some sql-statements for one value
Hello,
Is there a way to define some sql-statements for one value in sql.conf,
for instance:
accounting_start_query = "UPDATE preauth SET currentcalls = currentcalls + 1 WHERE
calledstationid REGEXP
'.*%{Called-Station-Id}.*';
UPDATE radcheck SET Value = 'Accept', op = ':=' WHERE UserName =
'%{Called-Station-Id}' AND Attribute = 'Auth-Type'"
I will use it for ressource-accounting.
I use freeradius-0.7 and mysql-3.23.51.
Thanks for any answer.
Dirk Tanneberger
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting update packets don't write into mysql database
Hi, I have a problem with accounting update packets. I use freeradius 0.5 with mysql authentification and accounting. Start- and stop-records are write correctly in the database, but when the router send accounting updates, these will not add correct into the database. In sqltrace.sql I see, that the server will do an update, but the field UserName leave blank and the update wouldn't exec. The configuration in sql.conf for UserName in sql_update are identical with sql_stop statement. Where can I find the problem? Has anybody an idea? Thanks for any help. Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration ok, Activation?
How can I find the synthax for Expiration attribute? regards Dirk Tanneberger - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 4:26 PM Subject: Re: Expiration ok, Activation? > "Andrew Kelaidis" <[EMAIL PROTECTED]> wrote: > > I am using freeRADIUS version 0.5 (stable). I have noticed that there is an > > Expiration attribute which I can use. I want to know if there is any > > Activate date (like Criston Radius) attribute > > No, but there's a Current-Time attribute > > bob Current-Time < "Oct 2, 2002", Auth-Type := Reject > Reply-Message = "You're not allowed to log in yet" > > Although I forget what the exact format of the date string is... > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad don't work with freeradius-0.5 and mysql authentication
Thank you, it works! regards Dirk Tanneberger - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 5:02 PM Subject: Re: checkrad don't work with freeradius-0.5 and mysql authentication > At 04:59 PM 4/24/2002 +0200, Dirk Tanneberger wrote: > >I have the following checkitems in radcheck-table: > >- > >id UserName AttributeValue op > >1 test password > >13test Simultaneous-Use 2 == > >- > > Simultaneous-Use needs to have the := operator, just like the examples > in the 'users' file and documentation. > > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad don't work with freeradius-0.5 and mysql authentication
I have the following checkitems in radcheck-table: - id UserName AttributeValue op 1 test password 13test Simultaneous-Use 2 == - regards Dirk Tanneberger - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 4:42 PM Subject: Re: checkrad don't work with freeradius-0.5 and mysql authentication > At 04:39 PM 4/24/2002 +0200, Dirk Tanneberger wrote: > >Hello all, > > > >I use freeradius-0.5 with mysql authentication and accounting. > >Normal authentication and accounting works fine, but > >when I use "Simutaneous-Use", it don't work. > >when I run Freeradius in debug mode, I see no entry that calling checkrad. > >I set checkrad with debugging also, but there is no entry in logfile. > >Why checkrad doesn't work? Has anybody the same problem or can help me? > > Do you have the operator set correctly? What do your checkitems look > like? > > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad don't work with freeradius-0.5 and mysql authentication
Hello all, I use freeradius-0.5 with mysql authentication and accounting. Normal authentication and accounting works fine, but when I use "Simutaneous-Use", it don't work. when I run Freeradius in debug mode, I see no entry that calling checkrad. I set checkrad with debugging also, but there is no entry in logfile. Why checkrad doesn't work? Has anybody the same problem or can help me? Thanks Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql accounting and use of called-station-id
Hello,
thanks for all answer. The accounting attribute, I will check
with debuging on cisco router, in order to locate the problem.
My authentication problem with called -station-id is another.
Authentication with one entry per user for called-station-id in radcheck-table
works fine. But the probleme is, that the user comes with different called-staton-id.
How can I check two or more called-station-id's per user? Or can I us wildcards?
regards
Dirk Tanneberger
- Original Message -
From: "Thomas Jalsovsky" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 12, 2002 8:25 AM
Subject: Re: freeradius and mysql accounting and use of called-station-id
>
> Hello,
>
> if you make debugging in radius server and in Cisco ('debug
> radius' :), you should find, that Cisco doesn't send this attribute in the
> auth. requests, therefore you cannot make auth. decision by this
> attribute. I don't know that it is possible to configure Cisco to send
> this attribute, I cannot make that.
> Another solution: you should write/rewrite TCL IVR script and you
> can send the info (e.g. called-station-id) via Cisco VSA attribute and
> your FreeRADIUS server will see this through VSAs. Take a look for
> h323-ivr-in and h323-ivr-out in the TCL IVR 2 documentation.
>
> Regards,
> Thomas
>
> On Thu, 11 Apr 2002, Dirk Tanneberger wrote:
>
> > sql.conf is o.k. and with sql tracing I see, that these values are blank.
> > I think the Cisco AS5300 send not these values.
> > But how can I configure AS5300 to send the parameters?
> > In details-file are the following entries:
> >
> > Thu Apr 11 15:54:34 2002
> > NAS-IP-Address = 192.168.0.254
> > NAS-Port = 106
> > Cisco-NAS-Port = "Serial3:10"
> > NAS-Port-Type = ISDN
> > User-Name = "test"
> > Called-Station-Id = "3552000"
> > Calling-Station-Id = "3551720"
> > Acct-Status-Type = Stop
> > Acct-Authentic = RADIUS
> > Service-Type = Framed-User
> > Acct-Session-Id = "B005"
> > Framed-Protocol = PPP
> > Acct-Link-Count = 2
> > X-Ascend-Num-In-Multilink = 1
> > Acct-Multi-Session-Id = "14165"
> > Framed-IP-Address = 193.98.116.99
> > X-Ascend-Disconnect-Cause = 45
> > X-Ascend-Pre-Input-Octets = 154
> > X-Ascend-Pre-Output-Octets = 139
> > X-Ascend-Pre-Input-Packets = 4
> > X-Ascend-Pre-Output-Packets = 5
> > Acct-Input-Octets = 666
> > Acct-Output-Octets = 394
> > Acct-Input-Packets = 26
> > Acct-Output-Packets = 19
> > X-Ascend-PreSession-Time = 1
> > Acct-Session-Time = 13
> > X-Ascend-Data-Rate = 64000
> > X-Ascend-Xmit-Rate = 64000
> > X-Ascend-Multilink-ID = 14165
> > Acct-Delay-Time = 0
> > Client-IP-Address = 192.168.1.41
> > Timestamp = 1018533274
> >
> > Thanks Dirk
> >
> > - Original Message -
> > From: "Chris Parker" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, April 11, 2002 5:27 PM
> > Subject: Re: freeradius and mysql accounting and use of called-station-id
> >
> >
> > > At 05:09 PM 4/11/2002 +0200, Dirk Tanneberger wrote:
> > > >Hello all,
> > > >
> > > >I use freeradius 0.5 and my NAS is a Cisco AS5300.
> > > >I test with freeradius and mysql since 2 weeks and I have 2 problems:
> > > >
> > > >The radius server writes the accounting records in the mysql-table, but
> > > >the following entries leave blank for all records:
> > > >++
> > > >AcctUniqueId
> > > >ConnectInfo_start
> > > >ConnectInfo_stop
> > > >AcctTerminateCause
> > > >NASPortId = 0 (for all records)
> > > >++
> > > >How can I fill these parameters?
> > >
> > > What do you have in 'sql.conf' for the queries? Simply adding the columns
> > > to the table definition will not fill them in. You must also alter your
> > > sql.conf to add them if they do not exist.
> > >
> > > Also, make sure you are correctly calling the 'acct_unique' module in your
> > > config.
> > >
> > > If this has been done, run the server in debugging mode, with sql tracing
> > > enabled, so you can see wh
Re: freeradius and mysql accounting and use of called-station-id
sql.conf is o.k. and with sql tracing I see, that these values are blank. I think the Cisco AS5300 send not these values. But how can I configure AS5300 to send the parameters? In details-file are the following entries: Thu Apr 11 15:54:34 2002 NAS-IP-Address = 192.168.0.254 NAS-Port = 106 Cisco-NAS-Port = "Serial3:10" NAS-Port-Type = ISDN User-Name = "test" Called-Station-Id = "3552000" Calling-Station-Id = "3551720" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "B005" Framed-Protocol = PPP Acct-Link-Count = 2 X-Ascend-Num-In-Multilink = 1 Acct-Multi-Session-Id = "14165" Framed-IP-Address = 193.98.116.99 X-Ascend-Disconnect-Cause = 45 X-Ascend-Pre-Input-Octets = 154 X-Ascend-Pre-Output-Octets = 139 X-Ascend-Pre-Input-Packets = 4 X-Ascend-Pre-Output-Packets = 5 Acct-Input-Octets = 666 Acct-Output-Octets = 394 Acct-Input-Packets = 26 Acct-Output-Packets = 19 X-Ascend-PreSession-Time = 1 Acct-Session-Time = 13 X-Ascend-Data-Rate = 64000 X-Ascend-Xmit-Rate = 64000 X-Ascend-Multilink-ID = 14165 Acct-Delay-Time = 0 Client-IP-Address = 192.168.1.41 Timestamp = 1018533274 Thanks Dirk - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 11, 2002 5:27 PM Subject: Re: freeradius and mysql accounting and use of called-station-id > At 05:09 PM 4/11/2002 +0200, Dirk Tanneberger wrote: > >Hello all, > > > >I use freeradius 0.5 and my NAS is a Cisco AS5300. > >I test with freeradius and mysql since 2 weeks and I have 2 problems: > > > >The radius server writes the accounting records in the mysql-table, but > >the following entries leave blank for all records: > >++ > >AcctUniqueId > >ConnectInfo_start > >ConnectInfo_stop > >AcctTerminateCause > >NASPortId = 0 (for all records) > >++ > >How can I fill these parameters? > > What do you have in 'sql.conf' for the queries? Simply adding the columns > to the table definition will not fill them in. You must also alter your > sql.conf to add them if they do not exist. > > Also, make sure you are correctly calling the 'acct_unique' module in your > config. > > If this has been done, run the server in debugging mode, with sql tracing > enabled, so you can see what sql queries are being run. > > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and mysql accounting and use of called-station-id
Hello all, I use freeradius 0.5 and my NAS is a Cisco AS5300. I test with freeradius and mysql since 2 weeks and I have 2 problems: The radius server writes the accounting records in the mysql-table, but the following entries leave blank for all records: ++ AcctUniqueId ConnectInfo_start ConnectInfo_stop AcctTerminateCause NASPortId = 0 (for all records) ++ How can I fill these parameters? My AS5300 config: ++ aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius radius-server attribute 44 include-in-access-req radius-server attribute nas-port format c radius-server vsa send accounting ++ My second problem is the use of Called-Station-ID. Is there a way to define two or more Called-Station-Id for one user? What I mean is, that a user can dial in several services. For the first service, he called 34567 and for the second service he called 34568. When I define both, Called-Station-Id = 34567 and Called-Station-Id = 34568, dial in is not possible. The same is, when I define Called-Station-Id = 3456 or Called-Station-Id = 3456*. Can I use wildcards or what can I do to solve this problem? Thanks for any answer. regards Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL, again and again ...
Hello,
I had the same problem for few day and I have fixed it with
the following config:
authorize {
preprocess
suffix
sql
}
authenticate {
}
preacct {
suffix
preprocess
}
accounting {
detail
unix
sql
radutmp
}
Now Authentication with mysql works fine.
Dirk Tanneberger
- Original Message -
From: "Nicolas Blanc" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 09, 2002 4:41 PM
Subject: MySQL, again and again ...
> Hi everybody,
>
> First, my freeradius daemon doesn't want any SQL module in authenticate
> section, Why
>
> Second, even in Authorise section, my user isn't found, so I'm obliged to
> add the "File" module
> Someone could give me a help, give me a config, ?
>
> Nicolas
> PS: Here are my main parameters and debug output:
> - radiusd.conf (v 0.5):
> authorize {
> files
> sql
> }
> authenticate {
> unix
> }
> preacct {
> suffix
> files
> preprocess
> }
> accounting {
> detail
> sql
> }
> - Radius.Radcheck:
> 1 | guetali000 | Password | test
> - Radius.UserGroup:
> 1 | guetali000 | 200
> - Radius.RadgroupCheck
> 1 | 200 | Auth-Type | Password | |
> - Radius.Radgroupreply:
> 1 | 200 | Service-Type | Framed-User | |0 |
>
> - Debug Output:
> ad_recv: Access-Request packet from host 127.0.0.1:32772, id=112, length=58
> User-Name = "guetali"
> ...etc etc .
> rlm_sql: Pairs do not match [guetali]
> rlm_sql: Released sql socket id: 4
> modcall[authorize]: module "sql" returns notfound
> modcall: group authorize returns ok (BECAUSE of "guetali" MATCHES "DEFAULT"
> in USERS FILE)
> rad_check_password: Found Auth-Type Local (OK with "FILES" module...)
> auth: type Local
> auth: No password configured for the user
> Login incorrect (No password configured for the user): [guetali/test] (from
> nas local port 0) (OF COURSE, THE PASSWORD IS IN SQL)
> auth: Failed to validate the user.
> Login incorrect: [guetali/test] (from nas local port 0)
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error when using freeradius with mysl authentication
It works now.
Thank you!
Dirk
- Original Message -
From: "tywe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, April 06, 2002 12:16 AM
Subject: Re: error when using freeradius with mysl authentication
> Hello,
>
> That website you visited seems to be wrong. I had the same problem and
> received the same error, so I did like the error suggests and removed 'sql'
> from the 'authenticate' section, and now it works fine.
>
> Frank
>
> - Original Message -
> From: "Dirk Tanneberger" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, April 05, 2002 5:50 AM
> Subject: error when using freeradius with mysl authentication
>
>
> > Hello all,
> >
> > I have installed freeradius on suse-linux 7.3 .
> > I will use freeradius with mysql.
> > The configuration is like http://www.frontios.com/freeradius.html .
> > When I start the radiusdaemon, then the following error message is in
> > radius.log:
> >
> > Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Driver rlm_sql_mysql loaded and
> linked
> > Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Attempting to connect to
> root@localhost:/radius
> > Fri Apr 5 10:47:05 2002 : Error: radiusd.conf: "SQL" modules aren't
> allowed in 'authenticate' sections -- they have no such method.
> >
> >
> > Here is a part of my radiusd.conf:
> >
> > authorize {
> > preprocess
> > # counter
> > # attr_filter
> > # eap
> > suffix
> > sql
> > # files
> > # mschap
> > }
> >
> > authenticate {
> > sql
> > # pam
> > # unix
> > # ldap
> > # mschap
> > # eap
> > }
> >
> > preacct {
> > suffix
> > # files
> > preprocess
> > }
> >
> > accounting {
> > # acct_unique
> > detail
> > # counter
> > unix
> > sql
> > radutmp
> > # sradutmp
> > }
> >
> >
> > What is the problem? Can anybody help me?
> >
> > Thanks for answer.
> >
> > Dirk Tanneberger
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error when using freeradius with mysl authentication
Hello all,
I have installed freeradius on suse-linux 7.3 .
I will use freeradius with mysql.
The configuration is like http://www.frontios.com/freeradius.html .
When I start the radiusdaemon, then the following error message is in
radius.log:
Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Driver rlm_sql_mysql loaded and linked
Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Attempting to connect to
root@localhost:/radius
Fri Apr 5 10:47:05 2002 : Error: radiusd.conf: "SQL" modules aren't allowed in
'authenticate' sections -- they have no such method.
Here is a part of my radiusd.conf:
authorize {
preprocess
# counter
# attr_filter
# eap
suffix
sql
# files
# mschap
}
authenticate {
sql
# pam
# unix
# ldap
# mschap
# eap
}
preacct {
suffix
# files
preprocess
}
accounting {
# acct_unique
detail
# counter
unix
sql
radutmp
# sradutmp
}
What is the problem? Can anybody help me?
Thanks for answer.
Dirk Tanneberger
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
