Re: broadband account
Is the NAS sending correct values to radius, which radius is dropping? Without a packet analyzer, I don't know yet. The value of the integer under my current server is unsigned long, but it's registering 2GB max (unsigned long is 4GB if memory serves?) Thus, my confusion. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius with Oracle backend
Hi, I am getting some problems during compilation of freeradius with the Oracle Backend. Oracle and it's dev files are installed in /usr/local/oracle, /usr/lib, /usr/include The used version of freeradius is the latest snapshot, the oracle libs are version 8i, the system is running debian testing/unstable, with gcc version 2.95.4 20011002 (Debian prerelease). During compilation the following errors keep comming up: Making static in rlm_sql_oracle... make[11]: Entering directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers/rlm_sql_oracle' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../.. -I../../../../include -c sql_oracle.c -o sql_oracle.o In file included from /usr/include/ori.h:495, from /usr/include/oci.h:1656, from sql_oracle.c:15: /usr/include/ort.h:2647: warning: declaration of `version' shadows global declaration In file included from /usr/include/oci.h:1660, from sql_oracle.c:15: /usr/include/orl.h:3232: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3315: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3776: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3806: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3841: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3871: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3901: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3936: warning: declaration of `index' shadows global declaration In file included from /usr/include/oci.h:1673, from sql_oracle.c:15: /usr/include/ociap.h:5561: warning: declaration of `index' shadows global declaration /usr/include/ociap.h:5565: warning: declaration of `index' shadows global declaration /usr/include/ociap.h:5913: warning: declaration of `version' shadows global declaration /usr/include/ociap.h:6307: warning: declaration of `index' shadows global declaration /usr/include/ociap.h:8855: warning: declaration of `timezone' shadows global declaration sql_oracle.c: In function `sql_select_query': sql_oracle.c:301: `SQLT_AFV' undeclared (first use in this function) sql_oracle.c:301: (Each undeclared identifier is reported only once sql_oracle.c:301: for each function it appears in.) make[11]: *** [sql_oracle.o] Error 1make[11]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers/rlm_sql_oracle' make[10]: *** [common] Error 1 make[10]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers' make[9]: *** [static] Error 2 make[9]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers' make[8]: *** [common] Error 1 make[8]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql' make[7]: *** [static] Error 2 make[7]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql' make[6]: *** [common] Error 1 make[6]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules' make[5]: *** [all] Error 2 make[5]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules' make[4]: *** [common] Error 1 make[4]: Leaving directory `/root/freeradius-snapshot-20021202/src' make[3]: *** [all] Error 2 make[3]: Leaving directory `/root/freeradius-snapshot-20021202/src' make[2]: *** [common] Error 1 make[2]: Leaving directory `/root/freeradius-snapshot-20021202' make[1]: *** [all] Error 2 make[1]: Leaving directory `/root/freeradius-snapshot-20021202' make: *** [build] Error 2 radius-harvester:~/freeradius-snapshot-20021202# With Regards, Tom Mulder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Hi Steve, Maybe your Cisco hardware supports RADIUS Extensions (RFC2869)? Then it would be possible to log the Acct-Input-Gigawords / Acct-Output-Gigawords attributes. This should make it possible to account 2^32*2^32 bytes input and output traffic.?! For more info: http://www.freeradius.org/rfc/rfc2869.html Joost Brian Johnson wrote: If u were running freeradius in debug ;), u could see what was being received by the freeradius server and the insert query that was run to insert the data. Yes, but if freeradius takes the packet and then truncates that packet for the log to 2GB, then I'm still screwed. I'd need to analyze an actual ethernet packet dump of the record coming in. What I'm now thinking of is the cisco aaa accounting update periodic directive. Maybe that's a solver, although it's sure to build me some BIG logs. Good thing I have a big DB server. Has anyone used this command? Does data from one STOP record carry to the next record, or is it cumulative? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Sorry, I'm not quite sure what all this means so assuming the nas doesn't roll over at 2GB, how much can FR support? 4GB? On Mon, 2002-12-02 at 11:46, Alan DeKok wrote: Miquel van Smoorenburg [EMAIL PROTECTED] wrote: RFC2866 integer 32 bit unsigned value, most significant octet first. Whoops, you're right. I should have checked the RFC's first. And the code for FreeRADIUS treats 'integer' type attributes as unsigned ints, so I *doubly* should have clued in. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards, Jason A. LixfeldFastvibe Corporation Senior IP Network Engineer 220-156 Front St. W [EMAIL PROTECTED] Toronto, ON M5V-2L6 - tel://416.341.0099:223 fax://416.341.0088 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
One user with several Passwords / Configs
Hi, i am plannung a radius setup for a cisco dialin router, where a dialin user can choose between different setups by using different passwords. Is a configuration like this valid for a freeradius server? - nutest Passwort = pass1, NAS-IP-Adress = 192.168.0.2 Service-Type = Framed-User ... (configuration 1) nutest Passwort = pass2, NAS-IP-Adress = 192.168.0.2 ... (configuration 2) --- I have no test setup yet to make a real life test yet. Thank you for your help, Matthias Lange -- Matthias Lange, Dipl.-Ing. (FH) NetUSE AG Dr.-Hell-Straße Fon: +49 431 38643500 http://www.netuse.de/ D-24107 Kiel, Germany Fax: +49 431 38643599 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Defining local groups
Is it possible to setup user groups for users defined in users file. i.e. a seperate local groups file defining users against groups. I am using groups under mysql and system, but was wondering if this can be done for local users. I have had a look in the documentation and the O'Reilly book, but can not find any reference to this other than for /etc/groups, Mysql and LDAP. All the best and thanks, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
modcall[accounting]: module radutmp returns noop
I get this in debug output and freeradius dont update radutmp modcall[accounting]: module radutmp returns noop What might be the problem? Evren - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Realms configuration
Currently, FreeRADIUS uses text files to define realms for proxying requests. The files are parsed and put into a list at startup, and then the core libraries use this list during runtime to lookup realm information when proxying requests. I would like to use a database (SQL?) to manage my realms, instead of the text files. The advantages are twofold: a unified repository for all my user data (ISP, IP Pools, local usernames) and the other benefit is I could add/remove realms w/o sending a SIGHUP to the radius proxy. Before I go and change the core components within the freeradius library, has anyone else implemented this type of system before, and have a better solution? Can I get this kind of behaviour through modules? (ie, do a DB lookup, and add the result to the local list if its not already in the list etc...) Thoughts and opinions are welcome. Thank you! MV -- ~~~ Mike Varley -= SOMA Networks =- Tel: 416.977.1414 x1578 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Realms configuration
Mike Varley [EMAIL PROTECTED] wrote: I would like to use a database (SQL?) to manage my realms, instead of the text files. The advantages are twofold: a unified repository for all my user data (ISP, IP Pools, local usernames) and the other benefit is I could add/remove realms w/o sending a SIGHUP to the radius proxy. That sounds reasonable. Before I go and change the core components within the freeradius library, has anyone else implemented this type of system before, and have a better solution? Can I get this kind of behaviour through modules? (ie, do a DB lookup, and add the result to the local list if its not already in the list etc...) No, not really. The server needs a bunch of information for realms. Name, IP, port, secret, alive/dead status, etc. It's just easier if the server manages those lists itself internally, rather than doing DB calls all of the time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Realms configuration
On Mon, 2002-12-02 at 14:58, Alan DeKok wrote: Mike Varley [EMAIL PROTECTED] wrote: I would like to use a database (SQL?) to manage my realms, instead of the text files. The advantages are twofold: a unified repository for all my user data (ISP, IP Pools, local usernames) and the other benefit is I could add/remove realms w/o sending a SIGHUP to the radius proxy. That sounds reasonable. Before I go and change the core components within the freeradius library, has anyone else implemented this type of system before, and have a better solution? Can I get this kind of behaviour through modules? (ie, do a DB lookup, and add the result to the local list if its not already in the list etc...) No, not really. The server needs a bunch of information for realms. Name, IP, port, secret, alive/dead status, etc. It's just easier if the server manages those lists itself internally, rather than doing DB calls all of the time. Faster and more efficient aswell. How often is proxy information going to change, really? And SIGHUPing FreeRADIUS is not a costly affair. One solution we came up with was a compromise; changing proxy information in the Database could trigger a re-write of the realms file, and SIGHUP the FR server. The only problem here being that someone *could* inadvertently change only the realms file, SIGHUP the process, and be out of synch with the DB. Hmmm MV -- ~~~ Mike Varley -= SOMA Networks =- Tel: 416.977.1414 x1578 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Realms configuration
Mike Varley [EMAIL PROTECTED] wrote: Faster and more efficient aswell. How often is proxy information going to change, really? And SIGHUPing FreeRADIUS is not a costly affair. If everything is going well, proxy information won't change that often. If you want to have multiple fail-over realms, then the proxy information changes on every proxied request. The server has to keep track of which realms are live, which aren't, and which was the last realm it used (for round-robin). One solution we came up with was a compromise; changing proxy information in the Database could trigger a re-write of the realms file, and SIGHUP the FR server. The only problem here being that someone *could* inadvertently change only the realms file, SIGHUP the process, and be out of synch with the DB. shrug That's not a serious issue, in my opinion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to turn off SNMP
User for Free Radius mail list [EMAIL PROTECTED] wrote: SNMP is compiled into my binary but I do not wish to use it. In debug mode I keep seeing messages like: Can't connect to SNMP agent with SMUX: Connection refused Is there a way in the radiusd.conf file to turn off the SNMP agent? Grab the CVS snapshot from tomorrow, and give it a try. It should have snmp disabled by default, and you can enable it at run-time, if you care. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
4-Octet VSAs
Hi, Does FreeRADIUS support 4-octet VSA? I need to support a Nortel 4-octet VSA CVX-PPP-VJEnabled (sub-attribute type = 2233533121). So, I added it to dictionary.aptis. When I ran FreeRADIUS as a proxy, it complained about this VSA with the error Vendor specific attribute has invalid length. I checked radius.c and it seems like the code assumes a 1-byte Sub-Attribute Type or Vendor Type (except for USR) and consequently think the following byte is the Length byte. In this case the length is in the 5th octet, instead of the 2nd octet, after the Vendor ID. I commented out this part of logic to relax the checking, but I encountered some other problems. Does anyone have any idea how to make FreeRADIUS support 4-octet VSAs in proxy mode? Thanks. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem Auth radius - cisco.
Hello. I'm new in the list, and in the use of radius. I'm trying that cisco's router logged in radius, but i have the following errors: rad_recv: Access-Request packet from host 192.168.0.3:1645, id=117, length=73 NAS-IP-Address = 192.168.0.3 NAS-Port = 3 NAS-Port-Type = Virtual User-Name = jc Calling-Station-Id = 192.168.0.34 User-Password = \247\n\0245,\302|\304H\005\223\036\031\025\020 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 133 to 216.72.7.3:1645 Waking up in 4 seconds... Somebody can say me, how to solved this problem. Thanks for you help. -- JC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need help with client.config !!
Hi all , I tried to get the freeradius to work with a CN3000 wireless router from Colubris Network , it has build in function to authenticate to a radius server . I got it to work in my entire LAN when I did an entry in the client.conf for the router`s static private IP address , but I don`t have any idea how to get the radius server to work to accept any IP address , private or public. I did a search in the list for hour`s and on the web and I must admit that I am a newbie to radius. Any help would be great and sorry for my bad english Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
now checkrad is working but freeradius dont wait for its reply!
Now checkrad is working but freeradius doesnt wait for the result of checkrad before authenticating! it passes it immediately almost in half a second even though checkrad takes about 1 second to complete... I am using freebsd, can that have something to do with it? Evren - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limiting number ports to groups of users
Was this ever answered? I too, need to limit the numbers of ports available to groups of users. I'm not using sql, and don't really want to. As I run different groups on different radius servers (all nas's talk to 1 radius proxy) can I limit using radutmp? There are no clear docs on this if it is true. Thanks, Graeme Message: 13 Date: Wed, 12 Jun 2002 18:22:49 +0200 (CEST) From: Daniel Marquez-Klaka [EMAIL PROTECTED] To: freeradius-users Mail-List [EMAIL PROTECTED] Subject: Re: port limitation Reply-To: [EMAIL PROTECTED] Hi again, but isn't Simultaneous-Use only taking care about same usernames ? What i want is to limit the usable ports per customer. To explain a bit better: I'm using mysql as backend for freeradius. There is ,of cause, the usergroup table: 1 user-1 group-1 2 user-2 group-1 3 user-3 group-1 4 user-4 group-2 5 user-5 group-2 ... what i wanna archieve is to limit the usable ports per group. i.e. group-1 can use up to 10 ports, group-2 up to 1000. or did i get something wrong, Daniel On Wed, 12 Jun 2002, Alan DeKok wrote: Daniel Marquez-Klaka [EMAIL PROTECTED] wrote: hmmm, but isn't it posible that radius keeps track about how many sessions are connected for a group or dialed number, and send back an access-reject if the limit is reached ? That's what Simultaneous-Use does. But it's not perfect. e.g. It relies on getting accounting packets from the NAS. If there's a problem, then the information on the RADIUS server disagrees with what's happening on the NAS. If you have one NAS, setting 'Port-Limit=1' is preferable to Simultaneous-Use. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Network User Authentication
Hi Can I use freeRadius for authenticating (non dialin) users who want to log into my network from internet .If so How to. With Regards jeevan
RE: Network User Authentication
Use PPTP for VPN. Make sure you have configured your NAS to support VPN and the user can dial to your NAS using IP address or host name. Chhai Frontier ISP Pty Ltd Internet access in any flavour Phone: +61 8 8241 5166 Fax: +61 8 8241 5123 Web: www.frontierisp.net.au -Original Message- From: jeevan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 3 December 2002 5:09 PM To: [EMAIL PROTECTED] Subject: Network User Authentication Hi Can I use freeRadius for authenticating (non dialin) users who want to log into my network from internet .If so How to. With Regards jeevan
bugs with rlm_sql and rlm_sql_oracle
Hello, I have been having problems with freeradius 0.8 crashing for us regularly. First: we are using freeradius 0.8 with ldap authentication and sql accounting to an oracle database. I can supply config files if required. At the moment the server crashes multiple times a day. I *think* I have tracked down the problem. If a user logs in with a username 32 characters we have problems. The column is VARCHAR2 32, and so the insert/update fails (fair enough). First bug: rlm_sql_oracle.c returns SQL_DOWN. I believe it should return -1. SQL_DOWN should be for when the connection fails. This causes sql.c to try to reconnect. Second bug: In sql.c, the code (repeated multiple times but for eg in rlm_sql_query): ret = (inst-module-sql_query)(sqlsocket, inst-config, query); if (ret == SQL_DOWN) { if (connect_single_socket(sqlsocket, inst) 0) { radlog(L_ERR, rlm_sql (%s): reconnect failed, database down?, inst-config-xlat_name); return -1; } ret = (inst-module-sql_query)(sqlsocket, inst-config, query); Does not first disconnect the socket. For this reason the oracle login etc does not get deleted - (inst-module-sql_close) is not called. This is a leak and additional eventually uses up all our sql logins on the server. It would seem we cant just add sql_close_socket here because sql_close_socket does other things (sem_destroy). Does this make sense to people? I thought I would ask before trying to fix it. Particularly for the first one I need to work out when to return -1 and when SQL_DOWN. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html