 

This is anoying when the DEFAULT entry points to a GRIC Radius server.

Well, on the other hand I could imagine this being useful in certain
cases so I'm not shure if this is a bug or a feature. 

Is there a need for a general, configurable solution or am I up to
hacking this up myself?


Rainer

-- 
KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0  B0E1 0556 E25A 7599 75BD

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: port 25 filtering

[Miquel van Smoorenburg]

In article <010701c1b0c3$1b92c780$[EMAIL PROTECTED]>,
John Singewald <[EMAIL PROTECTED]> wrote:
>We are authenticating modem pools using cistron 1.6.

Wrong list - this is not the cistron radius mailinglist.

>Can someone give advise
>on how to set up a filter to limit  port 25 relaying to one particular
>server.

You define the filter on the NAS in a NAS specific way. Then you
can send the "Framed-Filter-Id" along in authentication ack packets
on the radius server side

Mike.
-- 
Computers are useless, they only give answers. --Pablo Picasso


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Login-Time

[Troy]

Can some please give me the correct syntax for this statement on cistron
radius
Is it ?
Login-Time = "Wk0800-1700,Sa,Su"
And where should it go, IE straight under the username password line?

Also if I put
DEFAULT Simultaneous-Use = 1
  Fall-Through = 1

at the top of my users file will this stop simultaneous use, yes perl is
installed.
Do I need to have the Fall - Through = 1 in there


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Simultaneous Use not working

[Graham @ LEC Dalby]

Simultaneous Use is not working for me.  The checkrad script works fine when
I call it manually, but it is never executed by radius.  I have turned
debugging on in checkrad - but the script is never executed.  running
radiusd -xx does not give any indication that it is trying to call checkrad
or that it is doing anything about the Simultaneous Use.  I am using
Freeradius 0.3 (had such a time getting it running smoothly with my
PostgreSQL database, other than simultaneous use, that i'm too scared to try
0.4).  I have read all of the doc's about simultaneous use, as well as
followed the instructions given in one of the archived posts.  However in
that post, it doesn't look like the person having the problem got it sorted
out either.  What am I doing wrong?

In my users file I have:

DEFAULT Auth-Type := System, Simultaneous-Use :=1
Fall-Through = 1

in radiusd.conf I have
authorize {
preprocess
#   counter
#   attr_filter
suffix
sql
files
}
authenticate {
unix
}
preacct {
suffix
files
preprocess
}

accounting {
#   acct_unique
detail
#   counter
unix
sql
radutmp
#   sradutmp
}

session {
radutmp
}



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: more inof on accounting stop query

[Randy Moore]

Hello,

Look for the following line in src/modules/rlm_sql/conf.h and comment it 
out, then recomplie freeradius.

#define CISCO_ACCOUNTING_HACK

It sounds like you would prefer to keep data in STOP packets with zero 
session length.


At 05:23 PM 2/7/2002 -0500, you wrote:
>Can someone help?
>This is what I got from the debug mode:
>
>modcall: entering group accounting
>rlm_sql: Reserving sql socket id: 4
>radius_xlat:  'rlm_sql:  Stop packet with zero session length.  (user
>'8111233409', nas '219.200.106.135')'
>rlm_sql:  Stop packet with zero session length.  (user '8111233409', nas
>'219.200.106.135')
>rlm_sql: Released sql socket id: 4
>   modcall[accounting]: module "sql" returns fail
>modcall: group accounting returns fail
>
>
>
>
>
>-Original Message-
>From: J.E. Wu [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, February 07, 2002 3:38 PM
>To: '[EMAIL PROTECTED]'
>Subject: accounting stop query
>
>
>I have accounting_stop_query set up to capture the on-line duration for each
>user, thus deduct dollar amount according to the corresponding rates, the
>problem is, when the user uses up the time and was disconnected forcefully,
>the accounting_stop_query is not doing anything, even it receives the
>accounting stop packets. Any thought?
>
>Thanks,
>
>J.E.
>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Randy Moore
Axion Information Technologies, Inc.

email [EMAIL PROTECTED]
phone   301-408-1200
fax301-445-3947


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

R: Always on "rlm_sql: Could not link driver rlm_sql_mysql"

[Maurice Foschiatti]

You was right.

 I' have no shared versions of mysql libraries. Where can i find them ?
I've tried to recompilig mysql, but the only library that i'have, are:
drwxr-xr-x  15 root mysql512 Feb  7 11:23 ..
-rw-r--r--   1 mysqlmysql  15054 Jan  3 09:43 libdbug.a
-rw-r--r--   1 mysqlmysql 767672 Jan  3 09:43 libmygcc.a
-rw-r--r--   1 mysqlmysql 304428 Jan  3 09:43 libmysqlclient.a
-rw-r--r--   1 mysqlmysql 121444 Jan  3 09:43 libmystrings.a
-rw-r--r--   1 mysqlmysql 217310 Jan  3 09:43 libmysys.a


maurice
> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok
> Inviato: mercoled=EC 6 febbraio 2002 18.23
> A: [EMAIL PROTECTED]
> Oggetto: Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql"
>
>
> "Maurice Foschiatti" <[EMAIL PROTECTED]> wrote:
> >   We have tried to install FreeRadius 0.4 on ur server Sun
> (Solaris 8.0),
> > with MySQL as our RDBM (it is installed on /usr/local/mysql,
> the libraies
> > are on /usr/local/mysql/lib and /usr/local/mysql/include). It
> works on the
> > 'text version', but when we tried to work with mysql it return
> the 'usual
> > error':
>
>   Do you have the *shared* versions of the mysql libraries installed?
>
>   If all else fails, do:
>
> ./configure --disable-shared
>
>   and you will avoid the problem.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Cleo]

You guys are very responsive. This is one of the most 
instructive mailing list.

Best.

Cleo 
--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> Cleo <[EMAIL PROTECTED]> wrote:
> > Can I configure Free radius to us securID?
> 
>   Nope.
> 
>   But you can use 'exec-program' to fork an external
> script to do the
> authentication.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


=
=
Cleophas Toe, CISSP | Phone:650-980-3686 
Sr. Info. Security Officer  | Cell: 510-858-9700 
Yodlee, Inc | www.Yodlee.com 
=

__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Rainer Clasen]

Alan DeKok wrote:
> Cleo <[EMAIL PROTECTED]> wrote:
> > You guys are very responsive. This is one of the most 
> > instructive mailing list.
> 
>   That's nice to hear.

jepp, I have to agree.

And BTW, this list is far better than most commercial support I had to
struggle with.


Rainer

-- 
KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0  B0E1 0556 E25A 7599 75BD

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem with DEFAULT realm

[Chris Parker]

At 07:00 PM 2/11/2002 +0100, Rainer Clasen wrote:
>Hello,
>
>during my tests of Freeradius, I found a tiny annoyance when all servers
>for a realm are marked "dead":
>
>Although there are entries with an exact match (but marked dead), the
>DEFAULT entry is used.
>
>This is anoying when the DEFAULT entry points to a GRIC Radius server.
>
>Well, on the other hand I could imagine this being useful in certain
>cases so I'm not shure if this is a bug or a feature.

At some point, if all the servers for a realm are marked 'dead' they
should all be re-initialized and reattempted.  However, as you note,
it may be desired, so perhaps making it configurable is not a bad
option.

>Is there a need for a general, configurable solution or am I up to
>hacking this up myself?

Realm/proxy failover is still a newer feature.  You're probably best
off making changes to get it doing what you want, and posting a patch.
That will likely spark off some additional patches/work, as well.

Allowing for round-robin and failover as configurable options would be
good.  It currently only does failover ( and as you've noted, not
perfectly ).

Any additions/patches/etc would certainly be welcomed.  :)

-Chris
--
\\\|||///  \  Chris Parker-Manager, Development Engineering
\ ~   ~ /   \   WX *is* Wireless!\   [EMAIL PROTECTED]
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Without C we would have 'obol', 'basi', and 'pasal'


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS with MS SQL

[Michael Vasilenko]

Hello

I need to setup RADIUS wich works with MS SQL, can somebody give me an
advice? Does FreeRADIUS can do this? ODBC or something?

Thanks

-- 
Michael Vasilenko


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Tim Monaghan]

> 
>   There's a lot I don't answer, too.  If the response is only
> one-line, I don't mind firing off a quick note.
> 
>   If the response is longer, or there are many, many repeated 1-line
> questions, I generally hit 'd'.
> 

Im also impressed by your patience. I know its hard to be patient in the lists where I 
know alot, (mostly perl, php, mysql, apache, etc) and I think you do a pretty good job!

BTW, My question only had 2 one line questions hint, hint :)

And another thing, I wouldnt mind helping in a documentation effort, if one is 
underway, Im kinda dumb about radius at the moment, but Im getting a crash course, and 
I think a good set of docs would not exactly require experts on the case. Is there 
anything underway at the moment?

Thanks

Tim


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius with PostgreSQL...

[Gus Rios]

Hi,
How can i install freeradius with postgreSQL?
What are the arguments for 'configure' ?
or what other things i have to do?

regards,

_
Hable con sus amigos en línea, pruebe MSN Messenger: http://messenger.msn.es


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Identical attributes on auth

[Alan DeKok]

Thomas Jalsovsky <[EMAIL PROTECTED]> wrote:
> OK, I see that in the last CVS is the paircmp fix. I compiled the latest 
> CVS, and made som debugs. Unfortunately I can't make it working.

  It would be easier to debug the problem if you used a simple test
entry in the 'users' file, and poked at the server with radclient.
That will get you the MINIMUM of confusing log messages, which may not
have anything to do with the problem.

> Something I do wrong or the paircmp fix doesn't solve this problem?

  What I can see is that the 'op' field is NULL.  You probably want to
put the operator their.


  If you had tested this with the 'users' file first, you would have
been able to verify if the feature worked.  It would probably have
then been obvious that the issue was NOT the new feature, but some
misconfiguration or bug in the SQL module.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Alan DeKok]

Cleo <[EMAIL PROTECTED]> wrote:
> Can I configure Free radius to us securID?

  Nope.

  But you can use 'exec-program' to fork an external script to do the
authentication.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Alan DeKok]

Cleo <[EMAIL PROTECTED]> wrote:
> You guys are very responsive. This is one of the most 
> instructive mailing list.

  That's nice to hear.

  Many of my posts are responsive because I'm waiting for a 5-minute
job to finish in another window, and I can fire off a quick reply.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Counter module doesn't work

[Peter Santiago]

Based on what I'm reading below ... to set time limits for my users, I need
to use a database (MySQL). Do I?  I'm using portslave wih freeradius If
I just want to use /etc/passwd for authentication... where and how should I
store the time limits for each users?  Thanks

>On Mon, 11 Feb 2002, Andrew Kelaidis wrote:

> I have installed the latest snapshot of freeRadius and I am using mySQL
for
> AAA. I would also like to limit the online time for all users. Here is a
> part of my radiusd.conf file:
> 
> counter {
> filename = ${raddbdir}/db.counter
> key = User-Name
> count-attribute = Acct-Session-Time
> reset = daily
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session-Time
> allowed-servicetype = Framed-User
> cache-size = 5000
> }
> I have also inserted a "counter" into Authorization, Accounting parts of
the
> file. In radius database I have these records for the counter:
> Username   Attribute  Value  op
> 
> UserName   Daily-Session-Time120 >
> UserName   Auth-Type Reject  =
> 
> I start radius with "-X" and when a user calls in I receive these messages
> about counter:
>modcall: entering group authorize
>rlm_counter: Entering module authorize code
>rlm_counter: Could not find Check item value pair
>modcall[authorize]: module "counter" returns noop
> The Accounting procedure returns ok. I can't understand what I do wrong.
> Please help

You can do one of the following:

1. Remove the counter from the authorize section and leave it in the
accounting
section. The check for the Daily-Session-Time is based on a compare function
registered from the counter module and not on the authorize function
provided by
the module.

2. Add a Max-Daily-Session-Time check item in the db like this:

UserName  Max-Daily-Session-Time120   = (you could also use the :=
operator)

and leave the counter in the authorize section.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Charlie Watts]

On Mon, 11 Feb 2002, Alan DeKok wrote:
>   Many of my posts are responsive because I'm waiting for a 5-minute
> job to finish in another window, and I can fire off a quick reply.

I'm just astonished you still answer the once-a-week FAQs.
You're a saint!

-- 
Charlie Watts
[EMAIL PROTECTED]
Frontier Internet
http://www.frontier.net/


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Identical attributes on auth

[Alan DeKok]

Thomas Jalsovsky <[EMAIL PROTECTED]> wrote:
> I searched in the docs and in the mailing list archives but I didn't find 
> the clear definition of op values. Can somebody decribe me? For ex. what 
> does the += op do in a radreply table?

  'man users'

> If I make sure with the users file, what can I do with the problem in SQL?

  You can verify that the *server* can do what you want, independently
of whether the *SQL* module can do it.  If the server can do it and
SQL can't, then at least you know where to look to solve the problem.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Developing/Integrating PAM

[Jeevan, Siddhartha]

This is a multi-part message in MIME format.

--_=_NextPart_001_01C1B30E.39655C0D
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: base64

SSBhbSBuZXcgdG8gdGhlIFJBRElVUyBzZXJ2ZXIgZGVwbG95bWVudCBhbmQgdXNhZ2UuIFdpbGwg
cmVhbGx5IGFwcHJlY2lhdGUgaWYgSSBjYW4gZ2V0IHNvbWUgaGludHMgb3IgcG9pbnRlcnMgdG8g
b3RoZXIgYXJ0aWNsZXMgd2hpY2ggbWF5IGhlbHAgbWUgd2l0aCB0aGUgZm9sbG93aW5nIHF1ZXN0
aW9uOg0KIA0KSG93IHRvIGRldmVsb3AvaW50ZWdyYXRnZSBhIGN1c3RvbSBQQU0gd2l0aCBGcmVl
UmFkaXVzIHNlcnZlciwgd2Ugd2FudCB0byB1c2UgYSBjdXN0b20gdG9rZW4gYW5kIHBpbiBudW1i
ZXIgZm9yIGF1dGhlbnRpY2F0aW5nIHRoZSB1c2VyLiBJIGhhdmUgdGFrZW4gYSBsb29rIGludG8g
dGhlIEZBUXMgYW5kIHRoYXQgZ2l2ZXMgbWUgaWRlYSBvZiB1c2luZyBhIFBBTS4NCklzIHRoZXJl
IGFuIGFydGljbGUvc2FtcGxlIGNvZGUgZm9yIGRldmxvcGluZyBjdXN0b20gUEFNIGFuZCB1c2Fn
ZSBvZiBMREFQIHNlcnZlciBvciBzb21lIGRhdGFiYXNlPyBUSUEuDQogDQotU2lkZGhhcnRoIEpl
ZXZhbg0K

--_=_NextPart_001_01C1B30E.39655C0D
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj48SFRNTD48SEVBRD48TUVUQSBIVFRQLUVRVUlWPSJDb250ZW50LVR5cGUiIENPTlRFTlQ9
InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCI+PC9IRUFEPjxCT0RZPjxESVY+SSBhbSBuZXcgdG8g
dGhlIFJBRElVUyBzZXJ2ZXIgZGVwbG95bWVudCBhbmQgdXNhZ2UuIFdpbGwgCnJlYWxseSBhcHBy
ZWNpYXRlIGlmIEkgY2FuIGdldCBzb21lIGhpbnRzIG9yIHBvaW50ZXJzIHRvIG90aGVyIGFydGlj
bGVzIHdoaWNoIAptYXkgaGVscCBtZSB3aXRoIHRoZSBmb2xsb3dpbmcgcXVlc3Rpb246PC9ESVY+
CjxESVY+Jm5ic3A7PC9ESVY+CjxESVY+SG93IHRvIGRldmVsb3AvaW50ZWdyYXRnZSBhIGN1c3Rv
bSZuYnNwO1BBTSZuYnNwO3dpdGggRnJlZVJhZGl1cyBzZXJ2ZXIsIHdlIAp3YW50IHRvIHVzZSBh
IGN1c3RvbSB0b2tlbiBhbmQgcGluIG51bWJlciBmb3IgYXV0aGVudGljYXRpbmcgdGhlIHVzZXIu
Jm5ic3A7SSAKaGF2ZSB0YWtlbiBhIGxvb2sgaW50byB0aGUgRkFRcyBhbmQgdGhhdCBnaXZlcyBt
ZSBpZGVhIG9mIHVzaW5nIGEgUEFNLjwvRElWPgo8RElWPklzIHRoZXJlIGFuIGFydGljbGUvc2Ft
cGxlIGNvZGUgZm9yIGRldmxvcGluZyBjdXN0b20gUEFNIGFuZCB1c2FnZSBvZiBMREFQIApzZXJ2
ZXIgb3Igc29tZSBkYXRhYmFzZT8gVElBLjwvRElWPgo8RElWPiZuYnNwOzwvRElWPgo8RElWPi1T
aWRkaGFydGggSmVldmFuPC9ESVY+PC9CT0RZPjwvSFRNTD4=

--_=_NextPart_001_01C1B30E.39655C0D--

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Counter module doesn't work

[Kostas Kalevras]

On Mon, 11 Feb 2002, Peter Santiago wrote:

> Based on what I'm reading below ... to set time limits for my users, I need
> to use a database (MySQL). Do I?  I'm using portslave wih freeradius If
> I just want to use /etc/passwd for authentication... where and how should I
> store the time limits for each users?  Thanks
>

You need to store either the check for Daily-Session-Time or the
Max-Daily-Session somewhere. That can be a db (sql,ldap) or just the users file.
If you are lazy you could just add a DEFAULT entry in your users file and be
just fine. Something like:

DEFAULT Max-Daily-Session := 14400

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius Question

[Alan DeKok]

"William Kelley" <[EMAIL PROTECTED]> wrote:
> I have multiple users who are logged in who stay logged in but they =
> aren't actually connected to the NAS. It seems sometimes the radacct =
> (using mysql) never sets a stop time for users. So they stay connected =
> and when you radwho they are still listed. Any idea's?

  radzap?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius and RSA SecurID

[Cleo]

Good day,

Can I configure Free radius to us securID?
If yes, can somebody please give me some configuration
steps.

Thank you

=
=
Cleophas Toe, CISSP | Phone:650-980-3686 
Sr. Info. Security Officer  | Cell: 510-858-9700 
Yodlee, Inc | www.Yodlee.com 
=

__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)

[Gus Rios]

Hi,
How can i install freeradius with postgreSQL?
What are the arguments for 'configure' ?
or what other things i have to do?

regards,

_
Descargue GRATUITAMENTE MSN Explorer en 
http://explorer.yupimsn.com/intl.asp.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

re-use dead servers whenn all are dead?

[Rainer Clasen]

Hello,

kind of related to my previous mail is this idea:

When a Cisco NAS detects, that all Servers are dead, it retries them all
- ignoring they are all dead.

Is it due to simplicity or design, that freeradius doesn't do that?

Rainer

-- 
KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0  B0E1 0556 E25A 7599 75BD

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PostgreSQL's configuration

[kao shimit]

Hello

I have my database created, now i need to setup RADIUS to work with 
postgreSQL, this is with "configure command"...
Does anybody know how to do it? or the parameters for "configure command"

Thanks




_
MSN Photos es la manera más sencilla de compartir e imprimir sus fotos: 
http://photos.latam.msn.com/Support/WorldWide.aspx


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem with DEFAULT realm

[Alan DeKok]

[EMAIL PROTECTED] (Rainer Clasen) wrote:
> during my tests of Freeradius, I found a tiny annoyance when all servers
> for a realm are marked "dead":
> 
> Although there are entries with an exact match (but marked dead), the
> DEFAULT entry is used. 

  Yes, that's how the DEFAULT realm works.
  
> This is anoying when the DEFAULT entry points to a GRIC Radius server.
> 
> Well, on the other hand I could imagine this being useful in certain
> cases so I'm not shure if this is a bug or a feature. 

  The problem is, if all of the realms are marked 'dead', just what do
you do with those requests?  Drop them on the floor?
 
> Is there a need for a general, configurable solution or am I up to
> hacking this up myself?

  It should be easy to hack something together.  If you're looking for
a realm, and have found a dead one, don't fall through to the DEFAULT.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: re-use dead servers whenn all are dead?

[Alan DeKok]

[EMAIL PROTECTED] (Rainer Clasen) wrote:
> When a Cisco NAS detects, that all Servers are dead, it retries them all
> - ignoring they are all dead.
> 
> Is it due to simplicity or design, that freeradius doesn't do that?

  Lack of patches submitted to fix the problem, more than anything
else.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

port 25 filtering

[John Singewald]

We are authenticating modem pools using cistron 1.6. Can someone give advise
on how to set up a filter to limit  port 25 relaying to one particular
server.

Thank You. John



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Counter module doesn't work

[Andrew Kelaidis]

I have installed the latest snapshot of freeRadius and I am using mySQL for 
AAA. I would also like to limit the online time for all users. Here is a 
part of my radiusd.conf file:

counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session-Time
allowed-servicetype = Framed-User
cache-size = 5000
}
I have also inserted a "counter" into Authorization, Accounting parts of the 
file. In radius database I have these records for the counter:
Username   Attribute  Value  op

UserName   Daily-Session-Time120 >
UserName   Auth-Type Reject  =

I start radius with "-X" and when a user calls in I receive these messages 
about counter:
   modcall: entering group authorize
   rlm_counter: Entering module authorize code
   rlm_counter: Could not find Check item value pair
   modcall[authorize]: module "counter" returns noop
The Accounting procedure returns ok. I can't understand what I do wrong. 
Please help

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS with MS SQL

[Alan DeKok]

Michael Vasilenko <[EMAIL PROTECTED]> wrote:
> I need to setup RADIUS wich works with MS SQL, can somebody give me an
> advice? Does FreeRADIUS can do this? ODBC or something?

  ODBC should work in the latest CVS snapshot.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: unable to get a clean gmake

[the ACTUAL zeke]

the version that produces these errors is:

 freeradius-snapshot-20020209

Z   Upgrade to the latest CVS snapshot.
Z   Alan DeKok.

has freeradius ever worked on BSDI? if so, what options need to be
added to ./configure. i think that could be my only problem.

i am sorry to be such a pain, we have used merit AAA successfully for many
years, but suddenly qwest needs Ascend-Data-Filter, which is broken in AAA
but several users (none on BSDI) are passing filters successfully from
freeradius according to qwest.

we are up against a deadline of tuesday. we have a machine available to
load with your recommended flavor of linux as an alternate solution.

thanks again ...z


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Could not link driver rlm_sql_mysql:

[Tim Monaghan]

I see what this is trying to tell me to do, and I know where to find this file in the 
distribution, but I have 2 questions:
a)Where should I put rlm_sql_mysql on my system and what are its dependancies?
b)What does it mean by my systems ld ? Is that the path env var?

Thanks again (see below) 

Tim



[sbin on gwen] ./radiusd -x
Starting - reading configuration files ...
Module: Loaded SQL
rlm_sql: Could not link driver rlm_sql_mysql: file not found
rlm_sql: Make sure it (and all its dependent libraries!) are in the search path
of your system's ld.
radiusd.conf[4]: sql: Module instantiation failed.
[sbin on gwen]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Is their a way to check for a suspended account?

[Alan DeKok]

"Michael Letchworth" <[EMAIL PROTECTED]> wrote:
> I'm trying to figure if their is a field for checking a suspended account?

  There's no attribute to do that.

  See src/modules/rlm_unix for source code to patch.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter module doesn't work

[Andrew Kelaidis]

Thanks!!! Now I have only this record in radcheck table:
Username   Attribute Value   op
-
UserName   Max-Daily-Session-Time7200 :=
..
-
but I had to change the Authorization section of the radius.conf to:
authorize {
sql
counter
}

I hope that this will help someone.

>From: Kostas Kalevras <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: Counter module doesn't work
>Date: Mon, 11 Feb 2002 14:52:42 +0200 (EET)
>
>On Mon, 11 Feb 2002, Andrew Kelaidis wrote:
>
> > I have installed the latest snapshot of freeRadius and I am using mySQL 
>for
> > AAA. I would also like to limit the online time for all users. Here is a
> > part of my radiusd.conf file:
> > 
> > counter {
> > filename = ${raddbdir}/db.counter
> > key = User-Name
> > count-attribute = Acct-Session-Time
> > reset = daily
> > counter-name = Daily-Session-Time
> > check-name = Max-Daily-Session-Time
> > allowed-servicetype = Framed-User
> > cache-size = 5000
> > }
> > I have also inserted a "counter" into Authorization, Accounting parts of 
>the
> > file. In radius database I have these records for the counter:
> > Username   Attribute  Value  op
> > 
> > UserName   Daily-Session-Time120 >
> > UserName   Auth-Type Reject  =
> > 
> > I start radius with "-X" and when a user calls in I receive these 
>messages
> > about counter:
> >modcall: entering group authorize
> >rlm_counter: Entering module authorize code
> >rlm_counter: Could not find Check item value pair
> >modcall[authorize]: module "counter" returns noop
> > The Accounting procedure returns ok. I can't understand what I do wrong.
> > Please help
>
>You can do one of the following:
>
>1. Remove the counter from the authorize section and leave it in the 
>accounting
>section. The check for the Daily-Session-Time is based on a compare 
>function
>registered from the counter module and not on the authorize function 
>provided by
>the module.
>
>2. Add a Max-Daily-Session-Time check item in the db like this:
>
>UserName  Max-Daily-Session-Time120   = (you could also use the := 
>operator)
>
>and leave the counter in the authorize section.
>
>--
>Kostas Kalevras  Network Operations Center
>[EMAIL PROTECTED] National Technical University of Athens, Greece
>Work Phone:  +30 10 7721861
>'Go back to the shadow' Gandalf
>
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html



_
Chat with friends online, try MSN Messenger: http://messenger.msn.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

postgreSQL

[vladimir ezcurra]

Someone know somethink about this matter:

Freeradius using postgreSQL (Configuration)

Vlad



__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and RSA SecurID

[Alan DeKok]

Charlie Watts <[EMAIL PROTECTED]> wrote:
> I'm just astonished you still answer the once-a-week FAQs.

  There's a lot I don't answer, too.  If the response is only
one-line, I don't mind firing off a quick note.

  If the response is longer, or there are many, many repeated 1-line
questions, I generally hit 'd'.

> You're a saint!

  No, I've been to Salt Lake City, and I didn't see the need to
convert. 

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS with MS SQL

[Alan DeKok]

Michael Vasilenko <[EMAIL PROTECTED]> wrote:
> in latest CVS snapshot make is just broken:
> 
> Making static in rlm_sql_unixodbc...

  Whoops, sorry.  I forgot to commit the 'Makefile.in' in that
directory.

  It should be OK now.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html