attribute exec-programm
Hi I use FreeRadius-0.5 and MySql-3.23.49 on FreeBsd-4.5. How differs attribute Exec-Program and Exec-Program-Wait? Send me examples of use of these attribute in database MySQL, examples of scripts which cause these attribute (with data processing database MySQL), please. -- Best regards, Eric mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco_vsa_hack doesn't run
Hi! go to freeradius-0.5/src/modules/rlm_preprocess directory. edit rlm_preprocess.c comment string 126: /* if ((vp-attribute 0x) != 1) continue; Cisco-AVPair */ recompile and reinstall this module. regards. Michael Shurtleff [[EMAIL PROTECTED]] wrote: Nico, Thanks for Dthe suggestion. However, I tried switching the order but in any case I am getting noops on both files and preprocess. Suffix is returning ok however, and group preacct returns ok as well. I do need preprocess to work, in order to use cisco_vsa_hack. mike On Wed, 15 May 2002 [EMAIL PROTECTED] wrote: Hi, I also had a problem in this part, the cause was the preprocess entry being mentioned AFTER the files entry. (I wanted to proxy the accounting records to backup server which also didnt; work.) after puting the files entry after preprocessing this worked, maybe this has the same cause? regards, Nico Baggus -- -Original Message- From: [EMAIL PROTECTED] at INET-1 Sent: Tuesday, May 14, 2002 15:21 To: [EMAIL PROTECTED] at INET-1 Subject: cisco_vsa_hack doesn't run I am using Freeradius 0.5 with Cisco AS5300 VoIP gateways, using only the accounting part of radius. I configured the with_cisco_vsa_hack in radiusd.conf, but on further investigation I found that the pre-accounting preprocessing was giving a noop, and that the vsa_hack was not running. This is the only part of the system that isn't functioning normally as far as I can see; the server is generating accounting records in MySQL with no problem. My question is the following: What is required for the preacct preprocessing to run normally and what part of the config could be causing this failure? Mike -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- S.N.O.O.P.: Synthetic Networked Organism Optimized for Peacekeeping - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem encounter when configure auto-failover for mysql
Hi,
I am using freeradius-0.5 and mysql 3.23.49.
I tried to setup 2 accounting server for a radius server, ie:
radius server A will always write accounting to mysql server B.
when mysql server B down, radius server A should send accounting to its
local mysql server.
In my radiusd.conf :
accounting {
acct_unique
attr_rewrite
detail
sql1 {
fail = 1
notfound = 2
noop = return
ok = return
updated = return
reject = return
userlock = return
invalid = return
handled = return
}
sql2 {
fail = 1
notfound = 2
noop = return
ok = return
updated = return
reject = return
userlock = return
invalid = return
handled = return
}
}
I defined my sql1 and sql2 in the sql.conf as:
sql1 = mysql server B
sql2 = mysql server running at localhost.
However, the failover didn't work when mysql server B down. Radius server
didn't send accounting to the local mysql server.
below is the error mesg I see when running the radius server in debug
mode:
rlm_sql: Reserving sql socket id: 4
rlm_sql: Couldn't update SQL accounting for START packet - Lost connection
to MySQL server during query
rlm_sql: Couldn't update SQLaccounting START record - MySQL server has
gone away
rlm_sql: Released sql socket id: 4
It failed even I use the redundant{} block in the radiusd.conf
Can anyone kindly enlighten me?
thx.
--
Cheers,
CM.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Free Radius and Open Ldap
Hi man Could u help me pls on integrating openldap and radius pls provide me with the steps and the configuration file I will appreciate that really Mazen -Original Message- From: Michael Fuller [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 16, 2002 2:11 PM To: [EMAIL PROTECTED] Subject: Re: Free Radius and Open Ldap Importance: High Hi all, I have successfully integrated Openldap and Free Radius for Authentication. Now I want to configure the Authorisation part. With Windows 2000 Internet Authentication Service (IAS), I used Windows groups and profile properties for authorisation. Can I use linux groups and assign profiles to them before putting users in them ? Could you please point me to a step by step How-To ? I have been searching in vain since yesterday. Thanks in advance for all the help Michael S Fuller - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 15, 2002 8:21 PM Subject: Re: Free Radius and Open Ldap On Wed, 15 May 2002, Michael Fuller wrote: Hi all, This is from a Linux Newbei. I am using Free Radius with Open Ldap authentication. The config is straight forward, with no special add ons. How do I control user attributes ? I need one set of users to have administrative access, and the other only framed PPP access. Any help will be greatly appreciated. Thanks and regards, Michael S Fuller Read doc/rlm_ldap. You should use the Default and Regular profiles. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
group ip pool
I am setting up a multi subnet network. The subnet that a dial in user gets depends on there group. I have 26 groups all over 100 accounts. They are all dialing one modem pool. How can I do this. I read thought the FAQ archive. Help thx, tmb - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem encounter when configure auto-failover for mysql
At 04:54 PM 5/16/2002 +0800, CheongMeng wrote:
Hi,
I am using freeradius-0.5 and mysql 3.23.49.
I tried to setup 2 accounting server for a radius server, ie:
radius server A will always write accounting to mysql server B.
when mysql server B down, radius server A should send accounting to its
local mysql server.
[ snip ]
It failed even I use the redundant{} block in the radiusd.conf
Can anyone kindly enlighten me?
Upgrade to latest CVS version. Some of the return codes for failure
states in the SQL module were not set properly so the behaviour was not
what you'd expect.
-Chris
thx.
--
Cheers,
CM.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 350 WinXP
Artur Hecker [EMAIL PROTECTED] wrote: it seems to me that somebody has written something on Cisco 340 and EAP/MD5 with XP. cant find it though... http://www.freeradius.org/ Look for 'April 24' under 'News!' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap...old issue
Vector [EMAIL PROTECTED] wrote: I am unable to use radzap to get an entry out of radutmp. I had to reboot the router today and there are some stale entries in there that I must remove. radzap yields the following: # radzap name-of-termserver 14 user@realm radzap: zapping termserver ip.addr.of.termserver, port 14, user user@realm radzap: no response from server OK, it's apparently undocumented, but I've just fixed that in the 'man' page for radzap. In any case, looking at the command-line options for 'radzap' will tell you how to solve the problem. [aland@akula radiusd]$ ./src/main/radzap Usage: ./src/main/radzap [-p acct_port] [-r servername|serverip] termserver [port] [user] Options: -p acct_portAccounting port on radius server -r radserverRadius server name or IP address termserver Terminal Server (NAS) name or IP address to match, can be '' for any [port] Terminal Server port to match [user] Login account to match Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 350 WinXP
Look for 'April 24' under 'News!' Alan DeKok. yes, i know this (great) document, but it describes EAP/TLS and has nothing to do with the problem. thank you anyway... i already found the problem, in fact, windows XP never prompted for EAP login. it was a problem of a local cisco pcmcia adapter as it seems. it does prompt now after i changed the profile properties in the cisco ACU... weird. now radius keeps on saying: no user-password attribute... but well, it's a matter of time; it's always easier with open source projects to obtain debugging information. ciao artur -- Artur Hecker Groupe Accès et Mobilité [EMAIL PROTECTED]Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius and Open Ldap
Michael Fuller [EMAIL PROTECTED] wrote: Now I want to configure the Authorisation part. With Windows 2000 Internet Authentication Service (IAS), I used Windows groups and profile properties for authorisation. Can I use linux groups and assign profiles to them before putting users in them ? I'm not sure. Could you please point me to a step by step How-To ? I have been searching in vain since yesterday. Uh... yeah. I don't even have a clear picture of what you want to do. So any help at this point is impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 350 WinXP
Artur Hecker [EMAIL PROTECTED] wrote: now radius keeps on saying: no user-password attribute... but well, it's a matter of time; it's always easier with open source projects to obtain debugging information. It's not radius that gives you that error message, it's one of the modules. You've asked the module to do password authentiction, when the packet is EAP. You've got to configure the server to let the EAP module do EAP authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 350 WinXP
Alan, The article mentions how to do EAP/TLS, not EAP/MD5... Very different... Alan DeKok wrote: Artur Hecker [EMAIL PROTECTED] wrote: it seems to me that somebody has written something on Cisco 340 and EAP/MD5 with XP. cant find it though... http://www.freeradius.org/ Look for 'April 24' under 'News!' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html begin:vcard adr;dom:;;;Lawrenceville;NJ;08648; adr:;;2083 Lawreceville Road;Lawrenceville;NJ;08648; n:Stella;Ricardo tel;fax:1-208-330-8297 tel;work:1-609-896-5000 x7436 x-mozilla-html:FALSE url:http://poseidon.rider.edu org:Rider University;O.I.T. version:2.1 title:Manager x-mozilla-cpt:;-3024 fn:Ricardo Stella end:vcard
WWW.FREERADIUS.ORG
Hi I visited WWW.FREERADIUS.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website. I would like to introduce you to TrafficMagnet.net. We offer a unique technology that will submit your website to over 300,000 search engines and directories every month. You'll be surprised by the low cost, and by how effective this website promotion method can be. To find out more about TrafficMagnet and the cost for submitting your website to over 300,000 search engines and directories, visit www.TrafficMagnet.net. I would love to hear from you. Best Regards, Christine Hall Sales and Marketing E-mail: [EMAIL PROTECTED] http://www.TrafficMagnet.net
Re: Cisco 350 WinXP
Artur Hecker wrote:
in fact, in my authorize section EAP was the first module from the
beginning on and in the authenticate section it is even the only one.
If you're ever going to do System authentication, you'll need the
'unix' module, too.
but if not, i don't need it, right?
Yes. You don't need it.
the error message after the reponse to the challenge is now:
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - md5
rlm_eap: processing type md5
rlm_eap_md5: No password configured for this user
Do I have to configure something like EAP-Password in the user section?
No. Hmm... maybe try 'User-Password :=' ???
Tried that one, but no effect, the same behaviour.
Due to historical issues, the treatment of 'User-Password' in the
'users' file is a little odd.
Alan DeKok.
My user definition looks like that: (etc/raddb/users)
artur Auth-Type = System, User-Password == hello
Reply-Message = Hello, %u
Try Auth-Type := EAP and remove eap in the authorize
and check if it works.
i'm still using radius 0.5 and my sections look like that:
authorize {
preprocess
eap
suffix
files
}
or try eap as the last one in the above authorize block.
authenticate {
eap
}
any idea where this comes from?
The problem is that the configured User-Password is never picked
into the REQUEST-config_items VALUE_PAIR.
-Raghu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using ippool with two radius servers?
Ah, you only have one terminal server with 30.000 ports on it? In that case, route the /17 to that NAS and be done with it. But you likely have tens or hundreds of NASes. Either you're way ahead of me, or you really need to think this over. I think I'm ahead of you :-) Believe me, routing is not an issue here, I do have a /17 block with summarized pools in a way that I only need one static route per NAS (there are 20 of them). No need to use dinamic routing. Okay, you have a fixed pool assigned to each NAS. I still fail to see why you don't want the NAS to each handle the assignment of their own pools? But then what the heck do I know about building a big network... I have the same requirment (ippool over multiple radius servers). SOmetimes allocating IPs from the NAS will just not work. For example say we have 4000 dialin ports. We allocate the IPs from the NAS for those users. All good. But we have a different bunch of users. Eg Sat routed users. They need a different IP Pool. There are not enough customers to warrent putting another pool on each NAS box. This is where IPpool works nicley. Most bighish ISP's need more than 1 radius server. We have 6 load balanced behind a layer 4 switch. Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap...old issue
Vector [EMAIL PROTECTED] wrote: I am unable to use radzap to get an entry out of radutmp. I had to reboot the router today and there are some stale entries in there that I must remove. radzap yields the following: # radzap name-of-termserver 14 user@realm radzap: zapping termserver ip.addr.of.termserver, port 14, user user@realm radzap: no response from server OK, it's apparently undocumented, but I've just fixed that in the 'man' page for radzap. In any case, looking at the command-line options for 'radzap' will tell you how to solve the problem. [aland@akula radiusd]$ ./src/main/radzap Usage: ./src/main/radzap [-p acct_port] [-r servername|serverip] termserver [port] [user] Options: -p acct_portAccounting port on radius server -r radserverRadius server name or IP address termserver Terminal Server (NAS) name or IP address to match, can be '' for any [port] Terminal Server port to match [user] Login account to match Alan DeKok. Uh, huhand just how is that? 1: The termserver parameter is required. 2: It has been my experience that it doesn't matter what the value is, it still won't work 3: I've tried the following and always get either 'no entry found' or 'no response from server': radzap '' 14 user@realm radzap name-of-termserver 14 user@realm radzap ip.of.term.server 14 user@realm radzap '' user@realm radzap name-of-termserver user@realm radzap ip.of.term.server user@realm radzap -p 1812 -r ip.of.radius.server '' 14 user@realm bla bla, on and on you get the ideaall and many many many many many other possible combinations, none of which seem to get the job done. The fact is that radzap won't do jack unless it can talk to the termserver from whence the connection was made. What the man page should say is: If radzap is unable to communicate with the terminal server specified, then it will exit with an error while performing *no* action whatsoever on radutmp vec - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem encounter when configure auto-failover for mysql
CheongMeng wrote: Hi, I am using freeradius-0.5 and mysql 3.23.49. I tried to setup 2 accounting server for a radius server, ie: radius server A will always write accounting to mysql server B. when mysql server B down, radius server A should send accounting to its local mysql server. i didn't know that failover is possible for accounting ... + -- DouRiX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
