Re: Detaching from SQL (postgresql) server
> After 'killall -KILL radiusd' or 'rc.radiusd stop' I notice > (in postgresql log) messages like this: > > pq_recvbuf: unexpected EOF on client connection > > It's seems that radiusd does not cleanup sql module > properly and connections to server are not closes > in regular way (eg. via PGfinish()). I have the same problem. Furthermore, "pq_recvbuf: unexpected EOF on client connection" server get for _all_ requests to my server (including start,stop,alive RADIUS-packets)!! I have started using FreeRADIUS from 0.4 version, and this problem persist... > > What's wrong? > > The second -- in sql_postgresql.c sql_free_result is marked > as 'not_implemented' in rlm_sql_postgresql structure, however > sql_free_result function is declared and implemented. Maybe I > need simply export this function in rlm_sql_postgresql structure? > Calling PQclear is critical in order to avoid memory leaks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a question about reconnect
freeradius-users: when i read the source code of v0.7, i found that when sql drivers return SQL_DOWN, sql.c will call sql_init_socket() to reconnect, the question is why not call sql_close_socket() first? does it necessary? another question is about oci ,in oracle driver, how to judge SQL_DOWN is not implemented, i want to know , in oci, what error code means SQL_DOWN? sorry for my poor english,and thanks for your help. tanliyan [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: configure errors while compiling
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin@;lists.cistron.nl]On Behalf Of KP Rao Sent: Thursday, October 17, 2002 7:49 PM To: [EMAIL PROTECTED] Subject: configure errors while compiling Hi All, I am trying to compile freeradius and getting this error message. Run out of ideas what may be causing the error. Any help would be appreciate. Using version # ./configure loading cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... no configure: error: installation or configuration problem: C compiler cannot creat e executables. # ls -l /usr/local/bin/gcc -rwxr-xr-x 2 bin bin 345052 Aug 28 05:18 /usr/local/bin/gcc # uname -a SunOS CPMgmtStn 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-60 Any good soul have a binary package for Solaris 2.8 Thanks in advance. --kp I have been trying to find Solaris binaries as well, but so far no response. I have a different (but just as fatal problem) - also no response so far. I would test gcc to compile "hello, world" and see if that works. You may possibly have a file permission problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configure errors while compiling
Hi All, I am trying to compile freeradius and getting this error message. Run out of ideas what may be causing the error. Any help would be appreciate. Using version # ./configure loading cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... no configure: error: installation or configuration problem: C compiler cannot creat e executables. # ls -l /usr/local/bin/gcc -rwxr-xr-x 2 bin bin 345052 Aug 28 05:18 /usr/local/bin/gcc # uname -a SunOS CPMgmtStn 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-60 Any good soul have a binary package for Solaris 2.8 Thanks in advance. --kp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Call-Check
All, I'm trying to get the server to successfully authorize a call, to no avail. I know I had this working at one point, but I guess I just got lucky and the latest version no longer works with my users file. Here is what I have in my users file. 000a8afa7d53Auth-Type := Accept, Service-Type == Call-Check Service-Type = Call-Check, Session-Timeout = 100, Idle-Timeout = 100 You will notice the lack of a password, which is intentional since this is simply a request to accept the call. Here is the packet: --- Walking the entire request list --- Cleaning up request 6 ID 34 with timestamp 3daf3b91 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.16.1.69:35258, id=35, length=84 User-Name = "000a8afa7d53" Calling-Station-Id = "000a8afa7d53" NAS-Port = 1 NAS-IP-Address = 69.1.16.172 Service-Type = Call-Check modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_eap: EAP-Message not found modcall[authorize]: module "eap" returns noop modcall[authorize]: module "suffix" returns ok modcall[authorize]: module "mschap" returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. Login incorrect: [000a8afa7d53/] (from nas pat_little_box port 1 cli 000a8afa7d53) Delaying request 8 for 1 seconds Finished request 8 Going to the next request Again, it's complaining I don't have a password, and that's exactly what I want. Authorize only please. Does anyone have any thoughts? Thanks, PatC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie: Three freeradius questions
> 1. EAP/TLS support, what do I need to get this support in > freeradius. I've read [*] that it needs openssl-0.9.7, isn't openssl-0.9.6g > enough? [OT] Is there a way to check if openssl supports EAP/TLS Answering to myself :), well according to http://www.freeradius.org/radiusd/doc/rlm_eap everything better that openssl-0.9.6b will work, good. -- Damjan Georgievski - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie: Three freeradius questions
Hello everyone, I'm new to Freeradius but would like to use it to replace old billing solution. For now I only have three questions: I have downloaded and compiled freeradius 0.7.1. 1. EAP/TLS support, what do I need to get this support in freeradius. I've read [*] that it needs openssl-0.9.7, isn't openssl-0.9.6g enough? [OT] Is there a way to check if openssl supports EAP/TLS [*] http://www.missl.cs.umd.edu/wireless/eaptls/ 2. Python support, I'm delighted that I can do the work in python. Now, I dont need the other modules in freeradius, how can I make the most striped freeradius version with only rlm_python support (and other mandatory stuff). 3. Does freeradius support the "Acct-Status-Type Interim-Update" packet? Thanks. -- Damjan Georgievski - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
Guillermo Schimmel <[EMAIL PROTECTED]> wrote: > I will have to wait at least until 0.8 (That sounds stable enough for > him. I don't get it.) > > So, there isn't any chances for me to rewrite the Calling-Station-Id value? Not until 0.8, sorry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
Ok . Thanks. Unfortunately, my boss doesn't want to upgrade the freeradius to the cvs version. He is getting older and it's starting to like stability. I will have to wait at least until 0.8 (That sounds stable enough for him. I don't get it.) So, there isn't any chances for me to rewrite the Calling-Station-Id value? Thank you very much to both of you Alan and Chris for your time. Guillermo Alan DeKok wrote: Chris Parker <[EMAIL PROTECTED]> wrote: You will probably want to try an entry similar to: DEFAULT Called-Station-Id == "40004009" Called-Station-Id := "1140004009" I believe it will work both before authorization and accounting, though I'm not positive on the accounting part. When using preproxy, *all* requests which get proxied get passed through the 'preproxy_users' file. This means BOTH accounting and authentication. It may be useful to split them up, but that may be more work than it's worth. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do I get freeRadius to use MS-CHAPv2 ? (MSChap Mismatch)
I have a vpn that is
talking mschapv2 to freeRadius. I get a MS-CHAP mismatch and
authentication failure even when I configure FR to use MS-CHAPv2. Am I
missing a configuration spot? I can't put it in the user file since it
only takes ms-chap as an argument.
I've read the
docs, I bought the book (finished it last night at about 3), but I can't get
this dog to hunk. Any assistance is greatly
appreciated.
Anyway, here
is the failure trace followed by the mschap portion of radius.conf, the users
section for demo user steve, and the startup trace which shows that it read
mschap2?
TIA
==
Listening on IP
address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.Ready to
process requests.rad_recv: Access-Request packet from host
192.168.0.2:32770, id=11,
length=121 Service-Type =
Framed-User Framed-Protocol =
PPP User-Name =
"steve" MS-CHAP-Challenge =
0x0c530d958865359599f730d1efcef034
MS-CHAP2-Response =
0x010049f496e0e4edd9b5de36d648ff27c03daa8dbe307bda7b321f02ad554eff263ceddcbeaed6301747modcall:
entering group authorize modcall[authorize]: module "preprocess"
returns ok rlm_realm: Looking up realm NULL for User-Name
= "steve" rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop users:
Matched DEFAULT at 152 users: Matched DEFAULT at
171 users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok modcall[authorize]:
module "mschap" returns notfoundmodcall: group authorize returns
ok rad_check_password: Found Auth-Type Systemauth: type
"System"modcall: entering group authenticaterlm_unix: Attribute
"User-Password" is required for authentication. modcall[authenticate]:
module "unix" returns invalidmodcall: group authenticate returns
invalidauth: Failed to validate the user.Delaying request 0 for 1
secondsFinished request 0Going to the next request--- Walking the
entire request list ---Waking up in 1 seconds...--- Walking the entire
request list ---Waking up in 1 seconds...--- Walking the entire request
list ---Sending Access-Reject of id 11 to
192.168.0.2:32770 MS-CHAP-Error =
"\001E=691 R=1"Waking up in 4 seconds...--- Walking the entire request
list ---Cleaning up request 0 ID 11 with timestamp
3daedbaa
Here is the part of
radiusd.conf where I tell it to use mschapv2..
# Microsoft
CHAP authentication # # This module supports SAMBA
passwd file authorization # and MS-CHAP, MS-CHAPv2
authentication. However, we recommend # using the 'passwd'
module, below, as it's more general. # mschap
{ # if given, passwd shows location of # SAMBA
passwd file # passwd = /etc/smbpasswd #
please note that smbpasswd authorization in # mschap is for
compatibility only. It works # slow and shouldn't be
used. # use rlm_passwd module instead in authorize
section # you can find configuration example for #
passwd etc_smbpasswd # below
#
authtype value, if present, will be used # to overwrite (or add)
Auth-Type during # authorization. Normally should be
MS-CHAP authtype = MS-CHAPv2# if
ignore_password set to yes mschap will # ignore password set by
any other module during # authorization and will always use
password file ignore_password = yes
# if
use_mppe is not set to no mschap will # add MS-CHAP-MPPE-Keys for
MS-CHAPv1 and # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for
MS-CHAPv2 use_mppe = yes
# if
mppe is enabled require_encryption makes # encryption
moderate require_encryption = yes
#
require_strong always requires 128 bit key #
encryption require_strong = yes }
Here is the user
section for steve (I think the Chap-Password instead of Password is
correct...
## This is a complete entry for "steve". Note that there is no
Fall-Through# entry so that no DEFAULT entry will be used, and the user will
NOT# get any attributes in addition to the ones listed
here.#steve Auth-Type := MS-CHAP, Chap-Password ==
"testing9" Service-Type = Framed-User, Framed-Protocol =
PPP, Framed-IP-Address = 172.16.3.33, Framed-IP-Netmask =
255.255.255.0, Framed-Routing =
Broadcast-Listen, Framed-Filter-Id = "std.ppp", Framed-MTU =
1500, Framed-Compression = Van-Jacobsen-TCP-IP
#
Here is the startup
of the trace that shows that mschapv2 was loaded by modules!
HASH: Stored
37 entries from /etc/passwdHASH: Stored 47 entries from
/etc/groupModule: Instantiated unix (unix)Module: Loaded
MS-CHAP mschap: ignore_password = yes mschap: use_mppe =
yes mschap: require_encryption = yes mschap: require_strong =
yes mschap: passwd = "(null)" mschap: authtype =
"MS-CHAPv2"Module: Instantiated mschap (mschap)Module: Loaded
preprocess preprocess: huntgroups =
"/e
Re: Help with hints/users file please
Chris Parker <[EMAIL PROTECTED]> wrote: > You will probably want to try an entry similar to: > > DEFAULT Called-Station-Id == "40004009" >Called-Station-Id := "1140004009" > > > I believe it will work both before authorization and accounting, though > I'm not positive on the accounting part. When using preproxy, *all* requests which get proxied get passed through the 'preproxy_users' file. This means BOTH accounting and authentication. It may be useful to split them up, but that may be more work than it's worth. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
Please remove me from your list. Thanks. Augustine - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
At 02:44 PM 10/17/2002 -0300, Guillermo Schimmel wrote:
I have downloaded the cvs version, but before start the tests I would like
to know if the pre_proxy feature works for accounting and authentication,
or just authentication.
And how would the config be?
Something like this?
DEFAULT Called-Station-Id == "40004009", Called-Station-Id : = "40004009"
No, look at the sample in the file:
#DEFAULT
# User-Name := `%{Stripped-User-Name:-%{User-Name}}`
You will probably want to try an entry similar to:
DEFAULT Called-Station-Id == "40004009"
Called-Station-Id := "1140004009"
I believe it will work both before authorization and accounting, though
I'm not positive on the accounting part.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
I have downloaded the cvs version, but before start the tests I would like to know if the pre_proxy feature works for accounting and authentication, or just authentication. And how would the config be? Something like this? DEFAULT Called-Station-Id == "40004009", Called-Station-Id : = "40004009" Thanks Chris Parker wrote: At 12:18 PM 10/17/2002 -0300, Guillermo Schimmel wrote: Chris Parker wrote: At 11:41 AM 10/17/2002 -0300, Guillermo Schimmel wrote: Hi list: I have to proxy some request to another's company radius, based on called-station-id. I am doing it with this line: DEFAULT Called-Station-Id == "40004009", Proxy-To-Realm := "prima" Now, the problem is that the PSTN switch that we use, (Ericsson AXE) is a piece of s..., and we receive things like: 40004009 1140004009 (11 is the area code) 12240004009 (122 is our telco code) 1221140004009 (both) And so on There is a regular expression operator that would allow you to do something like: DEFAULT Called-Station-Id =~ "*40004009$", Proxy-To-Realm := "prima" The problem with that is that I have several cities, and the numbers can contain each other, like: City 1: 400040 City 2: 40400040 So I would have to play with the order in with the expresion are evaluated, and I don't like it :) Yes, proper parsing order will be needed. :) How can I rewrite the Called-Station-Id AND Proxy-To-Realm? You could try using the ":=" operator on the second Called-Station-Id attribute. This doesn't work. There is something on "processing_users_file" that says: If an attribute is already present in the check pairlist of the request it will not be changed (see files.c:movepair). Right, so that won't work for you. Also, there is currently a new feature added to the server for 'pre-proxy' under which you could rewrite the attributes before proxying to the remote server. This is a new feature so it's not widely documented yet, but it does exist and should allow you to do what you need. So I think that this could be what I need. What can I read about this? How new is that? It is on 0.7? Or on CVS? It is in the latest CVS version. See the file 'preproxy_users' for more information. It is very basic at the moment, but it does allow you to rewrite attributes prior to proxying. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No accounting acknowledge being sent
[EMAIL PROTECTED] wrote: > I am successfully authenticating users and the response is being received by > the NAS but freeradius is not sending accounting acknowledgements to the > NAS. If you would read the FAQ and run the server in debugging mode, the reason for this behaviour would probably become clear very quickly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
subscribe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No accounting acknowledge being sent
I am successfully authenticating users and the response is being received by the NAS but freeradius is not sending accounting acknowledgements to the NAS. The accounting detail file shows the accounting packets received from the NAS and also radclient but neither get a response. Radclient tries 10 times and gives up. I am using port 1645 for authentication and 1646 for accounting and these are entered in the /etc/services file. Radiusd.conf has the entry port = 0. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status-Server and 3Com Total Control problems
"Miquel van Smoorenburg" <[EMAIL PROTECTED]> wrote: > Some clients use periodic status-server pinging to see if the > server is up. http://www.freeradius.org/rfc/rfc2865.html#Keep-Alives They're bad. > That is useful with a server that has both local users and functions > as a proxy. If the server doesn't keep much local proxy state > (like CistronRad) it might never reply to the client for requests > that are proxied if the remote server is down. > > In that case, the client might start to think the server is down. FreeRADIUS keeps a bit more state, because it's easier to have shared memory with threaded processes, athan with forked ones. So if FreeRADIUS doesn't hear from the remote server withing a configurable timeout, it complains, and sends a Reject to the NAS. > You could show some statistics, I guess. Perhaps only if you send the > right username/password. Sort of a poor mans snmp. Isn't that what SNMP is for? :) > Anyway, it's only a few lines, very trivial. And Cistron does it ;) > For the exact reason outlined above, btw Stolen shamelessy, with edits. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: info
Emiliano Miluzzo wrote: 1- which is the best OS and version between Linux and Unix that supports Freeradius 0.7.1 I'd prefer Linux (Red Hat will be the most common flavor of Linux) and BSD, namely because of price. On most Unix styled systems, there may be some minor configuration issues to get it to compile, but Linux and BSD are the ones that should work the best (IMHO). 2- If to implement a database you can use the file system. If not which type of database I could use ? I prefer the database, and yes, you can make it default to checking the local system for authentication. There are tables that contain Auth-Type fields, and they can be set to "Local" in order to fall back to the unix systems' authentication structure. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status-Server and 3Com Total Control problems
In article <[EMAIL PROTECTED]>, Alan DeKok <[EMAIL PROTECTED]> wrote: > FreeRADIUS doesn't do Status-Server messages. I've never seen a >good reason for them. Some clients use periodic status-server pinging to see if the server is up. That is useful with a server that has both local users and functions as a proxy. If the server doesn't keep much local proxy state (like CistronRad) it might never reply to the client for requests that are proxied if the remote server is down. In that case, the client might start to think the server is down. > I'm not *opposed* to adding Status-Server support to FreeRADIUS, but >I am opposed to adding functionality unless there's a real need for it. You could show some statistics, I guess. Perhaps only if you send the right username/password. Sort of a poor mans snmp. Anyway, it's only a few lines, very trivial. And Cistron does it ;) For the exact reason outlined above, btw # echo 'User-Name="foo"' | radclient radius 12 secret Sending request to server radius, port 1645. radrecv: Packet from host 62.216.13.67 code=2, id=13, length=55 Reply-Message = "Cistron Radius up 128 days, 07:14" Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status-Server and 3Com Total Control problems
Thanks for the reply Alan. > I'm not *opposed* to adding Status-Server support to FreeRADIUS, but > I am opposed to adding functionality unless there's a real need for it. > Is there a straight forward way that I can add Status-Server support into FreeRadius 0.7.1 to see if it will correct the problems we're having? Sorry, but I'm not much of a programmer, more of a perl scripter :-) Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: config info for first time user
Doug Young" <[EMAIL PROTECTED]> wrote: > The 'official' documentation is probably adequate for someone already > familiar with radius, but its totally inadequate for someone trying to > configure radius for the first time. There have been other people installing FreeRADIUS with no experience in RADIUS. They've managed to muddle through. If you have any comments or additions to the documentation, PLEASE submit patches or new files to the list. Sadly, most people installing the server for the first time complain about the lack of docs, and after they've installed it, don't give any feedback as to what problems they had. That's one reason why the docs are so minimal. Another is that it's simply impossible to describe how to set up *your* configuration. Every admin wants something localized, and there's no way that 10,000 different configurations will get documented. Instead, we supply the pieces, and documentation for those pieces. How to put them together is up to you. By following the FAQ, you can have a server up and running in probably 20 minutes. It won't do everything you want, but it will b e working, and you can verify that it's working. After that, you can gradually modify the configuration to do more of what you want. It's the process I use to set up and test a new installation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Groups/sql + multiple conditions
I did some hunting through the archives for using multiple conditions in the radcheck/radgroupcheck tables and what I found seemed to indicate that it isn't possible. Is this the case? A side question. If the above won't work, are 'Group' attribute checks performed against the sql db when they're in used in the users file (and auth is being done by sql) or would it still check against posix groups? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status-Server and 3Com Total Control problems
NetNITCO Systems Administration <[EMAIL PROTECTED]> wrote: > We converted our radius servers from merit/ldap to freeradius/mysql. That's a good first step. I have nothing good to say about Merit. > We had setup a test environment and everything worked fine in all of > the tests and under much load. However, after several hours of > perfect operation, all of our freeradius servers now receive the > following from our Access Router Cards: > rad_recv: Status-Server packet from host 216.176.146.2:1645, id=252, > length=20 Ignoring request from client 216.176.146.2:1645 with > unknown code 12 FreeRADIUS doesn't do Status-Server messages. I've never seen a good reason for them. If the 3Com boxes stop authenticating users because FreeRADIUS doesn't support Status-Server, then the 3com boxes are *horribly* broken. I've never heard of this before, so it might be a local config issue. I'm not *opposed* to adding Status-Server support to FreeRADIUS, but I am opposed to adding functionality unless there's a real need for it. > The problem is that now the newly upgraded authentication servers > are unable to authenticate any user from any of our Total Control > chassis and for so me reason, the original Merit/LDAP servers now > receive the following in ther logs: If Merit is broken, I cant help you there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
At 12:18 PM 10/17/2002 -0300, Guillermo Schimmel wrote: Chris Parker wrote: At 11:41 AM 10/17/2002 -0300, Guillermo Schimmel wrote: Hi list: I have to proxy some request to another's company radius, based on called-station-id. I am doing it with this line: DEFAULT Called-Station-Id == "40004009", Proxy-To-Realm := "prima" Now, the problem is that the PSTN switch that we use, (Ericsson AXE) is a piece of s..., and we receive things like: 40004009 1140004009 (11 is the area code) 12240004009 (122 is our telco code) 1221140004009 (both) And so on There is a regular expression operator that would allow you to do something like: DEFAULT Called-Station-Id =~ "*40004009$", Proxy-To-Realm := "prima" The problem with that is that I have several cities, and the numbers can contain each other, like: City 1: 400040 City 2: 40400040 So I would have to play with the order in with the expresion are evaluated, and I don't like it :) Yes, proper parsing order will be needed. :) How can I rewrite the Called-Station-Id AND Proxy-To-Realm? You could try using the ":=" operator on the second Called-Station-Id attribute. This doesn't work. There is something on "processing_users_file" that says: If an attribute is already present in the check pairlist of the request it will not be changed (see files.c:movepair). Right, so that won't work for you. Also, there is currently a new feature added to the server for 'pre-proxy' under which you could rewrite the attributes before proxying to the remote server. This is a new feature so it's not widely documented yet, but it does exist and should allow you to do what you need. So I think that this could be what I need. What can I read about this? How new is that? It is on 0.7? Or on CVS? It is in the latest CVS version. See the file 'preproxy_users' for more information. It is very basic at the moment, but it does allow you to rewrite attributes prior to proxying. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User/passwd in the log
Jean-Paul Chapalain <[EMAIL PROTECTED]> wrote: > I don't see anythink in radiusd.conf about logging user/passwd. Then read it again. Try reading the 'radiusd.conf' file BEFORE you install it, as you may have an old version already installed. > In the Usage of radiusd there two option about this '-y' and '-z' but i > don't use there. Then you've got them enabled in the configuration file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a question about the snapshot20021015
Tim <[EMAIL PROTECTED]> wrote: > When trying to "make" the below mentioned snapshot .. 20021016 .. it > fails with .. > > gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g > -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings > -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations > -Wnested-externs -I../include -c request_list.c > make[4]: *** No rule to make target `-lltdl', needed by `radiusd'. Stop. You probably told it to NOT use or install libltdl, and you don't have one on your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
Chris Parker wrote: At 11:41 AM 10/17/2002 -0300, Guillermo Schimmel wrote: Hi list: I have to proxy some request to another's company radius, based on called-station-id. I am doing it with this line: DEFAULT Called-Station-Id == "40004009", Proxy-To-Realm := "prima" Now, the problem is that the PSTN switch that we use, (Ericsson AXE) is a piece of s..., and we receive things like: 40004009 1140004009 (11 is the area code) 12240004009 (122 is our telco code) 1221140004009 (both) And so on There is a regular expression operator that would allow you to do something like: DEFAULT Called-Station-Id =~ "*40004009$", Proxy-To-Realm := "prima" The problem with that is that I have several cities, and the numbers can contain each other, like: City 1: 400040 City 2: 40400040 So I would have to play with the order in with the expresion are evaluated, and I don't like it :) Now, the other company is using radiator, and they would like to receive allways "1140004009". How can I rewrite the Called-Station-Id AND Proxy-To-Realm? You could try using the ":=" operator on the second Called-Station-Id attribute. This doesn't work. There is something on "processing_users_file" that says: If an attribute is already present in the check pairlist of the request it will not be changed (see files.c:movepair). But there is no movepair on files.c :( Also, there is currently a new feature added to the server for 'pre-proxy' under which you could rewrite the attributes before proxying to the remote server. This is a new feature so it's not widely documented yet, but it does exist and should allow you to do what you need. So I think that this could be what I need. What can I read about this? How new is that? It is on 0.7? Or on CVS? Thanks -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Status-Server and 3Com Total Control problems
We converted our radius servers from merit/ldap to freeradius/mysql. We had setup a test environment and everything worked fine in all of the tests and under much load. However, after several hours of perfect operation, all of our freeradius servers now receive the following from our Access Router Cards: rad_recv: Status-Server packet from host 216.176.146.2:1645, id=252, length=20 Ignoring request from client 216.176.146.2:1645 with unknown code 12 Which then the accounting data shows UserName "unauthenticated" attempting to authenticate which I believe is some sort of generic 3Com response or something. The problem is that now the newly upgraded authentication servers are unable to authenticate any user from any of our Total Control chassis and for some reason, the original Merit/LDAP servers now receive the following in ther logs: Thu Oct 17 10:00:30 2002: get_radrequest: NO a/v pairs from 216.176.146.2 [1645] - status-server (type 12), len = 20 Thu Oct 17 10:00:30 2002: Hex dump at 0x0x8080f88/0 for 20 bytes Thu Oct 17 10:00:30 2002: 0x0x8080f88: 0x| 0CFF0014 82E9D126 7859B64D E524E348| |...&xY.M.$.H| Thu Oct 17 10:00:30 2002: 0x0x8080f98: 0x0010| C3E52E07 | || Thu Oct 17 10:00:30 2002: child_end: DNS update finished This appears to be the same problem, but just a different error message structure. Now, nobody can authenticate from the Merit/LDAP servers either. I looked at the list archive but I didn't really find anything that I thought offered a direct resolution to my problem. Any assistance would be greatly appreciated! Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
At 11:41 AM 10/17/2002 -0300, Guillermo Schimmel wrote: Hi list: I have to proxy some request to another's company radius, based on called-station-id. I am doing it with this line: DEFAULT Called-Station-Id == "40004009", Proxy-To-Realm := "prima" Now, the problem is that the PSTN switch that we use, (Ericsson AXE) is a piece of s..., and we receive things like: 40004009 1140004009(11 is the area code) 12240004009 (122 is our telco code) 1221140004009 (both) And so on There is a regular expression operator that would allow you to do something like: DEFAULT Called-Station-Id =~ "*40004009$", Proxy-To-Realm := "prima" Now, the other company is using radiator, and they would like to receive allways "1140004009". How can I rewrite the Called-Station-Id AND Proxy-To-Realm? You could try using the ":=" operator on the second Called-Station-Id attribute. Also, there is currently a new feature added to the server for 'pre-proxy' under which you could rewrite the attributes before proxying to the remote server. This is a new feature so it's not widely documented yet, but it does exist and should allow you to do what you need. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: about accounting_stop_query ...
At 05:04 PM 10/17/2002 +0400, Do-Risika RAFIEFERANTSIARONJY wrote:
Hi everybody,
It is just an optimization question, for those who use rlm_sql.
I has the query below in my sql.conf :
accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}',
AcctMultiSessionId = '%{Acct-Multi-Session-Id}', AscendDataRate =
'%{X-Ascend-Data-Rate}', AscendXmitRate = '%{X-Ascend-Xmit-Rate}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress = '%{NAS-IP-Address}'"
With our nas (patton boxes), the SessionId values are reinitialized when
the box reboot, so I think there is a risk of having the same SessionId,
Username and NASIPAddress after each reboot, which would alter the
accounting data.
This is done by most NAS. This is why the 'acct_unique' module exists.
Please read 'radiusd/doc/rlm_acct_unique'.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous Use
At 09:07 AM 10/17/2002 -0300, Jorge Minassian wrote: Hi all !, I am having some trouble about simultaneous connnection. I can not see where would be the error on configuration, if any, and did not get nothing browsing docs, faqs, etc, that were applicable to my config. Can some one give some idea about this ?. What error messages did you receive, and what is the output from running 'radiusd -X' ( debug mode ) telling you? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd: Cannot find ELF
At 04:42 PM 10/17/2002 +0600, Nihal Piyasiri wrote: Dear members, I have compiled and installed freeradius-0.6 on solaris 8. But when I try to start radius it is saying that radiusd: Cannot find ELF Killed Can you supply the output of 'uname -a'. Also are you running in 64bit or 32bit mode kernel. Lastly, what compiler are you using? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting Issue
At 02:32 PM 10/17/2002 +1000, Scott Harris wrote:
Hi guys,
Having an accounting issue ... why does the bandwidth not get detected
everytime ... it is not being captured in sql or detailed?
Version - Freeradius 0.7.1
Radius.conf Section -
accounting {
acct_unique
detail
sql
radutmp
}
Sql.conf Section -
accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress =
'%{Framed-IP-Address}', AcctInputOctets = '%{Acct-Input-Octets}',
AcctOutputOctets = '%{Acct-Output-Packets}' WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress=
'%{NAS-IP-Address}' AND AcctStopTime = 1"
Sample of report -
Radius Log Report for: scott
Date LoginLogoutOntime Port BandWt-In/Out Total
-
07/10/2002 20:48:34 20:54:31 5m57s A11 0.0K/0.0K0h05m
07/10/2002 20:59:14 21:07:24 8m10s A11 0.0K/0.0K0h14m
08/10/2002 12:07:32 12:15:20 7m48s A11 111.2K/1.4M 0h21m
09/10/2002 13:12:39 13:19:15 6m36s A12 7.1K/1.7K0h28m
16/10/2002 21:20:53 02:17:40 296m47s A11 0.0K/0.0K5h25m
17/10/2002 06:40:48 07:29:38 48m50s A11 0.0K/0.0K6h14m
I changed my account config in radiusd.conf and added acct_unique. I also
changed the AcctStopTime from 0 to 1 in my attempts to get things working
well.
Any suggestions would be appreciated ...
Check the 'detail' files to ensure that the attributes were sent
properly by the NAS. If they are being sent properly, then you'll want
to debug the SQL functionality, to examine what SQL statements are being
executed by the Server and whether they are being properly completed by
the server.
Also note that Accouting_Update is only for interim accounting packets,
it does not affect Start or Stop packets and the queries executed when
those accounting packets are received.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with hints/users file please
Hi list: I have to proxy some request to another's company radius, based on called-station-id. I am doing it with this line: DEFAULT Called-Station-Id == "40004009", Proxy-To-Realm := "prima" Now, the problem is that the PSTN switch that we use, (Ericsson AXE) is a piece of s..., and we receive things like: 40004009 1140004009(11 is the area code) 12240004009 (122 is our telco code) 1221140004009 (both) And so on Now, the other company is using radiator, and they would like to receive allways "1140004009". How can I rewrite the Called-Station-Id AND Proxy-To-Realm? I tried things like: DEFAULT Called-Station-Id == "40004009", Called-Station-Id = "1140004009",Proxy-To-Realm := "prima" But it didn't work. The truth is that I don't really understand the users file and the "processing_users_file" it's too complicated for my english. I have also tried something with the hints file but with the same results. So freeradius guru's out there, please help me... One more time, thanks a lot for this wonderfull software and all your support. Guillermo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User/passwd in the log
In radiusd.conf, set log_auth_goodpass to no.
Also, check http://www.theradiusbook.com for the sample chapter, which
lists most of the configuration directives inside radiusd.conf
(including this query). You might do well to become familiar with it.
Jonathan Hassell
Jonathan Hassell
Jean-Paul Chapalain wrote:
I don't see anythink in radiusd.conf about logging user/passwd.
In the Usage of radiusd there two option about this '-y' and '-z' but
i don't use there.
Usage: radiusd [-a acct_dir] [-d db_dir] [-l log_dir] [-i address] [-p
port] [-AcfnsSvXxyz]
Options:
-a acct_dir use accounting directory 'acct_dir'.
-A Log auth detail.
-d db_dir Use database directory 'db_dir'.
-f Run as a foreground process, not a daemon.
-h Print this help message.
-i address Listen only in the given IP address.
-l log_dir Log messages to 'log_dir'. Special values are:
stdout == log all messages to standard output.
syslog == log all messages to the system logger.
-p port Bind to 'port', and not to the radius/udp, or 1646/udp.
-s Do not spawn child processes to handle requests.
-S Log stripped names.
-v Print server version information.
-X Turn on full debugging. (Means: -sfxxyz -l stdout)
-x Turn on partial debugging. (-xx gives more debugging).
-y Log authentication failures, with password.
-z Log authentication successes, with password.
Regards.
Mattt wrote:
On Thu, 2002-10-17 at 23:50, Jean-Paul Chapalain wrote:
Hi all,
I've a problem with log because there is Usr/passwd in trhe log.
Wow ('wow' backwards, even) - you must win some sorta prize for that
one...
Did you even know there's a config file? Hint: /path/to/radiusd.conf
There's *no* chance of me telling you which config variables :-/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User/passwd in the log
I don't see anythink in radiusd.conf about logging user/passwd.
In the Usage of radiusd there two option about this '-y' and '-z' but i
don't use there.
Usage: radiusd [-a acct_dir] [-d db_dir] [-l log_dir] [-i address] [-p
port] [-AcfnsSvXxyz]
Options:
-a acct_dir use accounting directory 'acct_dir'.
-A Log auth detail.
-d db_dir Use database directory 'db_dir'.
-f Run as a foreground process, not a daemon.
-h Print this help message.
-i address Listen only in the given IP address.
-l log_dir Log messages to 'log_dir'. Special values are:
stdout == log all messages to standard output.
syslog == log all messages to the system logger.
-p port Bind to 'port', and not to the radius/udp, or 1646/udp.
-s Do not spawn child processes to handle requests.
-S Log stripped names.
-v Print server version information.
-X Turn on full debugging. (Means: -sfxxyz -l stdout)
-x Turn on partial debugging. (-xx gives more debugging).
-y Log authentication failures, with password.
-z Log authentication successes, with password.
Regards.
Mattt wrote:
On Thu, 2002-10-17 at 23:50, Jean-Paul Chapalain wrote:
Hi all,
I've a problem with log because there is Usr/passwd in trhe log.
Wow ('wow' backwards, even) - you must win some sorta prize for that
one...
Did you even know there's a config file? Hint: /path/to/radiusd.conf
There's *no* chance of me telling you which config variables :-/
--
* Jean-Paul Chapalain - Reseaux et Systemes Distribues *
* Groupement Informatique Credit Mutuel*
* Tel : +33 298002873 Fax : +33 298284005 *
* mailto : [EMAIL PROTECTED] *
smime.p7s
Description: S/MIME Cryptographic Signature
about accounting_stop_query ...
Hi everybody,
It is just an optimization question, for those who use rlm_sql.
I has the query below in my sql.conf :
accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}',
AcctMultiSessionId = '%{Acct-Multi-Session-Id}', AscendDataRate =
'%{X-Ascend-Data-Rate}', AscendXmitRate = '%{X-Ascend-Xmit-Rate}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress = '%{NAS-IP-Address}'"
With our nas (patton boxes), the SessionId values are reinitialized when
the box reboot, so I think there is a risk of having the same SessionId,
Username and NASIPAddress after each reboot, which would alter the
accounting data.
So my questions are :
* Don't you think that it's good (especially in my case) to add some
conditions in the WHERE clause, for example : FramedIPAddress =
'%{Framed-IP-Address}'" AND NASPortId = '%{NAS-Port-Id}'" ?
* Does someone have a config like this ?
* If I add these conditions, is there a risk of dysfunction or lower
performance ?
* Is it possible to detect if the accounting_stop_query updates *more than
one records*, I think that it is important to detect these problems ...
Waiting for your comments,
Regards,
--
DouRiX \\\|///
___ \\ - - // ___ __
| _ oOOo_@ @_oOOo| _ \(_) \/ /
| | | |/ _(_) | | | |_| ) |\ /
| |_| | (_) | |_| | _ <| |/ \
|/ \___/ \_O| \_\_/_/\_\
f u cn rd ths u r usng unx
O ) /
( )(_/
\ (
\_)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User/passwd in the log
Hi all, I've a problem with log because there is Usr/passwd in trhe log. When i'm start radiusd like this : /opt/freeradius/sbin/radiusd& In radius.log : Thu Oct 17 15:04:18 2002 : Auth: Login OK: [foo/foopwd] (from client r-test port 66 cli 10.154.99.1) Thu Oct 17 15:04:26 2002 : Auth: Login OK: [$enab15$/superuser] (from client r-test port 66 cli 10.154.99.1) It's important for me to suppress this information of the log. Thank for help. -- * Jean-Paul Chapalain - Reseaux et Systemes Distribues * * Groupement Informatique Credit Mutuel* * Tel : +33 298002873 Fax : +33 298284005 * * mailto : [EMAIL PROTECTED] * smime.p7s Description: S/MIME Cryptographic Signature
Re: User/passwd in the log
On Thu, 2002-10-17 at 23:50, Jean-Paul Chapalain wrote:
> Hi all,
>
> I've a problem with log because there is Usr/passwd in trhe log.
Wow ('wow' backwards, even) - you must win some sorta prize for that
one...
Did you even know there's a config file? Hint: /path/to/radiusd.conf
There's *no* chance of me telling you which config variables :-/
--
Cheers,
Mattt. icq : 117539757
aboveNetworks www : www.above.nq4u.net
[EMAIL PROTECTED]jabber: [EMAIL PROTECTED]
What's got four legs and an arm? A happy Pit Bull...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: config info for first time user [OT]
In article <[EMAIL PROTECTED]>, Artur Hecker <[EMAIL PROTECTED]> wrote: >Miquel van Smoorenburg wrote: >> But I'm curious - what do you pay for a beer (say, a scooner) >> in the local pub nowadays ? Here it's around 1.50 - 2.00 EUR. >> (which is 20% up from last year, esp. the pubs and restaurants >> raised their prices ridiculously when the euro was introduced) > >hoho!!! you are fortunate... here, i usually pay 5-8 Euros for a pint :( I know France is expensive, esp. Paris! >let's make an international beer price table, define a VSA and put it in >the dictionary... :) seven Country = "NL", City != "Amsterdam" Beer-Price = "1.20" middie Country = "NL", City != "Amsterdam" Beer-Price = "1.50" scooner Country = "NL", City != "Amsterdam" Beer-Price = "2.00" pintCountry = "NL", City != "Amsterdam" Beer-Price = "4.00" (*) glass-sizes in Australian English Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error on radiusd.log
Hi, again :-) I am getting this following error on radiusd.log, some one could giveme some advise ? --- Error: Accounting: logout: entry for NAS nas1 port 1 has wrong ID --- Thank you all, Jorge. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Detaching from SQL (postgresql) server
Hi! After 'killall -KILL radiusd' or 'rc.radiusd stop' I notice (in postgresql log) messages like this: pq_recvbuf: unexpected EOF on client connection It's seems that radiusd does not cleanup sql module properly and connections to server are not closes in regular way (eg. via PGfinish()). What's wrong? The second -- in sql_postgresql.c sql_free_result is marked as 'not_implemented' in rlm_sql_postgresql structure, however sql_free_result function is declared and implemented. Maybe I need simply export this function in rlm_sql_postgresql structure? Calling PQclear is critical in order to avoid memory leaks. Thank you in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous Use
Hi all !,
I am having some trouble about simultaneous connnection.
I can not see where would be the error on configuration, if any, and did
not get nothing browsing docs, faqs, etc, that were applicable to my config.
Can some one give some idea about this ?.
My radiusd.conf is like what is detailed below.
Thank you very much,
Jorge.
radiusd.conf:
#-
prefix = /usr/local/freeradius
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
user = radius
group = radius
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions= yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
realm suffix {
format = suffix
delimiter = "@"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.conf
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
}
authorize {
preprocess
suffix
sql
}
authenticate {
sql
}
preacct {
preprocess
suffix
}
accounting {
sql
}
session {
sql
}
#
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
info
Hi everyone! I'd like to know : 1- which is the best OS and version between Linux and Unix that supports Freeradius 0.7.1 2- If to implement a database you can use the file system. If not which type of database I could use ? Thanks very much.
Re: users file "Huntgroup-Name !=" not working
Hi Chris, i guess the bug is at rlm_preprocess.c:huntgroup_cmp this func was call by paircmp , then in this func it call paircmp to do comparison, i suppose huntgroup_cmp shall match the huntgroup by comparing the check item with "NAS-Identifier", NAS-IP-address", "Client-IP-Address"... available in request. As long as one of the attr match, the huntgroup_cmp func shall declare as match. Since paircmp will only declare success if all check item match, therefore, we can't reuse paircmp in huntgroup_cmp directly. correct me if I am wrong. On Thu, 17 Oct 2002, CheongMeng wrote: > Hi, > > tried with today cvs, still can't work. > my configuration: > > huntgroups file: > --- > bras NAS-Identifier == "BRAS" > > users file: > --- > DEFAULT Huntgroup-Name != "bras" > Reply-Message = "test" > > DEFAULT Huntgroup-Name == "bras" > Reply-Message = "no test" > > > then I use radclient to send: > User-Name = "abc", Password = "secret", NAS-IP-Address = > 123.99.290.11, NAS-Identifier = "BRAS" > > then I got the reply: > Received response ID 7, code 2, length = 29 > Reply-Message = "test" > > but I can see from the debug message, that huntgroup of "bras" is match: > modcall[authorize]: module "ldap" returns ok > huntgroups: Matched bras at 1 > huntgroups: Matched bras at 1 > huntgroups: Matched bras at 1 > huntgroups: Matched bras at 1 > users: Matched DEFAULT at 1 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns ok > > > seem like that the radiusd treate "Huntgroup-Name !=" same as > "Huntgroup-Name ==". > > is this a bug? > > On Wed, 16 Oct 2002, Chris Parker wrote: > > > Date: Wed, 16 Oct 2002 10:06:31 -0500 > > From: Chris Parker <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Subject: Re: users file "Huntgroup-Name !=" not working > > > > At 11:56 AM 10/16/2002 +0800, CheongMeng wrote: > > >Hi, > > > > > >can't get "Huntgroup-Name !=" working in the users file. > > >tried to run in debug mode, I see it match the huntgroup line, > > >but when come to "users", the "Huntgroup-Name" didn't take effect at all. > > > > > >I am using freeradius cvs dated 31 Aug. > > > > > >found that this bug did not exist at freeradius-0.5 > > >a check on code, found that that are a lot of difference in the > > >valuepair.c:paircmp and rlm_preprocess:huntgroup_access. > > > > > >I am not sure if this is the root of the problem, > > >can some developer shed some light? > > > > Upgrade first. If you're still having the problem, we can look at it > > further. It is very hard to determine whether it's a bug that has been > > fixed or an improper configuration without running the latest release. > > > > -Chris > > -- > > \\\|||/// \ StarNet Inc. \ Chris Parker > > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > > oOo---(_)---oOo--\-- > >\ Wholesale Internet Services - http://www.megapop.net > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Cheers, > CM. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Pacific Internet ^ Voted Best Asia-Pacific ISP in 2002, 2001, 2000 & 1999 by Telecom Asia. IMPORTANT NOTICE: This message and any attachment hereto may contain privileged and/or confidential information. If you are not the intended recipient, please delete it immediately and kindly notify us by reply email. We do not assure the security of information electronically transmitted, and your communication with us through such means shall signify your acceptance of any risk attaching thereto. Conclusions and other information in this message that do not relate to the official business of Pacific Internet Limited shall be understood as neither given nor endorsed by it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running perl program
I have a database that I can access only using a Crypt http query (DES and mime64) , then I made a script to do that. To directly answer your question, can you clarify what you mean by "strange database"? Jonathan Hassell [EMAIL PROTECTED] wrote:
radiusd: Cannot find ELF
Dear members, I have compiled and installed freeradius-0.6 on solaris 8. But when I try to start radius it is saying that radiusd: Cannot find ELF Killed I refer all the list and fedup with this pls help me. thanks rdgs Nihal
Re: config info for first time user
> Message: 4 > Date: Wed, 16 Oct 2002 18:43:10 -0400 > From: Jonathan Hassell <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: config info for first time user > Reply-To: [EMAIL PROTECTED] > > There's a sample chapter called "Getting Started with FreeRADIUS" on my > website at http://www.theradiusbook.com. You might want to check there, > as I think it's a decent introduction to FreeRADIUS. > > Jonathan Hassell Thanks Jonathan It does certainly does look infinitely more useful than the typically sparse official offering. Problem with purchasing O'Reilly books in OZ is that the combination of currency exchange rate & re-seller expectation of massive markups means they typically cost over $100 here. I'll ask Amazon etc what their price is to ship here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: config info for first time user [OT]
Miquel van Smoorenburg wrote: But I'm curious - what do you pay for a beer (say, a scooner) in the local pub nowadays ? Here it's around 1.50 - 2.00 EUR. (which is 20% up from last year, esp. the pubs and restaurants raised their prices ridiculously when the euro was introduced) hoho!!! you are fortunate... here, i usually pay 5-8 Euros for a pint :( let's make an international beer price table, define a VSA and put it in the dictionary... :) ciao artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: config info for first time user [OT]
In article <10f101c27560$4ff98ce0$0300a8c0@oracle>, Doug Young <[EMAIL PROTECTED]> wrote: >The 'official' documentation is probably adequate for someone already >familiar with radius, but its totally inadequate for someone trying to >configure radius for the first time. As for the O'Reilly book, our currency >exchange rates make those things HORRIBLY expensive in OZ Still for the price of the book you can probably get 15 minutes of a consultants time, so I'd say its worth it. I've got several O'Reilly books here and they are an excellent resource. But I'm curious - what do you pay for a beer (say, a scooner) in the local pub nowadays ? Here it's around 1.50 - 2.00 EUR. (which is 20% up from last year, esp. the pubs and restaurants raised their prices ridiculously when the euro was introduced) Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and SQL/ORACLE
in the query you miss the op field. check that it is present in the DB (if you are using a recent CVS you can find the correct sql commands to create that) If you are performing a wrong query FR thinks that there isn't a connection to the DB and try to reconnect. In recents CVS there are some patches to the Oracle module. At 23.40 15/10/02, you wrote: >Hello, > >I have successfully connected to Oracle from FreeRadius but it seems that >I am unable to return the correct data to FreeRadius. I am getting the >correct logs until I make an request from the client. Here is a snippet >of the output after I make a request using the Radtest app. I have the >user 'adam' in the oracle database in both the radreply and the radcheck >tables and my oracle user has the correct privileges. What other >information must I store in order for the requests to exchange correctly. >The 'rlm_sql: failed after reconnect' below, is from the >rlm_sql_select_query call. Also I built FreeRadius with Threads and Thread >pool enabled. Thanks. > >rad_recv: Access-Request packet from host 10.11.10.24:32871, id=209, >length=54 > User-Name = "adam" > User-Password = "'<2cH\257\246\002\341!Z\300\341\263\314\240" > NAS-IP-Address = 255.255.255.255 > NAS-Port-Id = "10" >modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok >radius_xlat: 'adam' >sql_set_user: escaped user --> 'adam' >radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE >Username = 'adam' ORDER BY id' >rlm_sql: Reserving sql socket id: 4 >SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'adam' >ORDER BY id >rlm_sql: Attempting to connect #4 >rlm_sql: Connected new DB handle, #4 >SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'adam' >ORDER BY id >rlm_sql: failed after re-connect >rlm_sql_getvpdata: database query error >rlm_sql: SQL query error; rejecting user >rlm_sql: Released sql socket id: 4 > modcall[authorize]: module "sql" returns fail >modcall: group authorize returns fail >There was no response configured: rejecting request 0 >Server rejecting request 0. >Finished request 0 >Going to the next request > >-- >Adam Joncas > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- MICROSOFT: Most Intelligent Customers Realize Our Software is Only for Fools and Teenagers. --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
