Re: VSA in freeRadius

2003-08-14 Thread Gerald Krause 
Israel Cardenas Romero schrieb:
I'm using freeRadius with OpenLDAP. I only need to know how freeRadius 
can send a Vender-specific attribute to Cisco AP...
Maybe Cisco-AVPair works? I use this feature like shown below...

dictionary.cisco:
-
ATTRIBUTE  Cisco-AVPair  1   string   Cisco
mysql db / radreply table:
--
{username}{attribute}  {op}   {value}
testuserCisco-AVPair   =lcp:interface-config=mtu 1450


--
_
Gerald Krause
Network
pop-interactive GmbH
Wendenstrasse 375
D 20537 Hamburg
fon: +49 40 822284 300
fax: +49 40 822284 111
web: pop-interactive.de
_
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: cisco as5400 dialing digits

2002-12-20 Thread Gerald Krause 
hi sunil,

i have noticed the same (using a AS5300) and found a limitation
in the create statement of the radacct table in 
[freeradius-home]/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql:

...
 CalledStationId varchar(10) NOT NULL default '',
 CallingStationId varchar(10) NOT NULL default '',
...

changing this to a bigger value then 10 works good for me. are you really
using varchar(32) here?

[EMAIL PROTECTED] wrote:

hi all,

i'm new to free radius... i've RH Linux, Freeradius 0.8, mysql for
accounting/cdr (no authentication)... and cisco as5400 as radius client.

while making calls, we can see all the attributes are displaying properly
in screen (running radius in debug mode). but in the calldetails table
(radacct) the digits of calling station and called station are truncated to
10 digits... instead of getting the whole digits. i've checked the field
names, there enough space is there (32)

can anyone help in this issue

TIA

regards
sunil


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



gerald


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: a question about the snapshot20021022

2002-10-23 Thread Gerald Krause 
Alan DeKok wrote:

Gerald Krause wrote:


I have a similar problem in the current snapshot and I wonder about this
line in the src/main/Makefile:

 radiusd: $(SERVER_OBJS) ../lib/libradius.a $(LIBLTDL) $(MODULE_OBJS)

because in Make.inc I found this:

 LIBLTDL = -lltdl

After I have removed the $(LIBLTDL) statement in the line, make runs
quite well.



  Ah.  -ltdl should be included in the list of objects to link
'radiusd', but it shouldn't be in the list of dependencies, in the
Makefile.


yep. but anyway, this goes to all freeRADIUS developers: thanx for the great
job - it's nice to work with!


Gerald


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: some help please

2002-07-09 Thread Gerald Krause 

Johnno wrote:
 I have just install freeradius 0.6 and I get this when I ran
 check-radiusd-config
 
 HASH:  Reinitializing hash structures and lists for caching...
 rlm_unix:  You MUST specify a shadow password file!
 HASH:  unable to create user hash table.  disable caching and run debugs
 radiusd.conf[462]: unix: Module instantiation failed.
 
 how do I fix this..

try disabeling caching in radiusd.conf


Gerald


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Stop packet with zero session length causes auth reject?

2002-06-23 Thread Gerald Krause 

tywe wrote:
 
 Hello,
 
 I just had a customer cancel because they said that they could not log on
 for days (and never asked for help with the problem). They said that it was
 giving them an invalid username/password error even though they retyped it
 many times.
 
 Anyhow, I looked in the radius.log and see no auth rejects, only Login OK's.
 But, on the days that they are complaining about, I see the Stop packet
 error like this:
 
 Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas
 port 7171 cli 3045551212)
 Thu Jun 13 20:05:59 2002 : Error: rlm_sql:  Stop packet with zero session
 length.  (user '[EMAIL PROTECTED]', nas '12.34.56.78')

hmm, usually STOP packets where send from the NAS _after_ the login, not
before or during a auth-phase... i think the STOP packet itself is not
really the reason for the login-problem.

have you debugged your NAS to?

 Any ideas on why this would have caused the user to be rejected? I have been
 using FR 0.5 since a few days after it was released and haven't had any
 problems reported like this until now. Any suggestions will be greatly
 appreciated.

i have some other problems with 0.5 (e.g. seg-fault after the first
incomming auth request if --with-thread-pool is set) and decide to
use the current cvs snapshot - it seems to be more stable (for me).


Gerald

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Stop packet with zero session length causes auth reject?

2002-06-23 Thread Gerald Krause 

tywe wrote:
   Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas
   port 7171 cli 3045551212)
   Thu Jun 13 20:05:59 2002 : Error: rlm_sql:  Stop packet with zero session
   length.  (user '[EMAIL PROTECTED]', nas '12.34.56.78')
 
  hmm, usually STOP packets where send from the NAS _after_ the login, not
  before or during a auth-phase... i think the STOP packet itself is not
  really the reason for the login-problem.
 
 Ya, I thought it was pretty weird that the Login OK and the Stop packet were
 received at the exact same time.. hmm

Yes, ...mysterious. Maybe the remote side did not get the expected
response fast enough to complete the authentication within a proper
time and thats why the auth-phase is terminated by a ordinary timeout.
In this case the remote one can send you a STOP packet with a zero
session time to notify a authentication failure. (I use exactly this
feature on our Cisco NASes.)

Is your server (or Quests one, or the network between) sometimes a
little bit overloaded to cause such a delay?

 
  have you debugged your NAS to?
 
 Well, it's not exactly my NAS. It's one of Qwests, and it's being proxied to
 me through another radius server.

Ouuh, I pity you ;-)

 I had hoped to wait until 0.6 was released though, does anyone know an
 ETA of when that will be?

I hope soon - the cvs-snapshot report already 0.6 as version number :)


Gerald

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Acct-Stop without Acct-Start on Cisco

2002-06-21 Thread Gerald Krause 

Hi,

Fduch the Pravking wrote:
 I'll try to be clear :)
 We have Cisco 2500 with IOS 12.0(4)
 and it seems to have such bug...
 
 Some user tries to log in on this Cisco,
 and gets Access-Reject, but Cisco
 (I don't know whether it has already
 processed Access-Reject at this moment)
 sends Accounting-Stop packet for that user
 without corresponding Accounting-Start packet.
 
 Probably, this user disconnects BEFORE
 Cisco gets Access-Reject, and then it
 decided to send Stop-record...
 
 Did anybody see such problem and what are
 possible workarounds for this sutuations?

perhaps this is not a bug but rather a feature
because I have found (and want use) two nice Cisco
statements called
   aaa accounting send stop-record authentication failure
and
   aaa accounting resource default stop-failure
to log rejected login attempts and ressource problems...

My problem is that the resulting stop-records have
a AcctSessionTime of 0 and FreeRADIUS do not like
them therefore... :-/


Gerald


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html