Please HELP ME..can do Session TimeOut for Replace sql counter ?,
Hi all, My Guru.. I am configuring FreeRadius Server 06 and Portslave 2001-01-19 for internet prepaid.. My problem is difficult disconnect users while their login to RADIUS. I have Idea to count for each session time use Session Time Out While user Logging on, But I am not sure it will working fine.. Alternatifely use Rlm_sqlcounter, But It intend not for each user account balance but For Each Group Defined in daily, weekly, etc.., 9 ( I have to modified in long time )I need For each users can have Account Balance ( Time Duration) and then system RADIUS can Forcing disconnect POrtslave modem if User account expired.. Please Help Me.. GURUs, mainly for Mr.Alan and Mr. Chris ... Thank In Advanced Gumilar Satriawan __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco VSA FreeRADIUS
Hello, I've tested freeradius 0.6 and it works fine, I'm planning to replace my production radius now. I have only one problem, I'd like to log Cisco VSAs(likenas-rx-speed, nas-tx-speed)in SQL database. I have 50+ AS5350 an AS5400 with IOS 12.2 and it sends VSA accounting as Cisco-AVPair. Cisco-vsa-hack does not work with this. Any solution? This is a sample accounting-stop record: Fri Jul 26 22:56:34 2002 NAS-IP-Address = xxx NAS-Port = 670 Cisco-NAS-Port = "Async5/22*Serial2/6:2" NAS-Port-Type = Async User-Name = "xxx" Called-Station-Id = "xxx" Calling-Station-Id = "xxx" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "0E000D11" Framed-Protocol = PPP Framed-IP-Address =xxx Acct-Terminate-Cause = Lost-Carrier Acct-Input-Octets = 3597499 Acct-Output-Octets = 36347730 Acct-Input-Packets = 55748 Acct-Output-Packets = 74657 Acct-Session-Time = 7280 Cisco-AVPair = "disc-cause-ext=1011" Cisco-AVPair = "pre-bytes-in=123" Cisco-AVPair = "pre-bytes-out=112" Cisco-AVPair = "pre-paks-in=5" Cisco-AVPair = "pre-paks-out=5" Cisco-AVPair = "pre-session-time=25" Cisco-AVPair = "connect-progress=60" Cisco-AVPair = "nas-rx-speed=28800" Cisco-AVPair = "nas-tx-speed=5" Acct-Delay-Time = 0 Client-IP-Address =xxx Timestamp = 1027716994 Best Regards, Felician Hoppal
FreeRADIUS 0.7 ORACLE
Hello, FreeRADIUS 0.7 does not compile with ORACLE support: ./configure --prefix=/usr --with-logdir=/var/log --with-radacctdir=/var/log/radacct --with-raddbdir=/etc/raddb --with-rlm_sql --with-rlm_sql_oracle --with-experimental-modules --with-snmp --without-rlm_x99_token configuring in ./drivers/rlm_sql_oraclerunning /bin/sh ./configure --prefix=/usr --with-logdir=/var/log --with-radacctdir=/var/log/radacct --with-raddbdir=/etc/raddb --with-rlm_sql --with-rlm_sql_oracle --with-experimental-modules --with-snmp --without-rlm_x99_token --enable-ltdl-install --enable-ltdl-install --cache-file=../../../../.././config.cache --srcdir=.loading cache ../../../../.././config.cachechecking for gcc... (cached) gccchecking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yeschecking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... nochecking whether we are using GNU C... (cached) yeschecking whether gcc accepts -g... (cached) yeschecking how to run the C preprocessor... (cached) gcc -Echecking for oci.h... yesyescreating ./config.statuscreating Makefile Making static in rlm_sql_oracle...make[10]: Entering directory `/usr/src/freeradius-0.7/src/modules/rlm_sql/drivers/rlm_sql_oracle'gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../.. -I../../../../include -I/usr/local/oracle/product/8.1.7/rdbms/demo -I/usr/local/oracle/product/8.1.7/rdbms/public -I/usr/local/oracle/product/8.1.7/plsql/public -I/usr/local/oracle/product/8.1.7/network/public -I/usr/local/oracle/product/8.1.7/oci/include -I/usr/src/freeradius-0.7/libltdl -c sql_oracle.c -o sql_oracle.osql_oracle.c:361: conflicting types for `sql_fetch_row'sql_oracle.h:33: previous declaration of `sql_fetch_row'sql_oracle.c: In function `sql_fetch_row':sql_oracle.c:374: warning: return makes integer from pointer without a castmake[10]: *** [sql_oracle.o] Error 1 Best Regards, Felician Hoppal
Basic User Group question
Hi, I'm new to freeradius, and though I have gotten the basic install up and running and authenticating users against the passwd file, I want to do the following: Users should be authenticated against the passwd file, then segregated based on their unix 'groups' entry, and have different cisco (I have a Cisco 5200 NAS) access-lists applied to them based on which group they belong to. Any help or an example would be greatly appreciated ! rms [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
I'm using FR 0.7. I have proxying enabled, and the NULL realm accounting host set to LOCAL. When I send an accounting packet using radclient, an Accounting-Response packet is never sent. Everything in accounting returns ok, but no response is sent back. More info can be provided if necessary. Kevin Here is the output using debugging: rad_recv: Accounting-Request packet from host 192.168.1.10:32768, id=1, length=138 Thread 2 assigned request 1 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 2 handling request 1, (1 handled so far) User-Name = test NAS-IP-Address = 10.0.1.3 NAS-Port = 1 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Session-Id = 1 Acct-Authentic = RADIUS Framed-Protocol = PPP Framed-IP-Address = xxx.xxx.xxx.xxx Service-Type = Framed-User modcall: entering group preacct modcall[preacct]: module preprocess returns noop rlm_realm: Looking up realm NULL for User-Name = test rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = test rlm_realm: Proxying request from user test to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Accounting realm is LOCAL. rlm_realm: acct_port is not set. proxy cancelled modcall[preacct]: module suffix returns noop acct_users: Matched DEFAULT at 16 modcall[preacct]: module files returns ok modcall: group preacct returns ok modcall: entering group accounting radius_xlat: 'test' sql_set_user: escaped user -- 'test' radius_xlat: 'INSERT INTO radacct (RadAcctId, AcctSessionId, UserName, Realm, NASIPAddress) VALUES ('', '1', 'test', 'NULL', '10.0.1.3')' rlm_sql: Reserving sql socket id: 3 rlm_sql: Released sql socket id: 3 modcall[accounting]: module sql0 returns ok modcall: group accounting returns ok Finished request 1 Going to the next request Thread 2 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Cleaning up request 1 ID 1 with timestamp 3d446c85 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: who's using freeradius in production?
On Fri, 26 Jul 2002, Alan DeKok wrote: Mike Denka [EMAIL PROTECTED] wrote: I'm getting some flack from management about all of the open source we're using on our network and, particularly, the possibility of employing an open source radius server that is still in beta! I can understand the concern over the 'beta' status of the server. However, there *is* the possibility that we're more honest about the status of the software than the commercial RADIUS vendors. :) I don't blame them for being a bit edgy about this. I've done substantial testing of Freeradius and found it to be a superb product (comparing it to the old Livingston radius we have used for years). But all the testing in the world doesn't stand up to weeks or months in a sizable production environment. Anyone here willing to give testimony to running FreeRadius in production serving 10,000+ dialup customers? There are people doing this. I know of a few ISP's with at least that many customers using it, but I don't want to speak for them. It *will* require on-going maintenance and attention. An authentication server can't be left alone, as there are always new accounts added, and new configurations created. How about in a large production environment with an LDAP backend? I saw a presentation where the Greek national education network was using FreeRADIUS, with an LDAP back-end, for 500k users, and something like 200 POP's. But I just did a search on google, and I can't find the presentation. We are using a quite old freeradius snapshot in our university with one AS5300 and 15000 ldap users/sql accounting without any problems. As for the Greek Educational Network we have started using it in 5 POPs one AS5800 and 4 AS3640 and it is working quite fine. Eventually it will be used in the whole network and support around 10 users. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with Group reject in 0.6
Hi, Upgrade to 0.6 seems to have broken my Group Reject config. Can anyone tell me what I'm doing wrong? users file: DEFAULTGroup == disabled, Auth-Type := Reject Reply-Message = Your dialup account has been disabled. DEFAULT Auth-Type := System Fall-Through = Yes DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == CSLIP Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == SLIP Framed-Protocol = SLIP radiusd.conf unix part: unix { cache = yes cache_reload = 300 passwd = /etc/passwd shadow = /etc/shadow group = /etc/group radwtmp = ${logdir}/radwtmp } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool / need help
To all, Please need your help or other solutions. I using freeradius 0.6 and I used the rlm_ippool module. this is what I observed, Using my setup which it pool 10 IP Address range, so I try to login 10 times and It gave me the right IP address range which in my configuration. After that, In my 11 attempt login, It gave an IP address out of the range specified in my configuration. So to solve my problem, I need to stop the radiusd service then delete the db.ippool and db.ipindex files then restart the radiusd. Any help please to solve my problem... ippool hangar { range-start = 172.16.10.50 range-stop = 172.16.10.60 netmask = 255.255.255.0 cache-size = 10 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex Thanks --ador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html