RE: AS5300 log to two Radius server simultaneously
> -Original Message- > From: Chris Parker [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 12, 2002 9:38 PM > To: [EMAIL PROTECTED] > Subject: Re: AS5300 log to two Radius server simultaneously > > > At 08:08 PM 4/12/2002 +0800, Raymond Chen wrote: > >Dear all, > > > >A bit off topic. Does anyone know how to configure the AS5300 so it > >passes accounting records to 2 FreeRadius sever simultaneously. > > Nope, can't be done via the 5x00. You *can* setup FreeRADIUS > so that it > replicates/proxies records to the other server, though. > Actually with a little bit of workaround it can be done. You need to configure 2 (or more) groups of radius like the following: aaa group server radius myradius1 server XXX.XXX.XXX.XXX auth-port 1812 acct-port 1813 ! aaa group server radius myradius2 server YYY.YYY.YYY.YYY auth-port 1645 acct-port 1646 ! Than you set the 5300 to broadcast the accounting packets: aaa accounting connection default wait-start broadcast group myradius1 group myradius2 > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\ > -- >\ Wholesale Internet Services - > http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > Rgds LMR - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to use Exec-Program-Wait; Setting Time Limits under dial-up admin...
How does one use Exec-Progra-Wait properly? I use dal-up admin to create users and set their time limit to something other than the default value of 14400. When I edit the user, dial-up admin still says Allowed Session is 4 hours... What do I need to do to make dial-up admin reflect the correct duration of Allowed Session?... Thanks... A repeat question... How do I enforce Session-Time limits for users created in the database? Kicking them out, whenever their allocated time runs out? PLease help... _ Peter Santiago ICQ#: 2890601 More ways to contact me: http://wwp.icq.com/2890601 See more about me: http://web.icq.com/whitepages/about_me?Uin=2890601 Linux user #252132 http://counter.li.org _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
Artur Hecker <[EMAIL PROTECTED]> wrote: > again, the problem was not the SQL and whatsoever dependint on it. for a > plenty of people here the problem are the *tmp files which DO NOT exist > even it the modules ARE active. Add debugging statements to the module, to track when/where/why it's making it's decisions. Figure out where it's making a wrong decision, and send a patch to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Tunnel-Password
Thanks a lot 3APA3A! I've tested your patch. I would say it's pretty close to a solution. But it's not 100% correct. In general the Tunnel-Password encryption and decoding is close to work with your patch. But the first character of the decoded string of the encrypted password is wrong: "decoding issue" - An original Tunnel-Password "p123" will be decoded as "3123". At least encoding and decoding is much better with your bugfix. I would appreciate if you have another look at this. I've attached a file with information about: * radius profile * output of Lucent MAX TNT radius trace showing the "decoding issue". - Thorsten -Original Message- From: 3APA3A <[EMAIL PROTECTED]> To: Thorsten Wystrychowski <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Saturday, April 13, 2002 5:06 PM Subject: Re[2]: Problem with Tunnel-Password >Dear Thorsten Wystrychowski, > >Try this file. Reply if it will works (don't forget to tag >Tunnel-Password, like Tunnel-Password:1 etc). I'll commit the changes if >everything's OK. > >--Saturday, April 13, 2002, 4:23:32 PM, you wrote to >[EMAIL PROTECTED]: > >TW> Hi, > >TW> we have a lot of L2TP customers in production and in the loop. > >TW> All customers who tried to use freeradius for L2TP purposes >TW> failed. At least without fixing the freeradius code. >TW> Most of them migrated to cistron 1.6.5 which does support >TW> Tunnel-Password encryption. > >TW> Some weeks ago I've heard from a customer that new freeradius >TW> versions are better now with regard to L2TP Tunnel-Password >TW> encryption. > >TW> But it was a mistake to believe this. Lately we run some tests >TW> with freeradius 0.5 with the result that L2TP Tunnel-Password >TW> encryption is still very buggy. > >TW> The bug of freeradius 0.5 we are seeing is the following. > >TW> The length field value of attribute 69 seems to be OK. >TW> But the content of the string field (the encrypted password) is >TW> rubbish. It is looking that the encrypted password is too short, >TW> since the end of the string is filled with data of the next radius >TW> attribute. > >TW> On Thu, 11 Apr 2002, Chris Parker wrote: >>> Ahh, then possibly the NAS has not implemented the RFC standard >>> tunnel encryption. > >TW> No, we see this in the snoop of the radius packets. So this is really >TW> independent of the NAS/LAC or of any proxy. > >TW> Comparing freeradius pieces of code from 0.4 and 0.5, it's easy to >TW> discover relevant differences. The code changes are related to the >TW> password length! > > >TW> freeradius-snapshot-20011205 (0.4) >TW> -- >TW> in radius.c: > >TW> int rad_tunnel_pwencode ... > >TW> ... >TW> charsalt[2]; >TW> int i, n, secretlen; >TW> int len; > >TW> if(pwlen < 2) { >TW> return 0; >TW> } >TW> salt[0] = passwd[0]; >TW> salt[1] = passwd[1]; > >TW> /* Advance pointer past the salt, which is first two chars of passwd */ >TW> passwd = passwd + 2; > >TW> /* >TW> * Padd password to multiple of AUTH_PASS_LEN bytes. >TW> */ >TW> len = strlen(passwd); >TW> ... > > > >TW> freeradius 0.5 >TW> -- >TW> in radius.c > >TW> int rad_tunnel_pwencode ... > >TW> ... >TW> charsalt[2]; >TW> int i, n, secretlen; >TW> int len; > >TW> len = *pwlen; > >TW> if (len < 3) { >TW> return 0; >TW> } >TW> salt[0] = passwd[0]; >TW> salt[1] = passwd[1]; > >TW> /* Advance pointer past the salt, which is first two chars of passwd */ > >TW> passwd = passwd + 2; >TW> len -= 2; >TW> *passwd = len; > >TW> /* >TW> * Padd password to multiple of AUTH_PASS_LEN bytes. >TW> */ >TW> if (len > 128) len = 128; > >TW> --- > > >TW> On Wed, 10 Apr 2002, Chris Parker wrote: >>> > > I know that it is working at least with Funk >>> > > SteelBelted Radius in terms of interoperability. >>> > > FreeRADIUS also works with cisco and Ascend NAS that >>> > > I've tested with ( in setting up L2TP via radius ). > >TW> 1) Freeradius 0.5 packet snoops prove that freeradius is >TW> sending buggy attribute 69 packets. > >TW> 2) Freeradius Tunnel-Password encryption code of version 0.4 >TW> and version 0.5 has been changed. > >TW> We have a lot of customers in the loop who are interested in L2TP services. > >TW> Cistron 1.6.5 (http://www.radius.cistron.nl) has been certified for L2TP. >TW> Other radius as well, such as radiator (http://www.open.com.au/radiator). > >TW> It has been always a little bit painful to migrate all of them from freeradius >TW> to another radius server. > >TW> It might be that there is a specific (snapshot) version between 0.4 and 0.5 which >TW> is OK. If so, which one? > >TW> If not, when could we ex
unsubscribe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login-Time Limit
On Sun, 14 Apr 2002, Mike wrote: > I've read the FAQ for Limiting Time logins, but couldn't find how to > do it for a user. Or where can I find some examples of these Login-Time-Limit >attributes? > Thanks. doc/README -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Re: counter module and mysql
=?ISO-8859-1?Q?Pasi_K=E4rkk=E4inen?= <[EMAIL PROTECTED]> wrote: > I'd like to store all authentication and accounting data in mysql and use > counter module to calculate some time-stuff.. I don't think you need any patches to do that. > All examples about usage of counter module are also welcome. There seems > to be no documentation about counter module with freeradius.. See 'raddb/radiusd.conf'. There isn't much there, but it's better than nothing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login-Time Limit
Mike <[EMAIL PROTECTED]> wrote: > I've read the FAQ for Limiting Time logins, but couldn't find how to > do it for a user. Or where can I find some examples of these > Login-Time-Limit attributes? It's not named that. See 'Session-Timout' in: http://www.freeradius.org/rfc/attributes.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login-Time Limit
I've read the FAQ for Limiting Time logins, but couldn't find how to do it for a user. Or where can I find some examples of these Login-Time-Limit attributes? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter module and mysql
Hello! Does anyone have url to mysql patch for counter module (Reading list archives there was/is such thing)? I'd like to store all authentication and accounting data in mysql and use counter module to calculate some time-stuff.. All examples about usage of counter module are also welcome. There seems to be no documentation about counter module with freeradius.. Thanks! - Pasi Kärkkäinen ^ . . Linux /-\ Choice.of.the .Next.Generation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access time restrictions
(Please CC to me, I'm not on the list) Michael Bielicki wrote: > an easier way is to use counters. I have a quite similar problem but > want to implement differnt units for daytime/nighttime, like 1 daytime > minute = 2 nighttime minutes ... Hmm.. could you tell me more about counters? Did you solve your problem? >> On Wed, 2002-04-03 at 11:32, Pasi Kärkkäinen wrote: >> >> Hello! >> >> I'd like to implement following scenario with openradius or freeradius: >> >> User has some specific time (say 3600 seconds) one can use. After the >> time is exceeded, radiusd return zero seconds as access-time for the user >> when one logs in. >> >> NAS requests allowed access-time when user logs in and returns used time >> to radiusd when user logs off. >> >> I'd like to store this information in sql-database (mysql). >> >> Has anyone already done something like this? Any ideas how to do this? >> >> Thanks! >> >> - Pasi Kärkkäinen ^ . . Linux /-\ Choice.of.the .Next.Generation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html