Re: Pool-Name attribute
On Thu, 5 Sep 2002, Ador Dauz wrote: > hello all, > > I'm look a documentation about Pool-Name attribute. > is any one can give me a site or document where > i can read.. > > Thanks > --ador It contains the name of the ippool module instance which should handle the request. That way you can assign different pools to different classes of users. The Pool-Name should always be set for the ipppool module to work. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Pool-Name attribute
hello all, I'm look a documentation about Pool-Name attribute. is any one can give me a site or document where i can read.. Thanks --ador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter question
alienoid wrote: > Hello freeradius-users, hi, > RH7.2 + freeradius-0.6 + Oracle > > I've compiled freeradius with --with-experimantal-modules and set up > it with sql auth/acct. > > In radiusd.conf wrote: > > sqlcounter hourlycounter { >counter-name = SQL_Max_Hour_Session_Timeout >check-name = SQL_Max_Hour >sqlmod_inst = sql >key = User-Name >query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE > username='%{%k}'" >reset = none > } may be 'reset = never', if not, didn't you forget to put hourlycounter in the authorization section ? > I did so (tried to convert) with table radcheck: > test User-Password := > test SQL_Max_Hour 36000 > > test Auth-Type Reject := i think the operator should be ':=' instead of '>' ... cheers, @+ -- DouRiX \\\|/// ___ \\ - - // ___ __ | _ oOOo_@ @_oOOo| _ \(_) \/ / | | | |/ _(_) | | | |_| ) |\ / | |_| | (_) | |_| | _ <| |/ \ |/ \___/ \_O| \_\_/_/\_\ f u cn rd ths u r usng unx O ) / ( )(_/ \ ( \_) [Never be afraid to try something new. Remember, amateurs built the ark, and professionals built the Titanic.] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Exec-Program-Wait Abnormal exit - 0.7/Snapshot
Hi All, Is Exec-Program-Wait still broken? I have tried 0.7 as well as Snapshot dated 09-04-2002 and while 0.7 continues to run after an Abnormal exit, the Snapshot build dies immediately...but when entering "group authorize" and apparently not getting to Exec-Program-Wait. Any ideas? -Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql modules
On Thursday 05 September 2002 06:52, you wrote: > :-) > : > > It *is* using the path you give it. That's not the problem. > > well, it does add "mysql" to it. > > > The problem is that the MySQL header files are *normally* in > > , as evidenced by the fact that this issue hasn't been > > a problem for at least the past year. So if you're running into a > > problem, it's because the mysql header files on your system are in a > > different place than 90% of other peoples systems. I started using the freeradius last July and I have same problem with you. It found the lib but not the include directory so the headers not found. To work arround with these... I created a link named mysql inside in the directory of include. I'm inside the directory of /usr/local/mysql/include then I do this command, ln -s ../include mysql these only work with this option --with-mysql-include-dir=/usr/local/mysql/include or create a link inside the directory of your mysql name mysql link to include directory but your option look like these... --with-mysql-include-dir=/usr/local/mysql To test if work do it first inside the mysql module directory the configure command. I'm not a programmer so please dont ask me about the that module, Im still a student learning system administration.. I really admire all the programmer who build the freeradius program. Thanks ador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Expiration/Account Expiration
Kostas Kalevras, You are the man!!! I really owe you one... Thanks alot. ;-) > > Hello Everyone, > > > > My main problem right now is that I am attempting to set an > expiration date > > for my radius accounts. I've tried searching through the RFCs and > > registered OIDs hoping for some luck with this issue. I've > tried multiple > > syntax values with no success. > > > > I have a attribute in my radius schema like so: > > -- > > attributetype > >( 1.3.6.1.4.1.3317.4.3.1.54 > > NAME 'radiusExpiration' > > DESC '' > > EQUALITY caseIgnoreIA5Match > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > > SINGLE-VALUE > >) > > -- > > I have also added to the ldap.attrmap with: > > -- > > checkitem Expiration radiusExpiration > > -- > > But when I enter in a date '27 Aug 2002' for example it takes it fine. > > When sending the information to the Radius server the debug > shows only '27'. > > -- > > rlm_ldap: Adding radiusExpiration as Expiration, value 27 & op=11 > > -- > > > > Does anyone have any idea why this is occurring, and can > someone please > > point me in the right direction. Also Kostas Kalevras you were > one of the > > people to helped me get this far, I just wanted to thank you... > > Try using "27 Aug 2002" (with the double quotes). > > > > > Thanks ahead, > > Thai Q. Tran > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED]National Technical University of Athens, Greece > Work Phone: +30 10 7721861 > 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat 7.3 as Radius Client
Ok, I now have it working, by inserting auth sufficient /lib/security/pam_radius_auth.so as the first line of /etc/pam.d/sshd. However, it still respects my /etc/passwd password as well. When I tried to change the sufficient to required like the rest of the entries, no login worked for me. Can someone shed a little more light on the best way to make RADIUS my only login *IF* the radius server is available, then it could fall back to the local account for CONSOLE access if needed. And thanks again for all the help! Nick Joe Lewis <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] Sent by:cc: freeradius-users-admin@lists. Subject: Re: RedHat 7.3 as Radius Client cistron.nl 09/04/2002 03:17 PM Please respond to freeradius-users Sounds decent! It should work fine, then! Joe [EMAIL PROTECTED] wrote: > Thanks Joe! > > Yes, I was aware that the passwd file was STILL required, and that only > users that existed in BOTH radius and the passwd file would be getting in. > That was acceptable to us. We just plan on giving the default a /bin/null > shell so they get dumped anyway. We only want 6 users allowed, we just have > this nasty mandate to rotate our admin passwords every 30 days, and we have > 70 systems of different flavors and would just love to consolidate that a > bit ;) > > Thanks again! > > Nick > > > > > > > Joe Lewis > <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] > Sent by:cc: > freeradius-users-admin@lists. Subject: Re: RedHat 7.3 as Radius Client > cistron.nl > > > 09/04/2002 03:05 PM > Please respond to > freeradius-users > > > > > > > /etc/pam.d/ssh > /etc/pam.d/login > /etc/pam.d/telnetd > > NOTE : pam_radius does NOT alleviate the need for the /etc/passwd file. > pam_radius does not implement the pam_sm_setcred function to set the > user id, group id, and other things. But, you can set a default_user in > the configuration (but everyone not in the /etc/passwd will be > default_user, so use with caution.) > > For you others, if there is an implementation out there that doesn't use > the /etc/passwd, let me know. > > Joe > > [EMAIL PROTECTED] wrote: > > >> >>I hope this is not too basic, I have searched the archives for examples >> > of > >>a RedHat 7.3 install with no luck. >> >>Can someone help me with the use of the Radius Authentication PAM module >>for RedHat 7.3, I want to have the server use an existing Cisco Secure >>Radius service to authentcate SSH /console logins. >> >>What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth >>files into seperate files rather than one pam.conf file. I am not sure >>which ones in the /etc/pam.d folder I need to include the >> >> >> >>Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so >> >>In the per-application configuration (/etc/pam.d/application) add: >> >>auth required /lib/security/pam_securetty.so >>auth sufficient /lib/security/pam_radius_auth.so >>auth required /lib/security/pam_unix_auth.so >> >> >>And when it comes to configuring the radius client to use my RADIUS >> > server > >>i
Re: mysql modules
:-) > It *is* using the path you give it. That's not the problem. well, it does add "mysql" to it. > The problem is that the MySQL header files are *normally* in > , as evidenced by the fact that this issue hasn't been > a problem for at least the past year. So if you're running into a > problem, it's because the mysql header files on your system are in a > different place than 90% of other peoples systems. ok, i understand what you are saying but i didn't install mysql in some weird place. if you want to know, i did ./configure --prefix=/usr/local/mysql, make, make install during the mysql installation like i do with most installations before beginning to resolve problems :-) there was nothing special and it is installed like it should be, in /usr/local/mysql. perhaps it's my mistake and the header files aren't in the include subdir of that path? at least, the mysql.h is there :-) > > > So submit a patch. Look at the rest of the 'configure.in' scripts > > > for examples of what to do. > > > > sorry, i have no idea how to do so. > > Then I hope you'll understand that any fix might be pushed off into > the far future. never demanded a patch, i wanted a small hint, nothing more. > Patching 'configure.in' scripts isn't too hard, especially small > ones, like in the rlm_sql_mysql directory. There's simply small shell > scripts. i will give it a look tomorrow, i'm just not very experienced with all this configure stuff. somehow it's newer than me :-) ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat 7.3 as Radius Client
Sorry, one question so I don't lock myself out... This is my sshd file, where do I paste the auth sufficient /lib/security/pam_radius_auth.so #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_limits.so sessionoptional /lib/security/pam_console.so Joe Lewis <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] Sent by:cc: freeradius-users-admin@lists. Subject: Re: RedHat 7.3 as Radius Client cistron.nl 09/04/2002 03:05 PM Please respond to freeradius-users /etc/pam.d/ssh /etc/pam.d/login /etc/pam.d/telnetd NOTE : pam_radius does NOT alleviate the need for the /etc/passwd file. pam_radius does not implement the pam_sm_setcred function to set the user id, group id, and other things. But, you can set a default_user in the configuration (but everyone not in the /etc/passwd will be default_user, so use with caution.) For you others, if there is an implementation out there that doesn't use the /etc/passwd, let me know. Joe [EMAIL PROTECTED] wrote: > > > I hope this is not too basic, I have searched the archives for examples of > a RedHat 7.3 install with no luck. > > Can someone help me with the use of the Radius Authentication PAM module > for RedHat 7.3, I want to have the server use an existing Cisco Secure > Radius service to authentcate SSH /console logins. > > What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth > files into seperate files rather than one pam.conf file. I am not sure > which ones in the /etc/pam.d folder I need to include the > > > > Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so > > In the per-application configuration (/etc/pam.d/application) add: > > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_radius_auth.so > auth required /lib/security/pam_unix_auth.so > > > And when it comes to configuring the radius client to use my RADIUS server > in the pam_radius_auth file in /etc/raddb/server (RedHat 7.3 doesn't have > that path.) > > Basically I think I understand a bit of what is needed, I am just not sure > how to apply it for this variant of Linux. > > Thanks for any config help, > > Nick > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat 7.3 as Radius Client
Sounds decent! It should work fine, then! Joe [EMAIL PROTECTED] wrote: > Thanks Joe! > > Yes, I was aware that the passwd file was STILL required, and that only > users that existed in BOTH radius and the passwd file would be getting in. > That was acceptable to us. We just plan on giving the default a /bin/null > shell so they get dumped anyway. We only want 6 users allowed, we just have > this nasty mandate to rotate our admin passwords every 30 days, and we have > 70 systems of different flavors and would just love to consolidate that a > bit ;) > > Thanks again! > > Nick > > > > > > > > Joe Lewis > > <[EMAIL PROTECTED]>To: >[EMAIL PROTECTED] > Sent by:cc: > > freeradius-users-admin@lists. Subject: Re: RedHat 7.3 >as Radius Client > cistron.nl > > > > > > 09/04/2002 03:05 PM > > Please respond to > > freeradius-users > > > > > > > > > > /etc/pam.d/ssh > /etc/pam.d/login > /etc/pam.d/telnetd > > NOTE : pam_radius does NOT alleviate the need for the /etc/passwd file. > pam_radius does not implement the pam_sm_setcred function to set the > user id, group id, and other things. But, you can set a default_user in > the configuration (but everyone not in the /etc/passwd will be > default_user, so use with caution.) > > For you others, if there is an implementation out there that doesn't use > the /etc/passwd, let me know. > > Joe > > [EMAIL PROTECTED] wrote: > > >> >>I hope this is not too basic, I have searched the archives for examples >> > of > >>a RedHat 7.3 install with no luck. >> >>Can someone help me with the use of the Radius Authentication PAM module >>for RedHat 7.3, I want to have the server use an existing Cisco Secure >>Radius service to authentcate SSH /console logins. >> >>What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth >>files into seperate files rather than one pam.conf file. I am not sure >>which ones in the /etc/pam.d folder I need to include the >> >> >> >>Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so >> >>In the per-application configuration (/etc/pam.d/application) add: >> >>auth required /lib/security/pam_securetty.so >>auth sufficient /lib/security/pam_radius_auth.so >>auth required /lib/security/pam_unix_auth.so >> >> >>And when it comes to configuring the radius client to use my RADIUS >> > server > >>in the pam_radius_auth file in /etc/raddb/server (RedHat 7.3 doesn't have >>that path.) >> >>Basically I think I understand a bit of what is needed, I am just not >> > sure > >>how to apply it for this variant of Linux. >> >>Thanks for any config help, >> >>Nick >> >> >> >>- >>List info/subscribe/unsubscribe? See >> > http://www.freeradius.org/list/users.html > >> >> > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat 7.3 as Radius Client
Thanks Joe! Yes, I was aware that the passwd file was STILL required, and that only users that existed in BOTH radius and the passwd file would be getting in. That was acceptable to us. We just plan on giving the default a /bin/null shell so they get dumped anyway. We only want 6 users allowed, we just have this nasty mandate to rotate our admin passwords every 30 days, and we have 70 systems of different flavors and would just love to consolidate that a bit ;) Thanks again! Nick Joe Lewis <[EMAIL PROTECTED]>To: [EMAIL PROTECTED] Sent by:cc: freeradius-users-admin@lists. Subject: Re: RedHat 7.3 as Radius Client cistron.nl 09/04/2002 03:05 PM Please respond to freeradius-users /etc/pam.d/ssh /etc/pam.d/login /etc/pam.d/telnetd NOTE : pam_radius does NOT alleviate the need for the /etc/passwd file. pam_radius does not implement the pam_sm_setcred function to set the user id, group id, and other things. But, you can set a default_user in the configuration (but everyone not in the /etc/passwd will be default_user, so use with caution.) For you others, if there is an implementation out there that doesn't use the /etc/passwd, let me know. Joe [EMAIL PROTECTED] wrote: > > > I hope this is not too basic, I have searched the archives for examples of > a RedHat 7.3 install with no luck. > > Can someone help me with the use of the Radius Authentication PAM module > for RedHat 7.3, I want to have the server use an existing Cisco Secure > Radius service to authentcate SSH /console logins. > > What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth > files into seperate files rather than one pam.conf file. I am not sure > which ones in the /etc/pam.d folder I need to include the > > > > Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so > > In the per-application configuration (/etc/pam.d/application) add: > > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_radius_auth.so > auth required /lib/security/pam_unix_auth.so > > > And when it comes to configuring the radius client to use my RADIUS server > in the pam_radius_auth file in /etc/raddb/server (RedHat 7.3 doesn't have > that path.) > > Basically I think I understand a bit of what is needed, I am just not sure > how to apply it for this variant of Linux. > > Thanks for any config help, > > Nick > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter question
Hello freeradius-users, RH7.2 + freeradius-0.6 + Oracle I've compiled freeradius with --with-experimantal-modules and set up it with sql auth/acct. In radiusd.conf wrote: sqlcounter hourlycounter { counter-name = SQL_Max_Hour_Session_Timeout check-name = SQL_Max_Hour sqlmod_inst = sql key = User-Name query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE username='%{%k}'" reset = none } Following example in experimantal.conf I need test SQL_Max_Hour > 36000, Auth-Type = Reject Reply-Message = "..." I can't grasp how to convert this record into sql tables record User 'test' belongs to group 'dialup_any' and it works fine Table radgroupcheck looks so: dialup_any Auth-Type PAP := dialup_any Login-Time Any0001-2359 := Table radcheck looks so: test User-Password := I did so (tried to convert) with table radcheck: test User-Password := test SQL_Max_Hour 36000 > test Auth-Type Reject := But this unfortunately doesn't work and radius with -x gives: SELECT . No such attribute SQL_Max_Hour ... Access-Reject Could anybody help me with this? I'm stuck with this problem Your help is very, very appreciated. -- Best regards, alienoid mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat 7.3 as Radius Client
/etc/pam.d/ssh /etc/pam.d/login /etc/pam.d/telnetd NOTE : pam_radius does NOT alleviate the need for the /etc/passwd file. pam_radius does not implement the pam_sm_setcred function to set the user id, group id, and other things. But, you can set a default_user in the configuration (but everyone not in the /etc/passwd will be default_user, so use with caution.) For you others, if there is an implementation out there that doesn't use the /etc/passwd, let me know. Joe [EMAIL PROTECTED] wrote: > > > I hope this is not too basic, I have searched the archives for examples of > a RedHat 7.3 install with no luck. > > Can someone help me with the use of the Radius Authentication PAM module > for RedHat 7.3, I want to have the server use an existing Cisco Secure > Radius service to authentcate SSH /console logins. > > What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth > files into seperate files rather than one pam.conf file. I am not sure > which ones in the /etc/pam.d folder I need to include the > > > > Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so > > In the per-application configuration (/etc/pam.d/application) add: > > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_radius_auth.so > auth required /lib/security/pam_unix_auth.so > > > And when it comes to configuring the radius client to use my RADIUS server > in the pam_radius_auth file in /etc/raddb/server (RedHat 7.3 doesn't have > that path.) > > Basically I think I understand a bit of what is needed, I am just not sure > how to apply it for this variant of Linux. > > Thanks for any config help, > > Nick > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RedHat 7.3 as Radius Client
I hope this is not too basic, I have searched the archives for examples of a RedHat 7.3 install with no luck. Can someone help me with the use of the Radius Authentication PAM module for RedHat 7.3, I want to have the server use an existing Cisco Secure Radius service to authentcate SSH /console logins. What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth files into seperate files rather than one pam.conf file. I am not sure which ones in the /etc/pam.d folder I need to include the Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so In the per-application configuration (/etc/pam.d/application) add: auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_radius_auth.so auth required /lib/security/pam_unix_auth.so And when it comes to configuring the radius client to use my RADIUS server in the pam_radius_auth file in /etc/raddb/server (RedHat 7.3 doesn't have that path.) Basically I think I understand a bit of what is needed, I am just not sure how to apply it for this variant of Linux. Thanks for any config help, Nick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login-Time and timezones
Jeremy Kusnetz <[EMAIL PROTECTED]> wrote: > We are looking to use Login-Time, but I have a few questions about > timezones. > > Our servers run on GMT, but I would want to setup Login-Times for people in > different timezones. As you noted, that isn't thre right now. > So for example if I wanted to limit logintimes to only Monday, If I said > "Mo00:00-23:49" this would be in GMT time. If I wanted to do this for EST > time I guess it would be something like "Su19:00-23:59,Mon00:00-19:00". > This can get pretty ugly. The Wk wouldn't work any more, I guess instead of > "Wk00:00-23:59" it would be "Su19:00-23:59,Mo00:00-23:59 .. > Fr00:00-19:00" > > Is there a maximum to how long this string can be? 253 characters, I think. > It would be nice to instead of doing it this way, to do something like > "Mo-05:00-19:00" or "Wk05:00-29:00" In other words just add the timezone > to the hours you want, and allow negative hours and hours greater then 24. Yes, but where does that time zone information come from? It's not in the RADIUS request. So you've got to divide your users into different time-zone specific groups, which is hard. > I don't think the current code will support this: No, it doesn't. > I'm not much of a C programmer, but I guess I could give it a shot. Does > this sound like something doable? How would you allow one user to move? i.e. They're only allowed in on Mondays, but if they fly from the U.S. to Japan, they should be allowed in on Mondays on Japan time, not on U.S. time. The only thing I can think of here is to have NAS-specific checks in the 'users' file, which adds a timezone attribute, depending on where the NAS is. The Login-Time attribute checks can then grab the time zone attribute, and use it to calculate their time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Vendor Code
Thanks very much for the help. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok Sent: Wednesday, September 04, 2002 4:17 PM To: [EMAIL PROTECTED] Subject: Re: Vendor Code "Sheldon Fougere" <[EMAIL PROTECTED]> wrote: > Our company does have an SNMP OID assigned. I looked at private enterprise > codes and them seem to be related but not very clear. Can anyone shed some > light? The SNMP OID is the same as the private enterprise code. Use that as the 'Vendor' number in a dictionary for FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Vendor Code
"Sheldon Fougere" <[EMAIL PROTECTED]> wrote: > Our company does have an SNMP OID assigned. I looked at private enterprise > codes and them seem to be related but not very clear. Can anyone shed some > light? The SNMP OID is the same as the private enterprise code. Use that as the 'Vendor' number in a dictionary for FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Denying access based in calling station
Hi, Is it possible specify certain phone number where a specific user is allowed to call from ? I need the following solution: The radius would authenticate a user if your phone number is autorized. The user can have more than one number where he call from, then would be good if the number was stored in a mysql table. The user will only be authenticated with only these numbers. In same way, another user would have your phone number (obviously not equal to the first user) stored in the same table and would be allowed to access the system only if calling from these numbers too. Is it possible to implement this with freeradius ? Thanks Amaury - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Expiration/Account Expiration
On Wed, 4 Sep 2002, Thai Tran wrote: > Hello Everyone, > > My main problem right now is that I am attempting to set an expiration date > for my radius accounts. I've tried searching through the RFCs and > registered OIDs hoping for some luck with this issue. I've tried multiple > syntax values with no success. > > I have a attribute in my radius schema like so: > -- > attributetype >( 1.3.6.1.4.1.3317.4.3.1.54 > NAME 'radiusExpiration' > DESC '' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 > SINGLE-VALUE >) > -- > I have also added to the ldap.attrmap with: > -- > checkitem Expiration radiusExpiration > -- > But when I enter in a date '27 Aug 2002' for example it takes it fine. > When sending the information to the Radius server the debug shows only '27'. > -- > rlm_ldap: Adding radiusExpiration as Expiration, value 27 & op=11 > -- > > Does anyone have any idea why this is occurring, and can someone please > point me in the right direction. Also Kostas Kalevras you were one of the > people to helped me get this far, I just wanted to thank you... Try using "27 Aug 2002" (with the double quotes). > > Thanks ahead, > Thai Q. Tran > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Expiration/Account Expiration
Hello Everyone, My main problem right now is that I am attempting to set an expiration date for my radius accounts. I've tried searching through the RFCs and registered OIDs hoping for some luck with this issue. I've tried multiple syntax values with no success. I have a attribute in my radius schema like so: -- attributetype ( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusExpiration' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) -- I have also added to the ldap.attrmap with: -- checkitem Expiration radiusExpiration -- But when I enter in a date '27 Aug 2002' for example it takes it fine. When sending the information to the Radius server the debug shows only '27'. -- rlm_ldap: Adding radiusExpiration as Expiration, value 27 & op=11 -- Does anyone have any idea why this is occurring, and can someone please point me in the right direction. Also Kostas Kalevras you were one of the people to helped me get this far, I just wanted to thank you... Thanks ahead, Thai Q. Tran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Vendor Code
Our company does have an SNMP OID assigned. I looked at private enterprise codes and them seem to be related but not very clear. Can anyone shed some light? Thanks, Sheldon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok Sent: Wednesday, September 04, 2002 11:18 AM To: [EMAIL PROTECTED] Subject: Re: Vendor Code "Sheldon Fougere" <[EMAIL PROTECTED]> wrote: > Do I have to apply for a Vendor code to create a VSA? Yes, and no. If you want to guarantee that no one else will re-use your number, then you've got to apply. If you're willing to live with imperfection, then pick a number larger than (1 << 24) (16 million or so), and you should usually be OK. > If so where do I apply? www.iana.org, see 'private enterprise codes' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
Re: mysql modules
Artur Hecker <[EMAIL PROTECTED]> wrote: > > Everyone installs things in different places, and expects the poor > > 'configure' script to figure it all out . > > no, i don't expect it to find it. but i _do_ expect it to use the path > i've just given to it as command-line parameter. in that case it > shouldn't add any underpathes, the path should be used like it is, what > do you think? It *is* using the path you give it. That's not the problem. The problem is that the MySQL header files are *normally* in , as evidenced by the fact that this issue hasn't been a problem for at least the past year. So if you're running into a problem, it's because the mysql header files on your system are in a different place than 90% of other peoples systems. > > So submit a patch. Look at the rest of the 'configure.in' scripts > > for examples of what to do. > > sorry, i have no idea how to do so. Then I hope you'll understand that any fix might be pushed off into the far future. Patching 'configure.in' scripts isn't too hard, especially small ones, like in the rlm_sql_mysql directory. There's simply small shell scripts. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
suggestions about attributes
Howdy, I guess I dont know if these have been changed in CVS - or if they are the way they are for a reason. raddb/ldap.attrmap - the ldap checkItem attribute for Simultaneous-Use is set to npSessionsAllowed, but in the RADIUS-LDAPv3.schema radiusSimultaneousUse seems to be the correct attribute. raddb/radius.conf - in the ldap section access_attr is set to dialupAccess, but there is no dialupAccess attribute in RADIUS-LDAPv3.schema. Could we get one? :) Thanks Josh Kleensang Vice President, Engineering Lunar Gravity Networks 402-898-GRAV x 101 http://www.lunargravity.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Fwd: Re[2]: MSCHAP2 + pptpd + pppd 2.4.2 + Postgres problems
Dear Alex D. Krivoshein, ïÂÎÏ×É ÅÝÅ É token.c http://www.security.nnov.ru/files/token.c é ÐÒÉÛÌÉ ÞÔÏ Õ ÔÅÂÑ × ÆÁÊÌÅ users ÄÌÑ default. --Wednesday, September 4, 2002, 8:35:48 PM, you wrote to [EMAIL PROTECTED]: ADK> Dear 3APA3A, ADK>I aplied your patch and what I get: ADK> óÅÎ 4 20:30:14 fast radiusd: rad_recv: Access-Request packet from host ADK> 127.0.0.1:2547, id=79, length=131 ADK> óÅÎ 4 20:30:14 fast radiusd: ^IService-Type ?? Framed-User ADK> óÅÎ 4 20:30:14 fast radiusd: ^IFramed-Protocol ?? PPP ADK> óÅÎ 4 20:30:14 fast radiusd: ^IUser-Name ?? "vpn" ADK> óÅÎ 4 20:30:14 fast radiusd: ^IMS-CHAP-Challenge ?? ADK> 0xccf0cb92f266f2ba3c3090a2352d5e20 ADK> óÅÎ 4 20:30:14 fast radiusd: ^IMS-CHAP2-Response ?? ADK> 0x0100e24ac8421dcfd92300d62af48929e5c34ba11f1b0681dfd39f5e107858fa565653f3eae9d006d9e0 ADK> óÅÎ 4 20:30:14 fast radiusd: ^INAS-IP-Address ?? 127.0.0.1 ADK> óÅÎ 4 20:30:14 fast radiusd: ^INAS-Port ?? 0 ADK> óÅÎ 4 20:30:14 fast radiusd: modcall: entering group authorize ADK> óÅÎ 4 20:30:14 fast radiusd: modcall[authorize]: module "preprocess" ADK> returns ok ADK> óÅÎ 4 20:30:14 fast radiusd: rlm_realm: Looking up realm NULL for ADK> User-Name = "vpn" ADK> óÅÎ 4 20:30:14 fast radiusd: rlm_realm: No such realm NULL ADK> óÅÎ 4 20:30:14 fast radiusd: modcall[authorize]: module "suffix" ADK> returns noop ADK> óÅÎ 4 20:30:14 fast radiusd: users: Matched DEFAULT at 152 ADK> óÅÎ 4 20:30:14 fast radiusd: users: Matched DEFAULT at 171 ADK> óÅÎ 4 20:30:14 fast radiusd: users: Matched DEFAULT at 178 ADK> óÅÎ 4 20:30:14 fast radiusd: modcall[authorize]: module "files" ADK> returns ok ADK> óÅÎ 4 20:30:14 fast radiusd: radius_xlat: 'vpn' ADK> óÅÎ 4 20:30:14 fast radiusd: sql_set_user: escaped user --> 'vpn' ADK> óÅÎ 4 20:30:14 fast radiusd: radius_xlat: 'SELECT ADK> id,UserName,Attribute,Value FROM radcheck WHERE Username = 'vpn' ORDER ADK> BY id' ADK> óÅÎ 4 20:30:14 fast radiusd: rlm_sql: Reserving sql socket id: 1 ADK> óÅÎ 4 20:30:14 fast radiusd: query: SELECT id,UserName,Attribute,Value ADK> FROM radcheck WHERE Username = 'vpn' ORDER BY id ADK> óÅÎ 4 20:30:14 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK ADK> óÅÎ 4 20:30:14 fast radiusd: sql_postgresql: affected rows = ADK> óÅÎ 4 20:30:14 fast radiusd: radius_xlat: 'SELECT ADK> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value ADK> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'vpn' AND ADK> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' ADK> óÅÎ 4 20:30:14 fast radiusd: query: SELECT ADK> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value ADK> FROM radgroupcheck,usergroup WHERE usergroup.Username = 'vpn' AND ADK> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id ADK> óÅÎ 4 20:30:14 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK ADK> óÅÎ 4 20:30:15 fast radiusd: sql_postgresql: affected rows = ADK> óÅÎ 4 20:30:15 fast radiusd: rlm_sql: unknown attribute ^IService-Type ADK> óÅÎ 4 20:30:15 fast radiusd: rlm_sql: Error getting data from database ADK> óÅÎ 4 20:30:15 fast radiusd: radius_xlat: 'SELECT ADK> id,UserName,Attribute,Value FROM radreply WHERE Username = 'vpn' ORDER ADK> BY id' ADK> óÅÎ 4 20:30:15 fast radiusd: query: SELECT id,UserName,Attribute,Value ADK> FROM radreply WHERE Username = 'vpn' ORDER BY id ADK> óÅÎ 4 20:30:15 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK ADK> óÅÎ 4 20:30:15 fast radiusd: sql_postgresql: affected rows = ADK> óÅÎ 4 20:30:15 fast radiusd: radius_xlat: 'SELECT ADK> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value ADK> FROM radgroupreply,usergroup WHERE usergroup.Username = 'vpn' AND ADK> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' ADK> óÅÎ 4 20:30:15 fast radiusd: query: SELECT ADK> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value ADK> FROM radgroupreply,usergroup WHERE usergroup.Username = 'vpn' AND ADK> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id ADK> óÅÎ 4 20:30:15 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK ADK> óÅÎ 4 20:30:15 fast radiusd: sql_postgresql: affected rows = ADK> óÅÎ 4 20:30:15 fast radiusd: rlm_sql: check items ADK> óÅÎ 4 20:30:15 fast radiusd: NT-Password ?? 0x ADK> óÅÎ 4 20:30:15 fast radiusd: Auth-Type ?? MS-CHAP ADK> óÅÎ 4 20:30:15 fast radiusd: rlm_sql: reply items ADK> óÅÎ 4 20:30:15 fast radiusd: Framed-IP-Address ?? 10.10.1.1 ADK> óÅÎ 4 20:30:15 fast radiusd: Framed-Protocol ?? PPP ADK> óÅÎ 4 20:30:16 fast radiusd: Service-Type ?? Framed-User ADK> óÅÎ 4 20:30:16 fast radiusd: rlm_sql: request items ADK> óÅÎ 4 20:30:16 fast radiusd: Service-Type ?? Framed-User ADK> Sep 4 20:30:16 fast pppd[31112]: CHAP peer authentication failed for ADK> remote host vpn
Re: Fwd: Re[2]: MSCHAP2 + pptpd + pppd 2.4.2 + Postgres problems
Dear 3APA3A, I aplied your patch and what I get: óÅÎ 4 20:30:14 fast radiusd: rad_recv: Access-Request packet from host 127.0.0.1:2547, id=79, length=131 óÅÎ 4 20:30:14 fast radiusd: ^IService-Type ?? Framed-User óÅÎ 4 20:30:14 fast radiusd: ^IFramed-Protocol ?? PPP óÅÎ 4 20:30:14 fast radiusd: ^IUser-Name ?? "vpn" óÅÎ 4 20:30:14 fast radiusd: ^IMS-CHAP-Challenge ?? 0xccf0cb92f266f2ba3c3090a2352d5e20 óÅÎ 4 20:30:14 fast radiusd: ^IMS-CHAP2-Response ?? 0x0100e24ac8421dcfd92300d62af48929e5c34ba11f1b0681dfd39f5e107858fa565653f3eae9d006d9e0 óÅÎ 4 20:30:14 fast radiusd: ^INAS-IP-Address ?? 127.0.0.1 óÅÎ 4 20:30:14 fast radiusd: ^INAS-Port ?? 0 óÅÎ 4 20:30:14 fast radiusd: modcall: entering group authorize óÅÎ 4 20:30:14 fast radiusd: modcall[authorize]: module "preprocess" returns ok óÅÎ 4 20:30:14 fast radiusd: rlm_realm: Looking up realm NULL for User-Name = "vpn" óÅÎ 4 20:30:14 fast radiusd: rlm_realm: No such realm NULL óÅÎ 4 20:30:14 fast radiusd: modcall[authorize]: module "suffix" returns noop óÅÎ 4 20:30:14 fast radiusd: users: Matched DEFAULT at 152 óÅÎ 4 20:30:14 fast radiusd: users: Matched DEFAULT at 171 óÅÎ 4 20:30:14 fast radiusd: users: Matched DEFAULT at 178 óÅÎ 4 20:30:14 fast radiusd: modcall[authorize]: module "files" returns ok óÅÎ 4 20:30:14 fast radiusd: radius_xlat: 'vpn' óÅÎ 4 20:30:14 fast radiusd: sql_set_user: escaped user --> 'vpn' óÅÎ 4 20:30:14 fast radiusd: radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'vpn' ORDER BY id' óÅÎ 4 20:30:14 fast radiusd: rlm_sql: Reserving sql socket id: 1 óÅÎ 4 20:30:14 fast radiusd: query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'vpn' ORDER BY id óÅÎ 4 20:30:14 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK óÅÎ 4 20:30:14 fast radiusd: sql_postgresql: affected rows = óÅÎ 4 20:30:14 fast radiusd: radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'vpn' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' óÅÎ 4 20:30:14 fast radiusd: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'vpn' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id óÅÎ 4 20:30:14 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK óÅÎ 4 20:30:15 fast radiusd: sql_postgresql: affected rows = óÅÎ 4 20:30:15 fast radiusd: rlm_sql: unknown attribute ^IService-Type óÅÎ 4 20:30:15 fast radiusd: rlm_sql: Error getting data from database óÅÎ 4 20:30:15 fast radiusd: radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'vpn' ORDER BY id' óÅÎ 4 20:30:15 fast radiusd: query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'vpn' ORDER BY id óÅÎ 4 20:30:15 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK óÅÎ 4 20:30:15 fast radiusd: sql_postgresql: affected rows = óÅÎ 4 20:30:15 fast radiusd: radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'vpn' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' óÅÎ 4 20:30:15 fast radiusd: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'vpn' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id óÅÎ 4 20:30:15 fast radiusd: rlm_postgresql Status: PGRES_TUPLES_OK óÅÎ 4 20:30:15 fast radiusd: sql_postgresql: affected rows = óÅÎ 4 20:30:15 fast radiusd: rlm_sql: check items óÅÎ 4 20:30:15 fast radiusd: NT-Password ?? 0x óÅÎ 4 20:30:15 fast radiusd: Auth-Type ?? MS-CHAP óÅÎ 4 20:30:15 fast radiusd: rlm_sql: reply items óÅÎ 4 20:30:15 fast radiusd: Framed-IP-Address ?? 10.10.1.1 óÅÎ 4 20:30:15 fast radiusd: Framed-Protocol ?? PPP óÅÎ 4 20:30:16 fast radiusd: Service-Type ?? Framed-User óÅÎ 4 20:30:16 fast radiusd: rlm_sql: request items óÅÎ 4 20:30:16 fast radiusd: Service-Type ?? Framed-User Sep 4 20:30:16 fast pppd[31112]: CHAP peer authentication failed for remote host vpn óÅÎ 4 20:30:16 fast radiusd: Framed-Protocol ?? PPP óÅÎ 4 20:30:16 fast radiusd: User-Name ?? "vpn" óÅÎ 4 20:30:16 fast radiusd: MS-CHAP-Challenge ?? 0xccf0cb92f266f2ba3c3090a2352d5e20 Sep 4 20:30:16 fast pppd[31112]: Connection terminated. óÅÎ 4 20:30:16 fast radiusd: MS-CHAP2-Response ?? 0x0100e24ac8421dcfd92300d62af48929e5c300 Sep 4 20:30:16 fast pppd[31112]: Exit. óÅÎ 4 20:30:16 fast radiusd: NAS-IP-Address ?? 127.0.0.1 Sep 4 20:30:16 fast pptpd[3]: GRE: read(fd=5,buffer=804d9c0,len=8196) from PTY failed: status = -1 error = Input/output erro
Re: mysql modules
hi alan :) > > it is definitive, however, in my case the headers are installed in > > /usr/local/mysql/include (the mysql.h file is in this directory) > > Everyone installs things in different places, and expects the poor > 'configure' script to figure it all out . no, i don't expect it to find it. but i _do_ expect it to use the path i've just given to it as command-line parameter. in that case it shouldn't add any underpathes, the path should be used like it is, what do you think? > > why does he look for mysql/mysql.h? the file is directly in the provided > > include directory. > > It looks there because that's where the default mysql install puts > it. well, not in my case: ./mysql Ver 11.17 Distrib 3.23.49a, for pc-linux-gnu (i686). and as i said, i copied it into the directory, it can't find it. i don't get it... > So submit a patch. Look at the rest of the 'configure.in' scripts > for examples of what to do. sorry, i have no idea how to do so. > > and the third one: do you know if the MPPE-patch for the TLS module > > (Henrik and Lars) has been integrated into sources? > > I don't know. Have you tried looking in the source? ok, i will take a look, thank you. ciao artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql modules
Artur Hecker <[EMAIL PROTECTED]> wrote: > it is definitive, however, in my case the headers are installed in > /usr/local/mysql/include (the mysql.h file is in this directory) Everyone installs things in different places, and expects the poor 'configure' script to figure it all out . > why does he look for mysql/mysql.h? the file is directly in the provided > include directory. It looks there because that's where the default mysql install puts it. > can you help me resolve this? otherwise i will have to change the > makefiles manually... I think there was a patch to fix this, but I can't find it now... So submit a patch. Look at the rest of the 'configure.in' scripts for examples of what to do. > and the third one: do you know if the MPPE-patch for the TLS module > (Henrik and Lars) has been integrated into sources? I don't know. Have you tried looking in the source? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql modules
hi alan Alan DeKok wrote: > > =?iso-8859-1?q?ho=20k?= <[EMAIL PROTECTED]> wrote: > > configure: warning: mysql headers not found. Use > > --with-mysql-include-dir=. > > configure: warning: sql submodule 'mysql' disabled > > That's pretty definitive. So why did you bother trying to configure it is definitive, however, in my case the headers are installed in /usr/local/mysql/include (the mysql.h file is in this directory) but if i do: ./configure --with-mysql-include-dir=/usr/local/mysql/include (i use the snapshot from the FTP site (20020904)) it says: configuring in src/modules/rlm_sql/drivers/rlm_sql_mysql running /bin/sh ./configure --with-mysql-include-dir=/usr/local/mysql/include --enable-ltdl-install --enable-ltdl-install --cache-file=../../../../.././config.cache --srcdir=. checking for mysql/mysql.h... no configure: warning: mysql headers not found. Use --with-mysql-include-dir=. configure: warning: sql submodule 'mysql' disabled why does he look for mysql/mysql.h? the file is directly in the provided include directory. i even tried to create a subdir in the include-dir above called "mysql" and i copied all the files in it, so mysql/mysql.h definitely exists in the given directory but it doesn't work. can you help me resolve this? otherwise i will have to change the makefiles manually... and another question on the way: the configure script silently discards the compilation of rlm_eap_tls since it can't find openssl.h and libcrypto but it doesn't provide any options (--with...) how to give their location. and the third one: do you know if the MPPE-patch for the TLS module (Henrik and Lars) has been integrated into sources? thanks for your time, artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: DialAdmin - Password Change Problem
Thanks for the fix Sheldon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kostas Kalevras Sent: Wednesday, September 04, 2002 11:36 AM To: Freeradius-Users Subject: Re: DialAdmin - Password Change Problem On Wed, 4 Sep 2002, Sheldon Fougere wrote: > Hi, > > When using Dailup_Admin 1.55, I get the following error when trying to > change a user password: > > Error while changing password: You have an error in your SQL syntax near > 'AND op =) VALUES > ('User-Password','$1$2nzSd/8M$Svrz1Rs6Goe2oiwngQF2v/','she' at line 1 > > I've looked for SQL statements in the Dialup_Admin files (sql.attrs, > sql.attrmap) but couldn't find anything in there. Is this a problem with > the sql.conf in the /etc/raddb directory? > > I am using an earlier version of 0.7 Freeradius. > > Thanks, > Sheldon OK, do a cvs update from the freeradius cvs or in lib/sql/change_passwd.php3 after if ($config[sql_use_operator] == 'true'){ $text1 = ',op'; $text2 = ",':='"; $text3 = "AND op = ':='"; } add else{ $text1 = ''; $text2 = ''; $text3 = ''; } Thanks for the bug report -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DialAdmin - Password Change Problem
On Wed, 4 Sep 2002, Sheldon Fougere wrote: > Hi, > > When using Dailup_Admin 1.55, I get the following error when trying to > change a user password: > > Error while changing password: You have an error in your SQL syntax near > 'AND op =) VALUES > ('User-Password','$1$2nzSd/8M$Svrz1Rs6Goe2oiwngQF2v/','she' at line 1 > > I've looked for SQL statements in the Dialup_Admin files (sql.attrs, > sql.attrmap) but couldn't find anything in there. Is this a problem with > the sql.conf in the /etc/raddb directory? > > I am using an earlier version of 0.7 Freeradius. > > Thanks, > Sheldon OK, do a cvs update from the freeradius cvs or in lib/sql/change_passwd.php3 after if ($config[sql_use_operator] == 'true'){ $text1 = ',op'; $text2 = ",':='"; $text3 = "AND op = ':='"; } add else{ $text1 = ''; $text2 = ''; $text3 = ''; } Thanks for the bug report -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with detail file
Aleksey Trubin <[EMAIL PROTECTED]> wrote: > First, radius can't get detail file from NAS... radiusd.conf seems allright. > This very impotant for me to get detail from NAS! This is a question in the FAQ. > Second. Somehow first character in username is disappire (if username > starts from uppercase letter) See the 'hints' file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql modules
=?iso-8859-1?q?ho=20k?= <[EMAIL PROTECTED]> wrote: > configure: warning: mysql headers not found. Use > --with-mysql-include-dir=. > configure: warning: sql submodule 'mysql' disabled That's pretty definitive. So why did you bother trying to configure mysql in the server at run time, when nothing was built? Install the MySQL headers and libraries. There's nothing you can do to the server to make it work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Vendor Code
"Sheldon Fougere" <[EMAIL PROTECTED]> wrote: > Do I have to apply for a Vendor code to create a VSA? Yes, and no. If you want to guarantee that no one else will re-use your number, then you've got to apply. If you're willing to live with imperfection, then pick a number larger than (1 << 24) (16 million or so), and you should usually be OK. > If so where do I apply? www.iana.org, see 'private enterprise codes' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to set up user time interval
Ruslan Spivak <[EMAIL PROTECTED]> wrote: > I need to have service for dialup clients - let's call it 'interval', > so that, for example, user A can work only 10 hours(he can spent his > limit during month or week or day - no matter) and access will be > disabled, user B - 30 hours an so on. > > Is it possible to implement this in radius using sql and what A/V pair > I need for that? See: http://www.freeradius.org/rfc/attributes.html Look for an attribute with a name that looks like it might help, and click on the link. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DialAdmin - Password Change Problem
Hi, When using Dailup_Admin 1.55, I get the following error when trying to change a user password: Error while changing password: You have an error in your SQL syntax near 'AND op =) VALUES ('User-Password','$1$2nzSd/8M$Svrz1Rs6Goe2oiwngQF2v/','she' at line 1 I've looked for SQL statements in the Dialup_Admin files (sql.attrs, sql.attrmap) but couldn't find anything in there. Is this a problem with the sql.conf in the /etc/raddb directory? I am using an earlier version of 0.7 Freeradius. Thanks, Sheldon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Understanding FreeRADIUS authorization, authentication and attribute lists.
Dear Alex D. Krivoshein, --Tuesday, August 27, 2002, 11:33:37 PM, you wrote to [EMAIL PROTECTED]: ADK> Dear 3APA3A, ADK> I read your last article with great pleasure, but I still have some ADK> questions. ADK> 1. How can I mark pair to be a configure atribute but not a check ADK> atribute - I tried to set ADK> different values in op field in the database, but had no result. It depends on module your use. I don't like rlm_sql configuration (hope you mean it) because it's unclear. To add attributes to reply you have to make this attributes in reply table. In order to add some attributes to configure list you have to add these attributes into check table with ':=' (T_OP_SET) or '+=' (T_OP_ADD) operation. ADK> 2. Which item must be set into check list in mschap authorization? ADK> With hope, Alex ADK> - ADK> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Ñòðåëÿÿ âî âòîðîé ðàç, îí èñêàëå÷èë ïîñòîðîííåãî. Ïîñòîðîííèì áûë ÿ. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to set up user time interval
On Wed, 4 Sep 2002, Ruslan Spivak wrote: > Hello freeradius-users, > > I need to have service for dialup clients - let's call it 'interval', > so that, for example, user A can work only 10 hours(he can spent his > limit during month or week or day - no matter) and access will be > disabled, user B - 30 hours an so on. > > Is it possible to implement this in radius using sql and what A/V pair > I need for that? > > TIA > > > Best regards, > Ruslan mailto:[EMAIL PROTECTED] Check out the counter module. Set reset to 'never' and add a corresponding check-name attribute in the sql user profiles and you are done. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vendor Code
Hi All, Do I have to apply for a Vendor code to create a VSA? If so where do I apply? Thanks, Sheldon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:Radius with LDAP
On Wed, 4 Sep 2002, Deborshi Gupta wrote: > > I would like to know that once I make necessary changes in the radiusd.conf for the >connection to Open LDAP how do I > retrieve and store the info in LDAP.Does all auth & acc requests get stored in LDAP >automatically and I can retrieve > it at any point of time. Accounting is not stored in LDAP. You should really *know* at least the basics about LDAP before using it. Nothing gets stored automatically; you need to first populate your ldap database with users before you start using ldap for authorization/authentication. You could use the dialup_admin web interface for that. > > I have another problem.When I set up the proxy it says "Proxy Reply arrived too >late".How can I solve this problem. > > Finally how do I see the response packet (Contents decoded). > > Regards > > Deborshi > > > Deborshi Gupta > > > >_ > Chat with friends online, try MSN Messenger: Click Here > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter accessing an external database ...
Hi everybody, I've been using sqlcounter with mysql for a while without a problem (thanks to developers). Now, I want to use it with an external database/table, I mean to check the quota time from another personal table. As I undertand, it should work by only specifying a new sql module, and pointing the sqlcounter's sqlmod-inst into it. However when try to do that, it does not work, the rlm_sqcounter steps seem ok (cf. the part of log below in debug mod), but I do not find any corresponding mysql query. So, is it possible to do that ? If yes, what might be wrong in my config ? Thanks in advance, -- part of my config -- # # Configuration for the SQL module. # sql sql_simrad { # Database type # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, rlm_sql_iodbc, rlm_sql_oracle driver = "rlm_sql_mysql" # Connect info server = "ntp" login = "myuser" password = "mypassword" # Database table configuration radius_db = "simrad" ... } ... # # sql counter configuration ... sqlcounter sqlcounter_monthly_simrad { counter-name = SQL-Monthly-Session-Time check-name = SQL-Max-Monthly-Session-Time sqlmod-inst = sql_simrad key = User-Name query = "SELECT SUM(SessionTime) FROM simacct WHERE UserName='%{%k}'" reset = monthly } -- here is the output of the radius server -- rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(SessionTime) FROM simacct WHERE UserName='%{User-Name}'' radius_xlat: 'SELECT SUM(SessionTime) FROM simacct WHERE UserName='do-risika'' sqlcounter_expand: '%{sql_simrad:SELECT SUM(SessionTime) FROM simacct WHERE UserName='do-risika'}' radius_xlat: '' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user do-risika, check_item=108000, counter=0 rlm_sqlcounter: Sent Reply-Item for user do-risika, Type=Session-Timeout, value=108000 modcall[authorize]: module "sqlcounter_monthly_simrad" returns ok @+ -- DouRiX \\\|/// ___ \\ - - // ___ __ | _ oOOo_@ @_oOOo| _ \(_) \/ / | | | |/ _(_) | | | |_| ) |\ / | |_| | (_) | |_| | _ <| |/ \ |/ \___/ \_O| \_\_/_/\_\ f u cn rd ths u r usng unx O ) / ( )(_/ \ ( \_) [Stupid questions are better than stupid mistakes. --Japanese proverb] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to set up user time interval
Hello freeradius-users, I need to have service for dialup clients - let's call it 'interval', so that, for example, user A can work only 10 hours(he can spent his limit during month or week or day - no matter) and access will be disabled, user B - 30 hours an so on. Is it possible to implement this in radius using sql and what A/V pair I need for that? TIA Best regards, Ruslan mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:Radius with LDAP
I would like to know that once I make necessary changes in the radiusd.conf for the connection to Open LDAP how do I retrieve and store the info in LDAP.Does all auth & acc requests get stored in LDAP automatically and I can retrieve it at any point of time. I have another problem.When I set up the proxy it says "Proxy Reply arrived too late".How can I solve this problem. Finally how do I see the response packet (Contents decoded). Regards DeborshiDeborshi Gupta Chat with friends online, try MSN Messenger: Click Here - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with detail file
Hi all! I use Freeradius 0.5 on FreeBSD4.5. My NAS is MAX6000. I have problems with this... First, radius can't get detail file from NAS... radiusd.conf seems allright. This very impotant for me to get detail from NAS! Second. Somehow first character in username is disappire (if username starts from uppercase letter) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
100M¿Õ¼ä=50Ôª/Äê
×𾴵Ŀͻ§£º ÄúºÃ£¡ http://www.idc2000.com ×îÍêÉƵķþÎñ£º ÔÚÏßÖ§¸¶¡¢ÔÚÏß×¢²á¡¢ÔÚÏß¹ÜÀí¡¢800È«¹úÃâ·Ñµç»°¡¢WEBÔÚÏß½»Ì¸ ÂÛ̳ʵʱ×Éѯ¡¢¹¤×÷ÈËÔ±24Сʱֵ°à¡¢·þÎñÆ÷È«Ììºò¼à¿Ø ... ... ×îÓŻݵļ۸ñ£º 100M HTML¿Õ¼ä = 50Ôª/Äê 200M HTML¿Õ¼ä + ¹ú¼ÊÓòÃû = 150Ôª/Äê 40M ¿Õ¼ä(ASP/CGI/PHP) + 40M ÆóÒµÓÊÏä + ¹ú¼ÊÓòÃû = 198Ôª/Äê 200M ¿Õ¼ä(ASP/CGI/PHP) + 200M ÆóÒµÓÊÏä + ¹ú¼ÊÓòÃû = 338Ôª/Äê 400M/8Óû§ ³¬´ó×ÊÁÏ´«ËÍÖÐÐÄ = 400Ôª/Äê ÒÔÉÏÖ»ÊÇÁãÊÛ¼Û¸ñ¡£»¶ÓÑ¡¹º£¬Ò²»¶ÓÄú³ÉΪÎÒÃǵĴúÀíÉÌ! ÎÒÃÇ»¹ÓиüÓÅÖʵķþÎñºÍ¸üÓŻݲúÆ·£¬Ïê¼û http://www.idc2000.com ¡£ ÏÃÃÅÊý×ÖÒýÇæÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾ ÁªÏµÈË£ºÈÄÏÈÉú £¨ÏêϸÁªÏµ·½Ê½²Î¼ûÍøÕ¾£© --- ·ÐµãȺ·¢Óʼþ,À´×ÔÈí¼þ¹¤³Ìר¼ÒÍø(http://www.21cmm.com) ½øCMMÍøУ(http://www.21cmm.com)£¬³ÉÏîÄ¿¹ÜÀíר¼Ò - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySql Module Installation
Dear All I can't find any rlm_sql_mysql* in /usr/local/lib and my MySQL 3.23.52 Solaris 2.7 (Sparc)is a binary package version. I also used gcc 3.2 version for compiling freeradius0.7, the command steps are "./configure --with-mysql-include-dir=/usr/local/mysql/include", "make" and "make install" When I start radius -X, here is the error: rlm_sql: Could not link driver rlm_sql_mysql: file not found rlm_sql: Make sure it (and all its dependent libraries!) are in the search path of your sys tem's ld. radiusd.conf[11]: sql: Module instantiation failed. Anyone can tell what's wrong Regards k ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP module crashes
On Wed, 4 Sep 2002, Stefan Radovanovici wrote: > > > > tests I added some more reply items but this makes the LDAP module to > > > crash. If I keep the number of reply items low, it works fine. Here is a > > > working log request. Next will follow the log when I have added one more > > > reply items. > > Could you post the new reply item you added? > > The added reply item is the bintecipNatPresetTable variable with the value > "IfIndex=1000 IntAddr=192.168.150.0 IntMask=255.255.255.0 ExtAddr=10.16.1.10 > ExtMask=255.255.255.0". But it ended up kinda truncated (as seen from the log), > everything after ExtAddr is gone. > > If, for example, I shorten the value, works fine, no crash. I tried several > values, it does not seem to matter. What seems to matter is the length > OK, thanks for the bug report, there was a problem when the attribute value was larger than the available buffer space. Try a cvs update on the rlm_ldap module and it should work fine. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP module crashes
> > tests I added some more reply items but this makes the LDAP module to > > crash. If I keep the number of reply items low, it works fine. Here is a > > working log request. Next will follow the log when I have added one more > > reply items. > > Could you post the new reply item you added? > Do you get a core dump? If not enable core dumps in the config file > (allow_core_dumps = yes) and in the shell (ulimit -c unlimited) > Do a backtrace on the core file if you get one and send back the results. I enabled core but I do not get one when the segmentation fault occurs :-/ Some more tests showed that as soon as the attribute value length exceedes 64 bytes, the server crashes. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP module crashes
> > tests I added some more reply items but this makes the LDAP module to > > crash. If I keep the number of reply items low, it works fine. Here is a > > working log request. Next will follow the log when I have added one more > > reply items. > Could you post the new reply item you added? The added reply item is the bintecipNatPresetTable variable with the value "IfIndex=1000 IntAddr=192.168.150.0 IntMask=255.255.255.0 ExtAddr=10.16.1.10 ExtMask=255.255.255.0". But it ended up kinda truncated (as seen from the log), everything after ExtAddr is gone. If, for example, I shorten the value, works fine, no crash. I tried several values, it does not seem to matter. What seems to matter is the length > Do you get a core dump? If not enable core dumps in the config file > (allow_core_dumps = yes) and in the shell (ulimit -c unlimited) > Do a backtrace on the core file if you get one and send back the results. I will try to enable core and see if I get one, will send the results. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql modules
Dear All I would like to use mysql module in freeradius0.7 and run the "configure" commend as: #./configure --with-mysql-lib-dir=/usr/local/mysql/lib --with-mysql-include-dir=/usr/local/mysql/include as well as MySql has been installed in /usr/local/mysql Here is the warning in configuring rlm_sql_mysql: * #configuring in rc/modules/rlm_sql/drivers/rlm_sql_mysql running /bin/sh ./configure --with-mysql-lib-dir=/usr/local/mysql/lib --with-mysql-include -dir=/usr/local/mysql/include --enable-ltdl-install --enable-ltdl-install --cache-file=../. ./../../.././config.cache --srcdir=. loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking how to run the C preprocessor... (cached) gcc -E checking for compress in -lz... (cached) no checking for mysql/mysql.h... no configure: warning: mysql headers not found. Use --with-mysql-include-dir=. configure: warning: sql submodule 'mysql' disabled creating ./config.status creating Makefile I neglect the warning and run make, make install. and the radiusd.conf be modified as ** authorize { preprocess suffix sql files RAS } authenticate { sql } preacct { preprocess suffix files } accounting { detail unix sql RAS radutmp } session { radutmp } ** and then starting radius -X, Here is the ouput ** read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "root" sql: password = "rootpass" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Us ername = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Us ername = '%{SQL-User-Name}' ORDER BY id" ... rlm_sql: Could not link driver rlm_sql_mysql: file not found rlm_sql: Make sure it (and all its dependent libraries!) are in the search path of your sys tem's ld. radiusd.conf[11]: sql: Module instantiation failed. * Can you help me to solve the problem? Regards K ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multilink PPP
Yes, it looks like it. When I put Framed-Compression = none multilink works fine. Thanks a lot, Iasonas At 09:13 04/09/02 +0200, you wrote: >Iasonas Charalambous wrote: > > Can anyone help me on this? > > > > I am using cisco access server 5300 and freeradius 0.7. I can work ppp > > multilink with the 5300 and tacacs but I cannot make it work with > > freeradius. My users file looks like this: > > > > testuser Auth-Type := Local, Password == "welcome" , Simultaneous-Use := 1 > > Port-Limit = 2, > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Framed-Compression = Van-Jacobsen-TCP-IP, > > > > During an ISDN multilink call I get the following on the 5300: > > > > Vi1 MLP: Clone AAA per-user attributes > > Vi1 MLP: Invalid AAA per-user attributes > > Se0:12 MLP: Bundle failed in creation/cloning > > Se0:12 MLP: Link for 222859595 not added to bundle > >that's probably because VJ header compression doesn't work with >Multilink - at least not on those as5300 I know. > > >Rainer > >-- >KeyID=759975BD fingerprint=887A 4BE3 6AB7 EE3C 4AE0 B0E1 0556 E25A 7599 75BD > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___ Iasonas Charalambousemail: [EMAIL PROTECTED] CYPRUS TELECOM. AUTHORITY FAX: + 357 2 486634 Value Added Serviceswww: http://www.cytanet.com.cy Telecommunications Str P.O.Box 24929, CY-1396 Nicosia, Cyprus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html