Re: Error: rlm_sql: All sockets are being used! Stupid?
On Mon, 12 Aug 2002, CheongMeng wrote: > I think the error msg mean, there are too many acct request that can be > served by your server at that instance of time. Exactly. But why it happens? I allocate 150 sockets, is it not enough for my 92-modems pool? I think enough, but FreeRadius does not - error still appear. As a matter of fact, load to Radius usually has daily period, and mysql in default settings assume wait_timeout to be 28800 secs(8 hours). So, during night with low load ~5 sockets cope with one's task, but other 145 will be disconnected due to wait_timeout. Next day, when load allways high, admin will be pretty surprised - "150" sockets not enough! Now, I've increased wait_timeout to 24 hours, and reload radius nightly. I heard in 0.6 and later versions disconnected sockets can be restored, but I don't want to upgrade and break working system. --- Aleksandr Kuzminsky,AK476-RIPE System Administrator, AK16-UANIC ISP NBI. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter problem
Hello Everybody, I am trying to use rlm_sqlcounter instead of the db counter in my free radius configuration. But whenever I try to run the "radiusd" in debug mode i get the following error message: radiusd.conf[926] Failed to link to module 'rlm_sqlcounter': file not found The complete debugging information is included below with the radiusd.conf file and the users file. THE DEBUGGING INFORMATION Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "bishimail.acusign.com" sql: port = "" sql: login = "root" sql: password = "" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/var/log/sqltrace.sql" sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC" sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0" sql: accounting_start_query = "INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQ
Re: rlm_sqlcounter : file not found
Aaron Weiker wrote : >Josephine, >If you get errors during make, first identify where the error ocurred. >If you were able to compile without any problems before doing "configure >--with-experimental-modules" but afterwards you cannot run "make" >without it quitting in an error it may be due to a module. So what you >will need to do is look at the output from "make" to identify where the >error occured. If the error occured in the ./src/modules/ directory then >it is a module that couldn't compile. If you feel that this is a module >that you do not need there is no harm in deleting the module directory >and then re-running "configure --with-experimental-modules" then try >running "make" again to see if it got all of the way. >Aaron Weiker Hi Aaron, Thank you very much. I get my rlm_sqlcounter installed. Josephine. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Detail files Import script
I would like to import all detail files from the past year into the radacct database, for use with the dialup_admin php pages. I would like to do this before turning Freeradius 7.0 live. Does anyone have a script file that would import the detail files into radacct? Thanks in advance Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter : file not found
Dear All I am also getting the same message as Josephine. I followed Sheldon Fougere's process but i could not compile it. I even tried to reinstall freeraius and went through the whole steps. But i could not make rlm_sqlcounter to work. Atanu Das System Development SS NetCom Pvt Ltd. Dhankheti Shillong-793003 Visit us at: www.neline.com - Original Message - From: "Josephine" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 12, 2002 8:12 AM Subject: RE: rlm_sqlcounter : file not found > > Hi Sheldon, > > Thank you for your reply. I have tried to do ./configure in the source > directory, but failed. The error message was > 'bash : ./configure: bad interpreter: Permission denied'. Do you know what's > went wrong? Is it because of no configure executable file in the folder. > Please advise. > Thank you. > > Josephine. > > > -Original Message- > Sheldon Fougere wrote : > Hi, > > I installed 0.6 using an RPM that I built using the spec file that came with > 0.6. I tried using the rlm_sqlcounter module. It said it couldn't find > rlm_sqlcounter. I looked in the /user/lib directory but it wasn't there. I > then went to the rlm_sqlcounter source directory and did the ./configure, > make, make install. > > When I tried to start radiusd, it was then able to find it. > > Hope this helps. > Sheldon > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radwho Problem
"Josephine" <[EMAIL PROTECTED]> wrote: > I have checked on the debug log, I noticed that some of the module is > not functioning, don't know this is normal or abnormal. ... > modcall[accounting]: module "radutmp" returns noop So that's the problem. I don't know why it's doing that, you'll have to investigate your local configuration, and the source code to the radutmp module. Alan DeKok. Hi Alan, When I try to run "configure --with-experimental-modules" then "make", I get this error radwho.c In function 'main': radwho.c 370 warning : passing arg 1 of 'free' discards qualifier from pointer target type I looked at radwho.c, notice that 'free' is trying to get a value from 'RADIUS_DIR'. Do you know where is 'RADIUS_DIR' define it's value ? Please advise. Thank you. Josephine. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User file entry with realms
I am having a bit of an issue with user files and realms. This is what I want to do. For example a user has a static IP, but this time the user doesn't want to have the static IP. So we get him to dial up with a realm eg [EMAIL PROTECTED] We want this to hit the default profile instead of the allard entry. If the user logs in with just allard we want it to hit the allard entry. This is what I have got currently which doesn;t do the job. I have tried replacing Suffix with Realm and tried it with Suffix == NULL. allard Auth-Type := LDAP, NAS-Port-Type == Async, Suffix == "NULL" Framed-Protocol = PPP, Service-Type = Framed, Reply-Message = "Welcome NON-Realmed User", Idle-Timeout = 1800 DEFAULT Auth-Type := LDAP, NAS-Port-Type == Async Framed-Protocol = PPP, Service-Type = Framed-User, Reply-Message = "Welcome Realmed User", Idle-Timeout = 1800 Can anyone suggest some ideas? Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: rlm_sql: All sockets are being used! Stupid?
I think the error msg mean, there are too many acct request that can be served by your server at that instance of time. if the sql socket is gone or disconnect, you shall see other error msg. eg: "Ignoring unconnected handle" or if it happen to rotate to the end of socket list and fail to get a free socket: "There are no DB handles to use!" May be can try to increase num_sql_socks. I am looking at ways to further fine tuning the operation of the mysql portion. Does anyone do any large scale deploy which store accounting at mysql? Can share out your configuration? On Sat, 10 Aug 2002, Aleksandr Kuzminsky wrote: > Date: Sat, 10 Aug 2002 18:29:37 +0300 (EEST) > From: Aleksandr Kuzminsky <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: Error: rlm_sql: All sockets are being used! Stupid? > > On Wed, 7 Aug 2002, Alan DeKok wrote: > > > Date: Wed, 07 Aug 2002 11:42:44 -0400 > > From: Alan DeKok <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Subject: Re: Error: rlm_sql: All sockets are being used! Stupid? > > > > [EMAIL PROTECTED] wrote: > > > We have a Problem with using the MySQL Socket: > > > > > > num_sql_socks = 25 > > > is set in sql.conf > > > > > > and radius.log contains several messages like: > > > Error: rlm_sql: All sockets are being used! Please increase the maximum > > > number of sockets! > > > > This is probably because the SQL queries are taking a long time to > > return. See the list archives for details. > > Also it happens when mysql disconnects some sockets due to wait_timeout. > > --- > Aleksandr Kuzminsky, AK476-RIPE > System Administrator, AK16-UANIC > ISP NBI. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Cheers, CM. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_sqlcounter : file not found
Hi Sheldon, Thank you for your reply. I have tried to do ./configure in the source directory, but failed. The error message was 'bash : ./configure: bad interpreter: Permission denied'. Do you know what's went wrong? Is it because of no configure executable file in the folder. Please advise. Thank you. Josephine. -Original Message- Sheldon Fougere wrote : Hi, I installed 0.6 using an RPM that I built using the spec file that came with 0.6. I tried using the rlm_sqlcounter module. It said it couldn't find rlm_sqlcounter. I looked in the /user/lib directory but it wasn't there. I then went to the rlm_sqlcounter source directory and did the ./configure, make, make install. When I tried to start radiusd, it was then able to find it. Hope this helps. Sheldon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting-start proxy error
[EMAIL PROTECTED] wrote: > It works fine for authentication request/accept and accounting-stop, but my > NAS complains about the accounting-start messages: Then it's most likely a problem with the attributes in the accounting start packet. > WARNING: Identifier does not match - ignoring response > WARNING: Invalid response signature - check secret! If the first message is true, then the second is a caused by the first. You say that the NAS complains about the accounting-start packet, but FreeRADIUS never sends one to the NAS, it only sends an Accounting-Response packet. So where does this message come from, and when does it happen? > It seems strange that freeradius is only complaining about accounting-stop, > so it looks to me like freeradius is mis-handling accounting-start when > proxying them. I don't see why it would be treated any differently than any other accounting messages... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: voip gateway billing (H323)and radius
"Patrick Munis" <[EMAIL PROTECTED]> wrote: > 1. Which is the better approach: >(a) let the gateway push cdr to radius >(b) let the radius pull info from gateway Please read up more on RADIUS. The RFC's are a good start. A partial answer is that 1b is *impossible* with RADIUS. > 2. What is the role of Radius in the whole architecture.? If you don't know, why are you trying to use a RADIUS server? > 4. Can anyone recommend a good tutorials or books for radius? See the FreeRADIUS web site. There are documents there, and a pointer to a book coming out in September/October. Did you not see the announcement on the main page, or maybe you didn't look? Oh, and PLEASE don't send me a 'cc' of the message you post to the list. I already subscribe, and getting multiple copies of the same message is annoying. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius crashing
"Allister Maguire" <[EMAIL PROTECTED]> wrote: > Sat Aug 10 19:00:16 2002 : Error: WARNING: Unresponsive child (id 5126) > for request 21379 This is a problem, and may be a mjor cause behind the crash. Something is so screwed up that the requests cannot be completed in a reasonable amount of time. Once that happens, there's no guarantee that the server can recover. > Anyway I can find out whats happening? Debugging mode. 'doc/bugs' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
voip gateway billing (H323)and radius
for some reason my message does not display at all in the mailing. I wonder why? The following was my original questions. Please let me know is you got it correctly. Hi Need some clarification as to certain process as newbie to voip gateway billing. I am writing a billing application for a voip gateway(H323) for prepaid, postpaid,wholesale, intergateway termination and have never used radius server . The following is a diagram the explains "the big picture". System LayerApplication Layer |-| ||--| |Gateyway <-> Radius | -ftp CDR--> | Some custom billing | |-| ||-| Gateway: Quintum tenor or any gateway Radius : FreeRadius Questions 1. Which is the better approach: (a) let the gateway push cdr to radius (b) let the radius pull info from gateway 2. What is the role of Radius in the whole architecture.? 3. How does Radius process CDR.? Is there some mapping that has to be done for mapping CDR to "Radius schema". If yes, please can anyone share their "cdr to radius schema mapping" 4. Can anyone recommend a good tutorials or books for radius? 5. Recommended configuration radius? Should i configure it with with a database or ldap? I'll appreciate any suggestions thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sun 8/11/2002 8:29 AM To: [EMAIL PROTECTED] Cc: Subject: Re: voip gateway billing (H323)and radius Hi, I have freeradius 0.6 acting as a proxy for authentication and accounting. It works fine for authentication request/accept and accounting-stop, but my NAS complains about the accounting-start messages: WARNING: Identifier does not match - ignoring response WARNING: Invalid response signature - check secret! Freeradius does not generate any error messages in debug mode (-X). It seems strange that freeradius is only complaining about accounting-stop, so it looks to me like freeradius is mis-handling accounting-start when proxying them. Has anyone else seen this behaviour? josh. Josh Howlett, Networking and Digital Communications Group, Information Systems & Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <>
accounting-start proxy error
(apologies, re-sent with meaningful Subject field). Hi, I have freeradius 0.6 acting as a proxy for authentication and accounting. It works fine for authentication request/accept and accounting-stop, but my NAS complains about the accounting-start messages: WARNING: Identifier does not match - ignoring response WARNING: Invalid response signature - check secret! Freeradius does not generate any error messages in debug mode (-X). It seems strange that freeradius is only complaining about accounting-stop, so it looks to me like freeradius is mis-handling accounting-start when proxying them. Has anyone else seen this behaviour? josh. Josh Howlett, Networking and Digital Communications Group, Information Systems & Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: voip gateway billing (H323)and radius
Hi, I have freeradius 0.6 acting as a proxy for authentication and accounting. It works fine for authentication request/accept and accounting-stop, but my NAS complains about the accounting-start messages: WARNING: Identifier does not match - ignoring response WARNING: Invalid response signature - check secret! Freeradius does not generate any error messages in debug mode (-X). It seems strange that freeradius is only complaining about accounting-stop, so it looks to me like freeradius is mis-handling accounting-start when proxying them. Has anyone else seen this behaviour? josh. Josh Howlett, Networking and Digital Communications Group, Information Systems & Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html