Re: '#' replaced with =23 in Called-Station-Id mysql field
Thank you very much for your quick and proffecional help. Reallt appreciate it. Best Regards, João Filipe Frade wrote: I asked the same question some time ago and i was told to hack the mysql module (i did). Edit freeradius-0.9.2/src/modules/rlm_sql/rlm_sql.c and change the strchr to include # --- if ((in[0] 32) || strchr(@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: =/, *in) == NULL) { snprintf(out, outlen, =%02X, (unsigned char) in[0]); --- So the answer to your other question should be =09 i think... Joao Frade -Original Message- From: George Chelidze [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 30 de Outubro de 2003 14:28 To: [EMAIL PROTECTED] Subject: '#' replaced with =23 in Called-Station-Id mysql field I have checked the details file and there is no replacement there, seems its done in %{Called-Station-Id} variable parsing. Is there any workaround to permit '#' as is or disable such parsing at all? If not one more question? Say Called-Station-Id contains tab, how it would be parsed =09 or =9 ? Thanks in advance. Best Regards, -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'#' replaced with =23 in Called-Station-Id mysql field
I have checked the details file and there is no replacement there, seems its done in %{Called-Station-Id} variable parsing. Is there any workaround to permit '#' as is or disable such parsing at all? If not one more question? Say Called-Station-Id contains tab, how it would be parsed =09 or =9 ? Thanks in advance. Best Regards, -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: iptables rules to permit RADIUS
Javier Santos wrote: Hello, Hello, I am running freeradius on my linux server. And i am authenticating users of my cisco router on RADIUS. i have firewall to my lunux server whit iptables. When iptables is started the radius authentication i have problem with autentication (i can not telnet into a router, access denied). i have permited tcp and udp 1812/1813 in iptables rules. Can we look at your iptables rules? the question is are there more pots to permit? thanks. !Navega con el Internet Gratis de Amnet! Descarga el Programa de Instalación: http://www.amnetsal.com/files/amnet.exe ó Visitanos en http://www.amnetsal.com Para cualquier consulta llamar al 247-8000 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attr_rewrite + h323-setup-time
Hello, I'd like to store h323-setup-time in datetime format instead of varchar(32) in MYSQL db. The format of h323-setup-time by definition is: hh:mm:ss.mmm ZON DDD MMM ## How would you solve this problem? I have decided to use attr_rewrite with ^([0-9]{2}:([0-9]{2}:[0-9]{2})\.[0-9]{3}\ [A-Z]{3}\ [A-Z][a-z]{2}\ [0-9]{1,2}\ [0-9]{4} in serachfor field, but I dont know what should be placed in replacewith. Is it possible to use substitutions like $1 or static string is permitable only? Any help would be appreciated. Thanks in advance. Best Regards, -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco-AVPair
Hello, I have recently installed freeradius 0.9.1 on my box and trying to use it as accounting server for a cisco nas. in my detail file I can see several Cisco-AVPair attributes per packet. Is it possible to insert them in MySQL database or maybe concatenate all of them and and insert in one additional field? Any configuration examples would be helpful. Thanks in advance. Best Regards, -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap-ttls pap can't work with aegis client
I have tested eap-ttls with freeradius and client is aegis, the ms-chap, ms-chap-v2 and eap-md5 is work, but it seems the pap and chap isn't work, here is the message from radiusd(using eap-ttls-pap), thanks ! rad_recv: Access-Request packet from host 192.168.102.1:1200, id=187, length=281 EAP-Message = 0x027b006c1580006217030100183a14f67f8fde6b4b1d02e5224ceccd80d3ab2425d32b17030100400fffe387d3edb5fc712b6e29492e410bbd8fb4457bf19a7bde6f4d8ebe40439da8871e1abaabf15e3783cb4ba34a97faf7fe2a8e69734e09ac105340d4a8bea6 User-Name = test NAS-Identifier = IPONE_AG2000_KT NAS-IP-Address = 192.168.102.1 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Service-Type = Framed-User Framed-MTU = 1400 Connect-Info = CONNECT 11Mbps 802.11b Calling-Station-Id = 00-60-b3-6a-38-7f Called-Station-Id = 00-07-13-40-00-7c State = 0x8675b25f15e3b78950a070be27e214c8 Message-Authenticator = 0xfe666e934d24293a78b6577a5bde650d modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module chap returns noop rlm_eap: EAP packet type response id 123 length 108 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated rlm_realm: No '@' in User-Name = test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched test at 114 modcall[authorize]: module files returns ok modcall[authorize]: module mschap returns noop modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = test User-Password = test Freeradius-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = test User-Password = test Freeradius-Proxied-To = 127.0.0.1 modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module chap returns noop rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop rlm_realm: No '@' in User-Name = test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched test at 114 modcall[authorize]: module files returns ok modcall[authorize]: module mschap returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate rlm_eap: EAP-Message not found rlm_eap: Malformed EAP Message modcall[authenticate]: module eap returns fail modcall: group authenticate returns fail auth: Failed to validate the user. TTLS: Got tunneled reply RADIUS code 3 Service-Type = Framed-User Idle-Timeout = 2000 Session-Timeout = 2 TTLS: Rejecting tunneled user rlm_eap: Handler failed in EAP type 21 rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Delaying request 35 for 1 seconds Finished request 35 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 187 to 192.168.102.1:1200 EAP-Message = 0x047b0004 Message-Authenticator = 0x -- Best Regard george ~?????0~??b+?b?¥
Rejecting authentication with SQL
Hello I'm having a very frustrating problem with the latest CVS version of FreeRADIUS (though, that's barely relevant). My porblem is that I don't know how I can design the database/configure FreeRADIUS so that I can reject the authentication of certain users, based on the reult of a random query. My problem is that I have to use an accounting system based on points, more points get used per minute during peak hours, than off peak hours. The way I'm currently doing this is by telling the NAS to send accounting updates every minute, and substracting the appropriate number of points, via accounting_update_query. The problem I'm facing is that I don't know how I can make FreeRADIUS deny authentication for a user that has less than the minimum of points. This is, probably, happening because of my poor understanding of how RADIUS and FreeRADIUS actually work, but from the available documentation (which is sparse, to say the least), I cannot figure any possible way of doing it, without using triggers in PostgreSQL, which is, imo, the ugly way of doing it. I would appreciate any input on this, including UTSL, as long as it's not a dead end. Thanks, in advance. -- Regards Birzan George Cristian pgp0.pgp Description: PGP signature
Re: Rejecting authentication with SQL
On Sun, Jul 13, 2003 at 08:46:10AM -0400, Alan DeKok wrote: rlm_counter? It adds, not subtracts, but that's easy enough to work with. That works perfectly, actually. I'm probably doing it wrong, though. I thought, why use an increasing counter, when I can just decrease the counter and check if All-Session-Time is bigger than 0. (which, btw, in the docs is named Max-All-Session-Time) The thing is, I'm thinking there are other ways of doing this, without having to use rlm_slqcounter. But, if there's nothing fundamentally wrong with it, I guess I'm going stick with it... Thanks for the suggestion. -- Regards Birzan George Cristian pgp0.pgp Description: PGP signature
RE: Subnets in clients file
I would recommend just writing a shell script to generate the clients file. --Robert R. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Pavane Sent: Friday, April 04, 2003 10:50 AM To: [EMAIL PROTECTED] Subject: Subnets in clients file I am currently looking into using Free Radius for my user authentication on my networking equipment that can not support TACACS. As such, I am going to have 100's of devices that will be authenticating off of the Radius server. Will I need to list each device's IP individually in my 'clients' file, or will I simply be able to put a network block, and the key for that entire block? Of course it's a lot easier to list 5 or 6 netblocks than to list a few hundred IP's, if everything has the same key. Thanks. -Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
REPOST: rlm_sqlcounter not working...
I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1 and am have a bit of trouble. It appears that the module is not querying the sql database... When running radius -X, I get the following: rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module allcounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module dailycounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module monthlycounter returns noop The configuration directive for the modules are as follows: sqlcounter allcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' } sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } --Robert R. George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: REPOST: rlm_sqlcounter not working...
Thanks. That took care of it. --Robert R. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed H Sent: Monday, March 31, 2003 3:53 PM To: [EMAIL PROTECTED] Subject: Re: REPOST: rlm_sqlcounter not working... Hello Robert, Make sure you have a Max-Monthly-Session := 3600, for example (where 3600 is the time in seconds allowed per month) in your radgroupcheck or radcheck table. The same applies to the Max-All-Session and the Max-Daily-Session variables. Give it a shot and see if it works. Ed From: Robert R. George [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: REPOST: rlm_sqlcounter not working... Date: Mon, 31 Mar 2003 00:05:06 -0800 I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1 and am have a bit of trouble. It appears that the module is not querying the sql database... When running radius -X, I get the following: rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module allcounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module dailycounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module monthlycounter returns noop The configuration directive for the modules are as follows: sqlcounter allcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' } sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } --Robert R. George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS FreeBSD Segmentation Fault
FreeRADIUS Version 0.8.1 (FreeBSD 5.0) openssl-SNAP-20030325 Enterasys R2 AP WindowsXP Supplicant Hi, I ran into a problem with sending out the eaptls_success on FreeBSD. I got a core dump during a eaptls_compose in the file ${freeradius-0.8.1}/src/modules/rlm_eap/types/rlm_eap_tls/eap_tls.c called from eaptls_success according to the radius debug and a stack trace: rad_recv: Access-Request packet from host xxx.xxx.xxx.x:1343, id=187, length=142 Message-Authenticator = 0xef6ef7f16f408a525c8334d5bba244d1 User-Name = Administrator State = 0x033dca3d049c26e699531ec3153cdbf90fb7833ebd6278e07924ae84f0a0fec3eb42bf56 NAS-IP-Address = xxx.xxx.xxx.x NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 00-02-2d-6a-f0-05 Framed-MTU = 1000 EAP-Message = \002\007\000\006\r modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module eap returns updated rlm_realm: No '@' in User-Name = Administrator, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched Administrator at 55 modcall[authorize]: module files returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message ^^ Breakpoint 5, eaptls_compose (eap_ds=0x80e0920, reply=0xbfbfdaf0) at eap_tls.c: 511 511 *ptr++ = (uint8_t)(reply-flags 0xFF); (gdb) continue Continuing. Program received signal SIGSEGV, Segmentation fault. 0x282c5c8f in eaptls_compose (eap_ds=0x80e0920, reply=0xbfbfdaf0) at eap_tls.c: 511 511 *ptr++ = (uint8_t)(reply-flags 0xFF); (gdb) (gdb) bt #0 eaptls_compose (eap_ds=0x80e0870, reply=0xbfbfdaf0) at eap_tls.c:511 #1 0x282c56d4 in eaptls_success (eap_ds=0x80e0870) at eap_tls.c:108 #2 0x282c58ea in eaptls_ack_handler (handler=0x80e2100) at eap_tls.c:232 #3 0x282c54f1 in eaptls_authenticate (arg=0x80e0390, handler=0x80e2100) at rlm _eap_tls.c:192 #4 0x282bfd38 in eaptype_call (eap_type=13, action=INITIATE, type_list=0x80712c0, handler=0x80e2100) at eap.c:205 #5 0x282bfe73 in eaptype_select (type_list=0x80712c0, handler=0x80e2100, conft ype=0x8077420 tls) at eap.c:280 #6 0x282bf7f8 in eap_authenticate (instance=0x80e03b0, request=0x80e8500) at rlm_eap.c:200 #7 0x08054718 in module_post_auth () #8 0x080547cb in modcall () #9 0x08054751 in module_post_auth () #10 0x0805482c in modcall () #11 0x080543df in module_authenticate () #12 0x080516ec in rad_check_password () #13 0x08051aaa in rad_authenticate () #14 0x0804ce6f in rad_respond () #15 0x0804ca19 in rad_process () #16 0x0804c5b9 in main () #17 0x0804b885 in _start () The malloc() in eap_tls.c:501 behaves differently on FreeBSD 5.0 than on Linux (RH 8.0) when (reply-length - TLS_HEADER_LEN) is zero. Under FreeBSD I end up with a bad address, thus a segmentation fault. (gdb) print eap_ds-request-type.data $4 = (unsigned char *) 0x800 Error reading address 0x800: Bad address (gdb) radius1# uname -a FreeBSD radius1.cldc.howard.edu 5.0-RELEASE FreeBSD 5.0-RELEASE #0: Thu Jan 16 22:16:53 GMT 2003 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 radius1# radius1# gcc -v Using built-in specs. Configured with: FreeBSD/i386 system compiler Thread model: posix gcc version 3.2.1 [FreeBSD] 20021119 (release) radius1# This seems to be the problem so far. Does there exist a patch or an update to this particular problem with malloc() with FreeBSD? rgrds George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Session table and mysql
I use sql for my radius accounting, and they way i tell if users are online is look for a stop time of -00-00 00:00:00. Also is your code using the autoincrement fields in the database for anything? What do you mean? ---Original message recieved on: 12:27, 28-Mar--- From: David Rodgers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Radius Session table and mysql I chose sql instead of radutemp for radius sessions how do I see current users? or do I just assume that any user with a null stop time is currently logged in? Also is your code using the autoincrement fields in the database for anything? On Friday, March 28, 2003, at 01:10 PM, Jason Lixfeld wrote: Is there any built-in support for calling cards yet or do the modules still need to be home grown by whoever is interested in trying to make it work? I guess the two major issues are 1) calculating the appropriate time remaining based on variable toll rates depending on called-station-id 2) packet-of-death if your card runs dry. Is this easily accomplished out of the box? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Trouble getting rlm_sqlcounter module working...
I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1 and am have a bit of trouble. It appears that the module is not querying the sql database... When running radius -X, I get the following: rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module allcounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module dailycounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module monthlycounter returns noop The configuration directive for the modules are as follows: sqlcounter allcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' } sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } --Robert R. George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ascend Attribute in mysql
Hi, I am wondering if anyone has a patch to freeradius using mysql for radacct table in mysql to accommodate these ascend Attributes. ATTRIBUTE X-Ascend-Data-Rate 197 integer ATTRIBUTE X-Ascend-Xmit-Rate 255 integer Here is my configuration Freeradius-0.7 Mysql Sun ultra 10 Solaris 9 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius+mysql questions please
I had the same problem... I cured it by recompiling freeradius. the Make.inc file I added -lpthread to LIBS and recompiled ... it worked George L. Carden III Office 706-823-2115 Fax 706-823-2019 Home 706-798-2245 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Yu Zhang Sent: Monday, September 02, 2002 10:40 PM To: [EMAIL PROTECTED] Subject: Re: freeradius+mysql questions please Thanks for your answers anyway.I dont know whether you have succeeded with ur methods,but I failed.Now I will explain my modifications and results. Above all,i declare,that in /etc/my.cnf,I have set socket=/tmp/mysql.sock in both client and mysqld modules. First,I deleted the sql in authenticate.Then I uncomment sth like this,u can c: pap { encryption_scheme = crypt } authenticate{ authtype PAP { pap } } the others are the same. This time,I can run radiusd -X, but it still comes:Can't connect to local MYSQL server through socket '/var/lib/mysql/mysql.sock' in instantiation.and another error,Can't connect to SNMP agent with SMUX: connection refused. I want to ask,you did succeed by your way?And did you meet such problems?I really want you to help me because my boss ordered me to finish this in this week:( regards. __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: starting freeradius
Thanks this suggestion worked George L. Carden III Office 706-823-2115 Fax 706-823-2019 Home 706-798-2245 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tripolszky Zsolt Sent: Saturday, August 31, 2002 5:25 AM To: [EMAIL PROTECTED] Subject: Re: starting freeradius see message: http://lists.cistron.nl/archives/freeradius-devel/2002/07/msg00281.html if you havent done that, recompile your server On Sat, Aug 31, 2002 at 12:23:55PM +1000, Mattt wrote: On Sat, 2002-08-31 at 12:17, George Carden wrote: I must me dumb. erm, no comment ;-) Here is my configuration Sun ultra10 runing solaris 9 Mysql Freeradiusd complied ok The command radiusd -x works However I can't get radiusd to stay running as a daemon... any body have any ideas? did you try 'radiusd' ? or 'man radiusd'? -- your best bet, it would seem. George Carden -- Cheers, Mattt. icq : 117539757 Network and Tech Guy,www1 : http://www.pulse.nq4u.net Expressnet. www2 : http://www.expressnet.net.au [EMAIL PROTECTED] jabber: [EMAIL PROTECTED] I always wanted to be someone. I should have been more specific... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
starting freeradius
I must me dumb. Here is my configuration Sun ultra10 runing solaris 9 Mysql Freeradiusd complied ok The command radiusd x works However I cant get radiusd to stay running as a daemon.. any body have any ideas? George Carden
Reply in Acct-Response
Hi all. Is it possible to send any attribute in an Acct-Response? If yes, how? I have my server configured with MySql, and need to send some accounting values back to the NAS... how can I do so? Any idea is welcome. Thanx. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reply in Acct-Response
At 10:01 26/08/2002 -0400, Alan DeKok wrote: George [EMAIL PROTECTED] wrote: Is it possible to send any attribute in an Acct-Response? Read the RFC's. The answer is No. I've read that in the RFC, but as it says should or may... then I thought it was possible to do so. I have my server configured with MySql, and need to send some accounting values back to the NAS... Why? What I want to send back is an acct-session-id, which at the moment I sent in an auth response, and don't know if it's the best for do so. I generate this value in the server. An another thing for doing so, is that when the acct record is not done properly, the Freeradius sent back an Acct-Response, and I dont want that to be done, as it hasn't worked properly. Thanx very much. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute checking and adding in database
Hi all. I want to identify a user not only by the username and password but also by an machine identifier which I send as the Calling-Station-Id. When I do so, entering the machine identifier manually or telling that identifier to the network administrator before doing the first login it works properly. +-+---+++--+ | id | UserName | Attribute | Value | op | +-+---+++--+ | 106 | jorge | User-Password | aa | == | | 116 | jorge | Calling-Station-Id | 12345678 | == | +-+---+++--+ However what I want is to insert this value automatically the first time a user authenticate, so he can only connect from this machine. In this case I have put the database something like that: +-+---+++--+ | id | UserName | Attribute | Value | op | +-+---+++--+ | 106 | jorge | User-Password | aa | == | | 116 | jorge | Calling-Station-Id || += | +-+---+++--+ But it doesn't work. Is it very difficult to insert the value into the database automatically by the radius server. Which file '.c' do I have to modify the code for do such a thing? TA. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting help
Hi all. I have some doubts referring some of the attributes in accounting. The main one is the acct-status-type. What's the difference between setting it to start or on acct? I dont understand it. Can anyone explain the meanings of those values? I've read the RFC but dont understand,as there's not a lot of information. Thanx in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin
Hello list, Looks great FreeRadius, I installed the last version on a FreeBSD test it and working at least in test /text mode. The only problem is to make the Dialup_admin working. When I try to access whatever Accounting, Statistics, .. etc from the home page I get the message: ¨Fatal error: Call to unsupported or undefined function foreach() in ../conf/config.php3 on line 3¨ Yet, I have mod_PHP3, PHP4 on Apache and ofcourse MySQL. Otherwise, my main interest is to use FreeRadius for VoIP AAA in a Cisco environment. Anyone have such experience? Thanks in advance for your help, George __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
importing
is there any scipts to inport from legacy data ?? ie: detail and password files? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
user interface
Has anyone developed a user interface for freeradius so that subscribers could check their own online times? - List info/subscribe/unsubscribe? See http://wwwfreeradiusorg/list/usershtml
Off Subject
Can anyone help me with a cranky max 6000? Thx George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Off Subject
getting users connecting at 26.4 frame errors and controlled slips Mike Cathey wrote: cranky? George wrote: Can anyone help me with a cranky max 6000? Thx George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log analyzer for freeradius
just usage data total hours username total hours this month Nathan Miller wrote: if you'd provide a little detail as to what your looking for I'd be happy to help you out. monthly reports is kinda vague. What exact information are you looking for? usage? data transfer? what kinda format you want it in? At 07:42 PM 1/15/2002 -0500, you wrote: monthly reports for our dial up accts Nathan Miller wrote: mine does monthly reports.. at least how i need them to. what exactly are you looking for? At 03:12 PM 1/15/2002 -0500, you wrote: Tried that one it does what we want but doesn't do a monthly report.. and I am not a scripter - Original Message - From: Nathan Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 2:40 PM Subject: Re: Log analyzer for freeradius 0.4 http://freshmeat.net/projects/radiusreport/ it's OLD.. but it still works.. doesn't make html output, but the output it does create can easily be converted to html if ya got someone with some perl scripting knowledge. Or the text files it creates can also be displayed in web browser just fine as well with pre/pre tags. At 02:09 PM 1/15/2002 -0500, you wrote: Hey did anyone reply to this I am interested as well...using the flatfile detail format here - Original Message - From: MiikaT [EMAIL PROTECTED] To: freeradius-users [EMAIL PROTECTED] Sent: Monday, January 07, 2002 5:38 AM Subject: Log analyzer for freeradius 0.4 Are there any log analyzers, which are found working with freeradius 0.4 and they produce html output? Miika - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nathan Miller - [EMAIL PROTECTED] VISP Technologies - Building Better ISPs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nathan Miller - [EMAIL PROTECTED] VISP Technologies - Building Better ISPs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nathan Miller - [EMAIL PROTECTED] VISP Technologies - Building Better ISPs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log analyzer for freeradius 0.4
Radius logs - Original Message - From: Aleksandr Kuzminsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 2:22 PM Subject: Re: Log analyzer for freeradius 0.4 On Tue, 15 Jan 2002, George wrote: Hey did anyone reply to this I am interested as well...using the flatfile detail format here Some time ago I wrote parser for radius's detail files. It can be easy used for such log analyzer. And what are you going to analyze? Subject: Log analyzer for freeradius 0.4 Are there any log analyzers, which are found working with freeradius 0.4 and they produce html output? Miika - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Aleksandr Kuzminsky, AK476-RIPE System Administrator, AK16-UANIC ISP NBI. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log analyzer for freeradius
monthly reports for our dial up accts Nathan Miller wrote: mine does monthly reports.. at least how i need them to. what exactly are you looking for? At 03:12 PM 1/15/2002 -0500, you wrote: Tried that one it does what we want but doesn't do a monthly report.. and I am not a scripter - Original Message - From: Nathan Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 2:40 PM Subject: Re: Log analyzer for freeradius 0.4 http://freshmeat.net/projects/radiusreport/ it's OLD.. but it still works.. doesn't make html output, but the output it does create can easily be converted to html if ya got someone with some perl scripting knowledge. Or the text files it creates can also be displayed in web browser just fine as well with pre/pre tags. At 02:09 PM 1/15/2002 -0500, you wrote: Hey did anyone reply to this I am interested as well...using the flatfile detail format here - Original Message - From: MiikaT [EMAIL PROTECTED] To: freeradius-users [EMAIL PROTECTED] Sent: Monday, January 07, 2002 5:38 AM Subject: Log analyzer for freeradius 0.4 Are there any log analyzers, which are found working with freeradius 0.4 and they produce html output? Miika - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nathan Miller - [EMAIL PROTECTED] VISP Technologies - Building Better ISPs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nathan Miller - [EMAIL PROTECTED] VISP Technologies - Building Better ISPs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unix Radius NT groups
Hi all, I'm just wondering if there is a way to get all the NT groups that a user belongs to through the cistron radius? I know many radius servers allow you to query the PDC to get Does user x belong to group y but is there a way to get the complete list? Thx all George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie question - apache radius - redundancy
Hi all I just installed the mod_auth_radius-1.5.2. Beautiful piece of software. Everything works great. My question is how do I add another radius authentication server to apache's mod_auth_radius module? This way when the NT radius server fails my boxes will still continue running. TIA George Genovezos Unix System Administrator - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ascend max 6k1
works fine for me ... everythin xcept logrotate - Original Message - From: Jorge Minassian [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 10:39 PM Subject: Problem with ascend max 6k1 Hi all ! I am using freeradius 0.2 on RedHat 7.1. I am triying to get some Ascend Max 6K1 to use this radius server, but with no success at all. :-( When I radtest the server everything apears to be OK, also when I ratest it from a remote linux. But when the MAX try to access radius I get this messages in radius.log: Error: Received accounting packet from MAX with invalid signature Can any one help me, please ?. Thank you, Jorge. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html