some sql-statements for one value
Hello, Is there a way to define some sql-statements for one value in sql.conf, for instance: accounting_start_query = "UPDATE preauth SET currentcalls = currentcalls + 1 WHERE calledstationid REGEXP '.*%{Called-Station-Id}.*'; UPDATE radcheck SET Value = 'Accept', op = ':=' WHERE UserName = '%{Called-Station-Id}' AND Attribute = 'Auth-Type'" I will use it for ressource-accounting. I use freeradius-0.7 and mysql-3.23.51. Thanks for any answer. Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting update packets don't write into mysql database
Hi, I have a problem with accounting update packets. I use freeradius 0.5 with mysql authentification and accounting. Start- and stop-records are write correctly in the database, but when the router send accounting updates, these will not add correct into the database. In sqltrace.sql I see, that the server will do an update, but the field UserName leave blank and the update wouldn't exec. The configuration in sql.conf for UserName in sql_update are identical with sql_stop statement. Where can I find the problem? Has anybody an idea? Thanks for any help. Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration ok, Activation?
How can I find the synthax for Expiration attribute? regards Dirk Tanneberger - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 4:26 PM Subject: Re: Expiration ok, Activation? > "Andrew Kelaidis" <[EMAIL PROTECTED]> wrote: > > I am using freeRADIUS version 0.5 (stable). I have noticed that there is an > > Expiration attribute which I can use. I want to know if there is any > > Activate date (like Criston Radius) attribute > > No, but there's a Current-Time attribute > > bob Current-Time < "Oct 2, 2002", Auth-Type := Reject > Reply-Message = "You're not allowed to log in yet" > > Although I forget what the exact format of the date string is... > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad don't work with freeradius-0.5 and mysql authentication
Thank you, it works! regards Dirk Tanneberger - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 5:02 PM Subject: Re: checkrad don't work with freeradius-0.5 and mysql authentication > At 04:59 PM 4/24/2002 +0200, Dirk Tanneberger wrote: > >I have the following checkitems in radcheck-table: > >- > >id UserName AttributeValue op > >1 test password > >13test Simultaneous-Use 2 == > >- > > Simultaneous-Use needs to have the := operator, just like the examples > in the 'users' file and documentation. > > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad don't work with freeradius-0.5 and mysql authentication
I have the following checkitems in radcheck-table: - id UserName AttributeValue op 1 test password 13test Simultaneous-Use 2 == - regards Dirk Tanneberger - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 4:42 PM Subject: Re: checkrad don't work with freeradius-0.5 and mysql authentication > At 04:39 PM 4/24/2002 +0200, Dirk Tanneberger wrote: > >Hello all, > > > >I use freeradius-0.5 with mysql authentication and accounting. > >Normal authentication and accounting works fine, but > >when I use "Simutaneous-Use", it don't work. > >when I run Freeradius in debug mode, I see no entry that calling checkrad. > >I set checkrad with debugging also, but there is no entry in logfile. > >Why checkrad doesn't work? Has anybody the same problem or can help me? > > Do you have the operator set correctly? What do your checkitems look > like? > > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad don't work with freeradius-0.5 and mysql authentication
Hello all, I use freeradius-0.5 with mysql authentication and accounting. Normal authentication and accounting works fine, but when I use "Simutaneous-Use", it don't work. when I run Freeradius in debug mode, I see no entry that calling checkrad. I set checkrad with debugging also, but there is no entry in logfile. Why checkrad doesn't work? Has anybody the same problem or can help me? Thanks Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql accounting and use of called-station-id
Hello, thanks for all answer. The accounting attribute, I will check with debuging on cisco router, in order to locate the problem. My authentication problem with called -station-id is another. Authentication with one entry per user for called-station-id in radcheck-table works fine. But the probleme is, that the user comes with different called-staton-id. How can I check two or more called-station-id's per user? Or can I us wildcards? regards Dirk Tanneberger - Original Message - From: "Thomas Jalsovsky" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 8:25 AM Subject: Re: freeradius and mysql accounting and use of called-station-id > > Hello, > > if you make debugging in radius server and in Cisco ('debug > radius' :), you should find, that Cisco doesn't send this attribute in the > auth. requests, therefore you cannot make auth. decision by this > attribute. I don't know that it is possible to configure Cisco to send > this attribute, I cannot make that. > Another solution: you should write/rewrite TCL IVR script and you > can send the info (e.g. called-station-id) via Cisco VSA attribute and > your FreeRADIUS server will see this through VSAs. Take a look for > h323-ivr-in and h323-ivr-out in the TCL IVR 2 documentation. > > Regards, > Thomas > > On Thu, 11 Apr 2002, Dirk Tanneberger wrote: > > > sql.conf is o.k. and with sql tracing I see, that these values are blank. > > I think the Cisco AS5300 send not these values. > > But how can I configure AS5300 to send the parameters? > > In details-file are the following entries: > > > > Thu Apr 11 15:54:34 2002 > > NAS-IP-Address = 192.168.0.254 > > NAS-Port = 106 > > Cisco-NAS-Port = "Serial3:10" > > NAS-Port-Type = ISDN > > User-Name = "test" > > Called-Station-Id = "3552000" > > Calling-Station-Id = "3551720" > > Acct-Status-Type = Stop > > Acct-Authentic = RADIUS > > Service-Type = Framed-User > > Acct-Session-Id = "B005" > > Framed-Protocol = PPP > > Acct-Link-Count = 2 > > X-Ascend-Num-In-Multilink = 1 > > Acct-Multi-Session-Id = "14165" > > Framed-IP-Address = 193.98.116.99 > > X-Ascend-Disconnect-Cause = 45 > > X-Ascend-Pre-Input-Octets = 154 > > X-Ascend-Pre-Output-Octets = 139 > > X-Ascend-Pre-Input-Packets = 4 > > X-Ascend-Pre-Output-Packets = 5 > > Acct-Input-Octets = 666 > > Acct-Output-Octets = 394 > > Acct-Input-Packets = 26 > > Acct-Output-Packets = 19 > > X-Ascend-PreSession-Time = 1 > > Acct-Session-Time = 13 > > X-Ascend-Data-Rate = 64000 > > X-Ascend-Xmit-Rate = 64000 > > X-Ascend-Multilink-ID = 14165 > > Acct-Delay-Time = 0 > > Client-IP-Address = 192.168.1.41 > > Timestamp = 1018533274 > > > > Thanks Dirk > > > > - Original Message - > > From: "Chris Parker" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, April 11, 2002 5:27 PM > > Subject: Re: freeradius and mysql accounting and use of called-station-id > > > > > > > At 05:09 PM 4/11/2002 +0200, Dirk Tanneberger wrote: > > > >Hello all, > > > > > > > >I use freeradius 0.5 and my NAS is a Cisco AS5300. > > > >I test with freeradius and mysql since 2 weeks and I have 2 problems: > > > > > > > >The radius server writes the accounting records in the mysql-table, but > > > >the following entries leave blank for all records: > > > >++ > > > >AcctUniqueId > > > >ConnectInfo_start > > > >ConnectInfo_stop > > > >AcctTerminateCause > > > >NASPortId = 0 (for all records) > > > >++ > > > >How can I fill these parameters? > > > > > > What do you have in 'sql.conf' for the queries? Simply adding the columns > > > to the table definition will not fill them in. You must also alter your > > > sql.conf to add them if they do not exist. > > > > > > Also, make sure you are correctly calling the 'acct_unique' module in your > > > config. > > > > > > If this has been done, run the server in debugging mode, with sql tracing > > > enabled, so you can see wh
Re: freeradius and mysql accounting and use of called-station-id
sql.conf is o.k. and with sql tracing I see, that these values are blank. I think the Cisco AS5300 send not these values. But how can I configure AS5300 to send the parameters? In details-file are the following entries: Thu Apr 11 15:54:34 2002 NAS-IP-Address = 192.168.0.254 NAS-Port = 106 Cisco-NAS-Port = "Serial3:10" NAS-Port-Type = ISDN User-Name = "test" Called-Station-Id = "3552000" Calling-Station-Id = "3551720" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "B005" Framed-Protocol = PPP Acct-Link-Count = 2 X-Ascend-Num-In-Multilink = 1 Acct-Multi-Session-Id = "14165" Framed-IP-Address = 193.98.116.99 X-Ascend-Disconnect-Cause = 45 X-Ascend-Pre-Input-Octets = 154 X-Ascend-Pre-Output-Octets = 139 X-Ascend-Pre-Input-Packets = 4 X-Ascend-Pre-Output-Packets = 5 Acct-Input-Octets = 666 Acct-Output-Octets = 394 Acct-Input-Packets = 26 Acct-Output-Packets = 19 X-Ascend-PreSession-Time = 1 Acct-Session-Time = 13 X-Ascend-Data-Rate = 64000 X-Ascend-Xmit-Rate = 64000 X-Ascend-Multilink-ID = 14165 Acct-Delay-Time = 0 Client-IP-Address = 192.168.1.41 Timestamp = 1018533274 Thanks Dirk - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 11, 2002 5:27 PM Subject: Re: freeradius and mysql accounting and use of called-station-id > At 05:09 PM 4/11/2002 +0200, Dirk Tanneberger wrote: > >Hello all, > > > >I use freeradius 0.5 and my NAS is a Cisco AS5300. > >I test with freeradius and mysql since 2 weeks and I have 2 problems: > > > >The radius server writes the accounting records in the mysql-table, but > >the following entries leave blank for all records: > >++ > >AcctUniqueId > >ConnectInfo_start > >ConnectInfo_stop > >AcctTerminateCause > >NASPortId = 0 (for all records) > >++ > >How can I fill these parameters? > > What do you have in 'sql.conf' for the queries? Simply adding the columns > to the table definition will not fill them in. You must also alter your > sql.conf to add them if they do not exist. > > Also, make sure you are correctly calling the 'acct_unique' module in your > config. > > If this has been done, run the server in debugging mode, with sql tracing > enabled, so you can see what sql queries are being run. > > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and mysql accounting and use of called-station-id
Hello all, I use freeradius 0.5 and my NAS is a Cisco AS5300. I test with freeradius and mysql since 2 weeks and I have 2 problems: The radius server writes the accounting records in the mysql-table, but the following entries leave blank for all records: ++ AcctUniqueId ConnectInfo_start ConnectInfo_stop AcctTerminateCause NASPortId = 0 (for all records) ++ How can I fill these parameters? My AS5300 config: ++ aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius radius-server attribute 44 include-in-access-req radius-server attribute nas-port format c radius-server vsa send accounting ++ My second problem is the use of Called-Station-ID. Is there a way to define two or more Called-Station-Id for one user? What I mean is, that a user can dial in several services. For the first service, he called 34567 and for the second service he called 34568. When I define both, Called-Station-Id = 34567 and Called-Station-Id = 34568, dial in is not possible. The same is, when I define Called-Station-Id = 3456 or Called-Station-Id = 3456*. Can I use wildcards or what can I do to solve this problem? Thanks for any answer. regards Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL, again and again ...
Hello, I had the same problem for few day and I have fixed it with the following config: authorize { preprocess suffix sql } authenticate { } preacct { suffix preprocess } accounting { detail unix sql radutmp } Now Authentication with mysql works fine. Dirk Tanneberger - Original Message - From: "Nicolas Blanc" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 09, 2002 4:41 PM Subject: MySQL, again and again ... > Hi everybody, > > First, my freeradius daemon doesn't want any SQL module in authenticate > section, Why > > Second, even in Authorise section, my user isn't found, so I'm obliged to > add the "File" module > Someone could give me a help, give me a config, ? > > Nicolas > PS: Here are my main parameters and debug output: > - radiusd.conf (v 0.5): > authorize { > files > sql > } > authenticate { > unix > } > preacct { > suffix > files > preprocess > } > accounting { > detail > sql > } > - Radius.Radcheck: > 1 | guetali000 | Password | test > - Radius.UserGroup: > 1 | guetali000 | 200 > - Radius.RadgroupCheck > 1 | 200 | Auth-Type | Password | | > - Radius.Radgroupreply: > 1 | 200 | Service-Type | Framed-User | |0 | > > - Debug Output: > ad_recv: Access-Request packet from host 127.0.0.1:32772, id=112, length=58 > User-Name = "guetali" > ...etc etc . > rlm_sql: Pairs do not match [guetali] > rlm_sql: Released sql socket id: 4 > modcall[authorize]: module "sql" returns notfound > modcall: group authorize returns ok (BECAUSE of "guetali" MATCHES "DEFAULT" > in USERS FILE) > rad_check_password: Found Auth-Type Local (OK with "FILES" module...) > auth: type Local > auth: No password configured for the user > Login incorrect (No password configured for the user): [guetali/test] (from > nas local port 0) (OF COURSE, THE PASSWORD IS IN SQL) > auth: Failed to validate the user. > Login incorrect: [guetali/test] (from nas local port 0) > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error when using freeradius with mysl authentication
It works now. Thank you! Dirk - Original Message - From: "tywe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, April 06, 2002 12:16 AM Subject: Re: error when using freeradius with mysl authentication > Hello, > > That website you visited seems to be wrong. I had the same problem and > received the same error, so I did like the error suggests and removed 'sql' > from the 'authenticate' section, and now it works fine. > > Frank > > - Original Message - > From: "Dirk Tanneberger" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 05, 2002 5:50 AM > Subject: error when using freeradius with mysl authentication > > > > Hello all, > > > > I have installed freeradius on suse-linux 7.3 . > > I will use freeradius with mysql. > > The configuration is like http://www.frontios.com/freeradius.html . > > When I start the radiusdaemon, then the following error message is in > > radius.log: > > > > Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Driver rlm_sql_mysql loaded and > linked > > Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Attempting to connect to > root@localhost:/radius > > Fri Apr 5 10:47:05 2002 : Error: radiusd.conf: "SQL" modules aren't > allowed in 'authenticate' sections -- they have no such method. > > > > > > Here is a part of my radiusd.conf: > > > > authorize { > > preprocess > > # counter > > # attr_filter > > # eap > > suffix > > sql > > # files > > # mschap > > } > > > > authenticate { > > sql > > # pam > > # unix > > # ldap > > # mschap > > # eap > > } > > > > preacct { > > suffix > > # files > > preprocess > > } > > > > accounting { > > # acct_unique > > detail > > # counter > > unix > > sql > > radutmp > > # sradutmp > > } > > > > > > What is the problem? Can anybody help me? > > > > Thanks for answer. > > > > Dirk Tanneberger > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error when using freeradius with mysl authentication
Hello all, I have installed freeradius on suse-linux 7.3 . I will use freeradius with mysql. The configuration is like http://www.frontios.com/freeradius.html . When I start the radiusdaemon, then the following error message is in radius.log: Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Driver rlm_sql_mysql loaded and linked Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Attempting to connect to root@localhost:/radius Fri Apr 5 10:47:05 2002 : Error: radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. Here is a part of my radiusd.conf: authorize { preprocess # counter # attr_filter # eap suffix sql # files # mschap } authenticate { sql # pam # unix # ldap # mschap # eap } preacct { suffix # files preprocess } accounting { # acct_unique detail # counter unix sql radutmp # sradutmp } What is the problem? Can anybody help me? Thanks for answer. Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html