re: sql counter xlat problem
OK, I found a bug that stoped sqlcounters working for me. Basically sql_xlat in rlm_sql is doing rlm_sql_select_query(sqlsocket,ins... ... rlm_sql_fetch_row(sqlsocket, inst) (inst-module-sql_finish_select_query)(sqlsocket, inst-config); ... row = sqlsocket-row; The problem is sqlsocket-row is freed by sql_finish_select. Below is a patch to fix this. It is against snapshot from 20021104. I checked cvs and this does not seem to fixed. --- rlm_sql.c.20021104 Mon Nov 11 11:52:25 2002 +++ rlm_sql.c Mon Nov 11 12:02:04 2002 -136,39 +136,42 return 0; } ret = rlm_sql_fetch_row(sqlsocket, inst); - (inst-module-sql_finish_select_query)(sqlsocket, inst-config); if (ret) { DEBUG(rlm_sql: SQL query did not succeed); + (inst-module-sql_finish_select_query)(sqlsocket, inst-config); sql_release_socket(inst,sqlsocket); return 0; } row = sqlsocket-row; if (row == NULL) { DEBUG(rlm_sql: SQL query did not return any results); + (inst-module-sql_finish_select_query)(sqlsocket, inst-config); sql_release_socket(inst,sqlsocket); return 0; } if (row[0] == NULL){ DEBUG(rlm_sql: row[0] returned NULL); + (inst-module-sql_finish_select_query)(sqlsocket, inst-config); sql_release_socket(inst,sqlsocket); return 0; } ret = strlen(row[0]); if (ret freespace){ DEBUG(rlm_sql: sql_xlat:: Insufficient string space); + (inst-module-sql_finish_select_query)(sqlsocket, inst-config); sql_release_socket(inst,sqlsocket); return 0; } strncpy(out,row[0],ret); DEBUG(rlm_sql: - sql_xlat finished); - + (inst-module-sql_finish_select_query)(sqlsocket, inst-config); sql_release_socket(inst,sqlsocket); return ret; } Hello, I am trying to use sqlcounter and oracle to implement download limits/quotas. I have: sqlcounter testquota { counter-name = Test-Quota-Input-Octets check-name = Test-Quota sqlmod-inst = sql key = User-Name reset = daily query = SELECT SUM(acctinputoctets) FROM radacct WHERE UserName='%{%k}' } And: DEFAULT User-Name =~ ^s[0-9]+$, Test-Quota-Input-Octets 1000, Auth-Type = Reject Reply-Message = You have used up your quota Output with -XX I get: sqlcounter_expand: 'SELECT SUM(acctinputoctets) FROM radacct WHERE UserName='%{User-Name}'' radius_xlat: 'SELECT SUM(acctinputoctets) FROM radacct WHERE UserName='s11'' sqlcounter_expand: '%{sql:SELECT SUM(acctinputoctets) FROM radacct WHERE UserName='s11'}' radius_xlat: Running registered xlat function of module sql for string 'SELECT SUM(acctinputoctets) FROM radacct WHERE UserName='s11'' rlm_sql: - sql_xlat radius_xlat: 'SELECT SUM(acctinputoctets) FROM radacct WHERE UserName='s11'' rlm_sql: Reserving sql socket id: 4 SELECT SUM(acctinputoctets) FROM radacct WHERE UserName='s11' rlm_sql: - sql_xlat finished rlm_sql: Released sql socket id: 4 radius_xlat: '?ì???ß?È~??È~??°ß?°ß?¸ß?¸ß?Àß?Àß?Èß?Èß?x~??x~??Øß?Øß?àß?àß?èß?èß?ðß?ðß?øß?øß?' This is then repeated a few times. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Negative Number
Dear all, I would like to return a negative number to RADIUS client in a VSA. The data type of the attribute is defined as 'integer'. But 'integer' for RADIUS should be an unsigned integer. Can anyone tell me how can I put a negative number in the attribute? Thanks. Joseph _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello all!
Hello All, I have AS 5300 and one BRI. Authentication for ISDN and Dialup were working locally on the AS untillwe installed a radius a radius server. Now only dial up account authenticate to radius and ISDN to not. I think we do not have correct profile set up for ISDN account on radius. Does anyone have correct profile for ISDN Radius users or know how it differ from the profile of dialup user? Ussing ppp authentication pap. Please show me. Thanks
freeradius and tls
Hi! guys, I try to use certificate on freeradius! But I got the following message. rad_recv: Access-Request packet from host 192.10.10.149:6001, id=169, length=132 User-Name = test-client NAS-IP-Address = 192.10.10.149 Called-Station-Id = 00-02-2d-48-21-7e Calling-Station-Id = 00-02-2d-1c-5a-b2 NAS-Identifier = avaya Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = \002\205\000\020\001test-client Message-Authenticator = 0xf0a44f01f0b971fd0a29f50d6897e8f6 modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns notfound modcall[authorize]: module eap returns updated rlm_realm: No '@' in User-Name = test-client, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched DEFAULT at 153 modcall[authorize]: module files returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type System auth: type System modcall: entering group authenticate rlm_unix: Attribute User-Password is required for authentication. modcall[authenticate]: module unix returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 169 to 192.10.10.149:6001 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 169 with timestamp 3dcf3bdd Nothing to do. Sleeping until we see a request. I use certificate to authorize user! why it become auth: type system? and I have use certificate! why I need password? :( -- Regard, Jeffery Huang iMining Technology Co.,Ltd. 886-2-2723-5122-11 886-2-27232287 http://www.imining.com.tw email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free 802.1X supplicant software for Win2K?
jmc_cs ´£¨ì: Hi Jeffery: I have visited the meetinghouse's homepage. But the supplicant software for Windows version need to pay. Isn't it? Sarick - Original Message - From: Jeffery Huang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 08, 2002 7:36 PM Subject: Re: Free 802.1X supplicant software for Win2K? Sarick ´£¨ì: Hi: Are there any 802.1X supplicant software for Win2K (or Win98/me)??? Can anyone advise me where I can download?? Regards Sarick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html aegis client download from http://www.mtghouse.com -- Regard, Jeffery Huang iMining Technology Co.,Ltd. 886-2-2723-5122-11 886-2-27232287 http://www.imining.com.tw email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html yes! -- Regard, Jeffery Huang iMining Technology Co.,Ltd. 886-2-2723-5122-11 886-2-27232287 http://www.imining.com.tw email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free 802.1X supplicant software for Win2K?
jmc_cs ´£¨ì: Hi Jeffery: I have visited the meetinghouse's homepage. But the supplicant software for Windows version need to pay. Isn't it? Sarick - Original Message - From: Jeffery Huang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 08, 2002 7:36 PM Subject: Re: Free 802.1X supplicant software for Win2K? Sarick ´£¨ì: Hi: Are there any 802.1X supplicant software for Win2K (or Win98/me)??? Can anyone advise me where I can download?? Regards Sarick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html aegis client download from http://www.mtghouse.com -- Regard, Jeffery Huang iMining Technology Co.,Ltd. 886-2-2723-5122-11 886-2-27232287 http://www.imining.com.tw email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html yes! you can free try for 15 days! -- Regard, Jeffery Huang iMining Technology Co.,Ltd. 886-2-2723-5122-11 886-2-27232287 http://www.imining.com.tw email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Questing re: conditional syntax for variables
Hello, Am trying to do ldap xlats in sql.conf: sql_user_name= %{serverXldap:ldap:///o=abc?uid?sub?(|(uid=%{User-Name}))} This works find but it does not give the level of redundancy I wish. I have tried to use conditional syntax for the xlats: sql_user_name = %{serverXldap:ldap:///o=abc?uid?sub?(|(uid=%{User-Name})(cn=%{User-Name})):-%{serverYldap:ldap:///o=abc?uid?sub?(|(uid=%{User-Name})(cn=%{User-Name}))}:-%{User-Name}} This does not work - I end up with usernameusername:-username Any clues? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello All,
Hello All, I have AS 5300 and one BRI. Authentication for ISDN and Dialup were working locally on the AS untill we installed a radius a radius server. Now only dial up account authenticate to radius and ISDN to not. I think we do not have correct profile set up for ISDN account on radius. Does anyone have correct profile for ISDN Radius users or know how it differ from the profile of dialup user? Ussing ppp authentication pap. Please show me. Thanks hoaitrang e-mail: [EMAIL PROTECTED] -- Visit: http://www.netcenter.vn/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Vendor Specific Attributes..
On Sun, Nov 10, 2002 at 11:33:44PM +, Gbenga wrote: I have freeradius server running on Solaris 8, authenticating off MySQL and all is working fine at moment. But I want to implement Cisco AVPair attributes on some of the users. Specifically the users that belongs to the administrator group in my user file. I read that I can implement Cisco AVPair and the users will automatically be dropped into privileged mode whenever they log into the router. The AV-Pair in question is cisco-avpair=shell-priv-lvl=15. My question is how do I add these to the user/group profile in the user table(s). Some example of where this will go in the sql table will be appreciated. Just add to radgroupreply table attribute Cisco-AVPair withe desired value, eg: ip:addr-pool=inet etc. and have the op field set to +=, so you may have more than one cisco VSA. -- Best regards, Alexey Chetroi --- Smile... Tomorrow will be worse. (c) Murphy's law - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html